Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista boot up virus maybe


  • This topic is locked This topic is locked
2 replies to this topic

#1 Bigdawg43078

Bigdawg43078

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 14 January 2011 - 03:22 PM

Ok here is my problem! Every time i boot i get like 100 Google chrome windows popping up> It will keep loading windows! Now when i boot if i hit the Cltr Aut Del to open task manager before i get to my desktop it does not load any? I have try resting. Google Chrome Change User file, Uninstall Both Chrome and Ie8 And did and clean install i have ran Combo Fix And also Hi jack this! i am no dummy when it come to computers but this one has me baffled!After uninstalling Both Ie8 And Chrome i rebooted and then Ran a Reg cleaner and also CCleanr. Then rebooted again and even tho i removed them Ie7 or what every it is opened a million windows again? I am clue less! Welp here is my Hi jack This log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:51:02 PM, on 1/14/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\Explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101219175327.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [Google Update] "C:\Users\ron\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: McAfee Application Installer Cleanup (0049581271184430) (0049581271184430mcinstcleanup) - - (no file)
O23 - Service: McAfee Application Installer Cleanup (0108491283899769) (0108491283899769mcinstcleanup) - - (no file)
O23 - Service: McAfee Application Installer Cleanup (0219691243454666) (0219691243454666mcinstcleanup) - - (no file)
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

--
End of file - 5492 bytes

Also here is the combofix log !!!

ComboFix 11-01-14.01 - ron 01/14/2011 16:03:08.4.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2558.1654 [GMT -5:00]
Running from: c:\users\ron\Documents\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2010-12-14 to 2011-01-14 )))))))))))))))))))))))))))))))
.

2011-01-14 21:08 . 2011-01-14 21:08 -------- d-----w- c:\users\Test\AppData\Local\temp
2011-01-14 21:08 . 2011-01-14 21:08 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-01-14 21:08 . 2011-01-14 21:08 -------- d-----w- c:\users\Michelle\AppData\Local\temp
2011-01-14 21:08 . 2011-01-14 21:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-14 06:34 . 2011-01-14 06:34 -------- d-----w- C:\found.000
2011-01-14 03:51 . 2011-01-14 03:51 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-01-14 03:50 . 2011-01-14 03:50 -------- d-----w- c:\users\ron\AppData\Local\Sunbelt Software
2011-01-14 03:49 . 2011-01-14 06:32 -------- d-----w- c:\programdata\Lavasoft
2011-01-06 22:04 . 2011-01-06 22:04 -------- d-----w- C:\found.003
2011-01-02 20:16 . 2009-07-14 17:45 132224 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2011-01-02 20:16 . 2009-07-14 17:48 567808 ----a-w- c:\windows\system32\WUDFx.dll
2011-01-02 20:16 . 2009-07-14 17:48 64512 ----a-w- c:\windows\system32\WUDFSvc.dll
2011-01-02 20:16 . 2009-07-14 17:48 39936 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2011-01-02 20:16 . 2009-07-14 17:48 162304 ----a-w- c:\windows\system32\WUDFPlatform.dll
2011-01-02 20:16 . 2009-07-14 17:45 92672 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2011-01-02 20:16 . 2009-07-14 17:45 195584 ----a-w- c:\windows\system32\WUDFHost.exe
2011-01-02 20:09 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2011-01-02 20:09 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2011-01-02 20:04 . 2011-01-02 20:09 -------- d-----w- c:\users\ron\AppData\Local\Nokia
2011-01-02 20:02 . 2008-08-26 14:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-01-02 20:02 . 2011-01-02 20:02 -------- d-----w- c:\program files\PC Connectivity Solution
2011-01-02 19:51 . 2011-01-02 19:51 -------- d-----w- c:\programdata\NokiaInstallerCache
2011-01-01 05:21 . 2010-10-16 18:55 888424 ----a-w- c:\windows\system32\nvdispco322050.dll
2011-01-01 05:21 . 2010-10-16 18:55 813672 ----a-w- c:\windows\system32\nvgenco322030.dll
2011-01-01 05:21 . 2010-10-16 18:55 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-01 05:21 . 2010-10-16 18:55 5473896 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-01-01 05:21 . 2010-10-16 18:55 4837480 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-01 05:21 . 2010-10-16 18:55 2912360 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-01 05:21 . 2010-10-16 18:55 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-01 05:21 . 2010-10-16 18:55 14899816 ----a-w- c:\windows\system32\nvoglv32.dll
2011-01-01 05:21 . 2010-10-16 18:55 13019752 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-01 05:21 . 2010-10-16 18:55 10084360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-01-01 04:46 . 2011-01-14 21:08 -------- d-----w- c:\users\ron\AppData\Local\temp
2011-01-01 03:25 . 2010-11-16 17:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A58559AA-DD21-4D2A-BE9E-8B407C1F5116}\mpengine.dll
2011-01-01 03:25 . 2010-10-19 15:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-31 21:22 . 2010-12-31 21:22 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-12-29 13:00 . 2011-01-14 03:12 -------- d-----w- C:\found.002
2010-12-27 20:37 . 2010-12-27 20:37 -------- d-----w- c:\users\Michelle\AppData\Roaming\Netscape
2010-12-27 20:20 . 2010-12-27 20:20 -------- d-----w- c:\users\Michelle\AppData\Local\Mozilla
2010-12-27 19:04 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-12-27 19:04 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-12-27 19:02 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-12-27 19:01 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-12-27 18:58 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-12-27 13:50 . 2010-12-27 21:50 -------- d-----w- C:\found.001
2010-12-23 19:47 . 2010-12-23 19:47 -------- d-----w- c:\program files\Activision
2010-12-20 01:31 . 2010-12-20 01:31 -------- d-----w- c:\users\Test\AppData\Local\Mozilla
2010-12-19 22:53 . 2010-10-14 02:28 24376 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-14 02:28 . 2010-12-19 22:53 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-12-20 697856]
"Google Update"="c:\users\ron\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-01-14 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2007-02-28 180224]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-03-30 04:46 1086856 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Name of App"=c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe r
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

R0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\System32\drivers\royal.sys [2009-06-03 240128]
R2 0049581271184430mcinstcleanup;McAfee Application Installer Cleanup (0049581271184430); [x]
R2 0108491283899769mcinstcleanup;McAfee Application Installer Cleanup (0108491283899769); [x]
R2 0219691243454666mcinstcleanup;McAfee Application Installer Cleanup (0219691243454666); [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-14 55840]
R3 cpuz130;cpuz130;c:\users\ron\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-03-30 38224]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-14 84264]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2007-11-02 18176]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2007-10-10 42112]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-06-19 23680]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-06-30 729088]
R3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\DRIVERS\PTUMWBus.sys [x]
R3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\DRIVERS\PTUMWFLT.sys [x]
R3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\DRIVERS\PTUMWMdm.sys [x]
R3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\DRIVERS\PTUMWNET.sys [x]
R3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\DRIVERS\PTUMWVsp.sys [x]
R3 SwitchBoard;SwitchBoard; [x]
R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-05 79360]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2001-06-01 717296]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-10-14 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-14 164840]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-14 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-10-14 141792]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-03-18 172328]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-14 313288]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 15:38 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2011-01-14 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 20:28]

2011-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3968960226-2984458012-682813800-1000Core.job
- c:\users\ron\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-14 09:02]

2011-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3968960226-2984458012-682813800-1000UA.job
- c:\users\ron\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-14 09:02]

2011-01-08 c:\windows\Tasks\vtscheduletask.job
- c:\program files\McAfee\Supportability\MVT\MvtApp.exe [2011-01-01 19:25]
.
.
------- Supplementary Scan -------
.
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\users\ron\AppData\Roaming\Mozilla\Firefox\Profiles\a343os40.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-14 16:08
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4316)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
.
Completion time: 2011-01-14 16:09:39
ComboFix-quarantined-files.txt 2011-01-14 21:09
ComboFix2.txt 2011-01-01 04:46
ComboFix3.txt 2010-12-27 21:12
ComboFix4.txt 2010-12-27 20:52
ComboFix5.txt 2011-01-14 20:37

Pre-Run: 329,568,694,272 bytes free
Post-Run: 329,519,566,848 bytes free

- - End Of File - - 53F020B387AE28AC18325B3239797DB1

Merged posts. ~ OB

Edited by Orange Blossom, 14 January 2011 - 06:28 PM.
Moved from Vista forum to Malware Removal Logs.


BC AdBot (Login to Remove)

 


#2 Bigdawg43078

Bigdawg43078
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 18 January 2011 - 03:30 PM

Ok got it fited! Without anyones help from this site! It was a host file virus that changes your host file to a start up proess that direct the google Exe fiel to open on bootup! and since no one wants to help i will keep this info to my self!

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:44 AM

Posted 18 January 2011 - 04:14 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users