Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I ran ComboFix & now my Bookmarklet won't work?


  • This topic is locked This topic is locked
2 replies to this topic

#1 jaristo

jaristo

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 01 June 2011 - 02:22 PM

Hello I ran combofix to get rid of the redirect virus and now my favorite bookmarklet for a facebook game called "castle age" won't work. I have used it (Bookmarklet) for two years before I got the redirect virus so I know it's safe. I was hoping someone could instruct me on how to reactivate it, here is the combofix log entries from when I ran combofix yesterday. Any help is greatly appreciated, thank you!


ComboFix 11-05-30.08 - Jonathan 05/31/2011 10:13:32.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2939.2039 [GMT -5:00]
Running from: c:\users\Jonathan\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SysWoW32
c:\programdata\SysWoW32\_u247134196v0
c:\programdata\SysWoW32\_u247134196v1
c:\programdata\SysWoW32\_u247134196v2
c:\programdata\SysWoW32\mu247134196v12
c:\programdata\SysWoW32\mu247134196v12.kwd
c:\programdata\SysWoW32\mu247134196v13
c:\programdata\SysWoW32\mu247134196v13.kwd
c:\programdata\SysWoW32\mu247134196v14
c:\programdata\SysWoW32\mu247134196v14.kwd
c:\programdata\SysWoW32\mu247134196v15
c:\programdata\SysWoW32\mu247134196v15.kwd
c:\programdata\SysWoW32\mu247134196v4
c:\programdata\SysWoW32\mu247134196v4.kwd
c:\programdata\SysWoW32\mu247134196v5
c:\programdata\SysWoW32\mu247134196v5.kwd
c:\programdata\SysWoW32\mu247134196v6
c:\programdata\SysWoW32\mu247134196v6.kwd
c:\programdata\SysWoW32\mu247134196v7
c:\programdata\SysWoW32\mu247134196v7.kwd
c:\programdata\SysWoW32\wu247134196v0
c:\programdata\SysWoW32\wu247134196v0.kwd
c:\programdata\SysWoW32\wu247134196v1
c:\programdata\SysWoW32\wu247134196v1.kwd
c:\programdata\SysWoW32\wu247134196v10
c:\programdata\SysWoW32\wu247134196v10.kwd
c:\programdata\SysWoW32\wu247134196v11
c:\programdata\SysWoW32\wu247134196v11.kwd
c:\programdata\SysWoW32\wu247134196v2
c:\programdata\SysWoW32\wu247134196v2.kwd
c:\programdata\SysWoW32\wu247134196v3
c:\programdata\SysWoW32\wu247134196v3.kwd
c:\programdata\SysWoW32\wu247134196v8
c:\programdata\SysWoW32\wu247134196v8.kwd
c:\programdata\SysWoW32\wu247134196v9
c:\programdata\SysWoW32\wu247134196v9.kwd
c:\programdata\unrar.exe
c:\users\Jonathan\AppData\Roaming\Local
c:\users\Jonathan\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Jonathan\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Jonathan\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\Jonathan\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en.divx.ddr
c:\users\Jonathan\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Jonathan\AppData\Roaming\Local\Temp\DDM\Settings\v.2009.s02e02.hdtv.xvid-2hd_ns.avi(2).ddr
c:\users\Jonathan\AppData\Roaming\Local\Temp\DDM\Settings\v.2009.s02e02.hdtv.xvid-2hd_ns.avi.ddr
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-31 )))))))))))))))))))))))))))))))
.
.
2011-05-31 15:18 . 2011-05-31 15:18 -------- d-----w- c:\users\Jonathan\AppData\Local\temp
2011-05-31 15:18 . 2011-05-31 15:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-31 15:11 . 2011-05-31 15:11 -------- d-----w- C:\32788R22FWJFW
2011-05-31 14:57 . 2011-05-31 14:57 -------- d-----w- C:\_OTL
2011-05-31 14:38 . 2011-05-31 14:51 35712 ----a-w- c:\windows\system32\drivers\BlackBox.sys
2011-05-31 14:26 . 2011-05-31 15:11 -------- d-----w- c:\programdata\STOPzilla!
2011-05-31 13:50 . 2011-05-31 13:56 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-05-31 13:49 . 2011-05-31 13:53 -------- d-----w- c:\programdata\Hitman Pro
2011-05-30 05:43 . 2011-05-31 04:19 -------- d-----w- c:\users\Jonathan\AppData\Roaming\uTorrent
2011-05-30 05:05 . 2011-05-30 06:12 -------- d-----w- c:\programdata\1262958641
2011-05-30 05:04 . 2011-05-30 05:04 -------- d-----w- c:\users\Jonathan\AppData\Local\Apple Computer
2011-05-30 05:02 . 2011-05-30 06:12 -------- d-----w- c:\programdata\1725090505
2011-05-30 05:02 . 2011-05-31 13:29 -------- d-sh--w- c:\programdata\BA6A05C00324EC12B7DF9DC6D7431893
2011-05-30 04:58 . 2011-05-30 04:58 -------- d-----w- c:\users\Jonathan\AppData\Local\Apple
2011-05-23 00:29 . 2011-05-23 00:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-22 07:58 . 2011-05-22 07:58 -------- d-----w- C:\found.007
2011-05-22 04:07 . 2011-05-22 04:07 -------- d-----w- c:\users\Jonathan\AppData\Roaming\U3
2011-05-22 03:47 . 2011-05-22 03:47 -------- d-----w- C:\found.006
2011-05-18 02:58 . 2011-05-18 02:58 -------- d-----w- c:\program files\Audacity
2011-05-18 02:22 . 2011-05-18 02:22 -------- d-----w- C:\found.005
2011-05-16 17:50 . 2011-05-16 17:50 -------- d-----w- c:\users\Jonathan\AppData\Roaming\Pantech
2011-05-16 17:04 . 2011-05-22 03:19 -------- d-----w- c:\program files\Pantech
2011-05-02 06:48 . 2011-05-02 06:48 -------- d-----w- c:\users\Jonathan\New Folder
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-14 20:57 . 2011-03-28 18:32 307200 ----a-w- c:\windows\system32\TubeFinder.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"OTL"="c:\users\Jonathan\Downloads\OTL.exe" [2011-05-31 580096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Splash.lnk - c:\windows\System32\sysprep\splash.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^B4.BAT]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\B4.BAT
backup=c:\windows\pss\B4.BAT.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2216983147-210447606-1278205401-1000]
"EnableNotificationsRef"=dword:00000001
.
R3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-21 29744]
S0 BlackBox;BlackBox SR2; [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 95967798
*Deregistered* - 95967798
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 24.159.64.23 97.81.22.195 66.189.0.100
FF - ProfilePath - c:\users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\c2grfeux.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: <![CDATA[1-ClickWeather]]>: {DCBD1271-D228-4082-9FBC-36D9B7660B03} - %profile%\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
FF - Ext: Yes popups: yespopupsV1@patheticcockroach.com - %profile%\extensions\yespopupsV1@patheticcockroach.com
FF - Ext: TinEye Reverse Image Search: tineye@ideeinc.com - %profile%\extensions\tineye@ideeinc.com
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:06 PM

Posted 09 June 2011 - 05:37 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:06 PM

Posted 13 June 2011 - 06:57 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users