Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser redirect/about:blank?


  • Please log in to reply
9 replies to this topic

#1 karenluvs2collect

karenluvs2collect

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:04 PM

Posted 01 November 2013 - 04:07 PM

I am having a issue with my IE9. I am not sure if it is infected or what the problem is. I just know that things are not right

when I go to sign into accounts that I have been for years. I am also unable to load windows features on/off. It loads to a

blank page. I have also seen about:blank quite often in my browser. I just also noticed I am unable to sign into my Etsy

account? I have noticed that the window in IE9 will flash and is really slow to load at times. I have several trial/security

and other programs that I am unable to uninstall in the normal way - including comodo firewall and geekbuddy.

 

 

 

DDS said to zip the attach file. Please see attachment.

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16514  BrowserJavaVersion: 10.40.2
Run by Drama Llama at 13:44:42 on 2013-11-01
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2550.1305 [GMT -7:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Bitdefender Firewall *Enabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\CISVC.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\System32\snmp.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mStart Page = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com
BHO: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll
uRun: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
uRun: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
dRun: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
dRun: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
dRun: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{175E3F69-E398-4EA4-8CEC-8E02AA242B4A} : DHCPNameServer = 192.168.1.1
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
x64-mStart Page = hxxp://www.toshibadirect.com/dpdstart
x64-BHO: Bitdefender Wallet : {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll
x64-Run: [Bdagent] "C:\Program Files\Bitdefender\Bitdefender\bdagent.exe"
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2013-9-19 727592]
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-8-29 14456]
R0 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2013-10-26 150256]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-6-28 52856]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2009-3-18 531968]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2013-10-26 93600]
R1 BDVEDISK;BDVEDISK;C:\Windows\System32\drivers\bdvedisk.sys [2013-9-19 76944]
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2013-6-23 30752]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 iprip;RIP Listener;C:\Windows\System32\svchost.exe -k ipripsvc [2008-1-20 27648]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe [2007-12-3 175104]
R2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [2013-10-26 67320]
R3 avchv;avchv Function Driver;C:\Windows\System32\drivers\avchv.sys [2013-5-1 261056]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2007-8-3 293376]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;C:\Windows\System32\drivers\CHDART64.sys [2008-2-1 222720]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;C:\Windows\System32\drivers\IntcHdmi.sys [2007-6-6 125440]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-3-4 5430272]
R3 O2MDRDR;O2MDRDR;C:\Windows\System32\drivers\o2mdx64.sys [2008-1-15 58328]
R3 O2SDRDR;O2SDRDR;C:\Windows\System32\drivers\o2sdx64.sys [2008-1-8 51544]
R3 QIOMem;Generic IO & Memory Access;C:\Windows\System32\drivers\QIOMem.sys [2007-4-9 9728]
R3 RDPDISPM;RDPDISPM;C:\Windows\System32\drivers\rdpdispm.sys [2010-8-31 10752]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2007-12-28 391680]
S1 ccSet_NST;Norton Safe Web Lite Settings Manager;C:\Windows\System32\drivers\NSTx64\0200000.010\ccSetx64.sys [2012-4-25 167048]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2013-9-19 601360]
S3 BDSandBox;BDSandBox;C:\Windows\System32\drivers\bdsandbox.sys [2013-9-19 82824]
S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw3v64.sys [2008-1-20 3154432]
S3 NETw4v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw4v64.sys [2007-9-26 3196416]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2010-1-24 18216]
S3 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-7-20 1022632]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-12-3 24064]
S4 BdDesktopParental;Bitdefender Desktop Parental Control;C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [2013-10-26 77120]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
S4 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2007-12-25 40960]
S4 KR10I64;KR10I64;C:\Windows\System32\drivers\KR10I64.sys [2008-2-20 248320]
S4 KR10N64;KR10N64;C:\Windows\System32\drivers\KR10N64.sys [2008-2-20 237568]
S4 SafeBox;SafeBox;C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe [2013-9-19 94624]
.
=============== File Associations ===============
.
FileExt: .ini: inifile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-10-31 02:58:53 181064 ----a-w- C:\Windows\PSEXESVC.EXE
2013-10-26 22:58:56 389240 ----a-w- C:\Windows\System32\drivers\trufos.sys
2013-10-26 22:58:25 150256 ----a-w- C:\Windows\System32\drivers\gzflt.sys
2013-10-26 22:20:51 459718 ----a-w- C:\ProgramData\1382825832.bdinstall.bin
2013-10-26 17:25:22 586007 ----a-w- C:\ProgramData\1382807440.bdinstall.bin
2013-10-17 00:10:29 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-17 00:10:29 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-10 02:44:45 80541720 ----a-w- C:\Windows\System32\mrt.exe
2013-09-19 06:43:11 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys
2013-09-12 21:05:34 450616 ----a-w- C:\Windows\System32\LavasoftProxy64.dll
2013-09-12 20:58:42 357432 ----a-w- C:\Windows\SysWow64\LavasoftProxy.dll
2013-09-11 02:39:51 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-11 02:39:49 868264 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-09-11 02:39:49 790440 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-09-11 02:39:49 264616 ----a-w- C:\Windows\SysWow64\javaws.exe
2013-09-11 02:39:49 175016 ----a-w- C:\Windows\SysWow64\javaw.exe
2013-09-11 02:39:49 175016 ----a-w- C:\Windows\SysWow64\java.exe
2013-09-03 21:35:10 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-29 07:48:37 2775552 ----a-w- C:\Windows\System32\win32k.sys
2013-08-28 20:21:48 27136 ----a-w- C:\Windows\System32\bddel.exe
2013-08-27 03:39:20 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
2013-08-27 03:39:20 287232 ----a-w- C:\Windows\System32\d3d10core.dll
2013-08-27 03:39:20 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
2013-08-27 03:39:20 1268224 ----a-w- C:\Windows\System32\d3d10.dll
2013-08-27 02:47:50 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2013-08-27 02:47:50 189952 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2013-08-27 02:47:50 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2013-08-27 02:47:50 1029120 ----a-w- C:\Windows\SysWow64\d3d10.dll
2013-08-27 02:32:30 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-08-27 02:30:51 566272 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-08-27 02:06:03 834048 ----a-w- C:\Windows\System32\d2d1.dll
2013-08-27 02:00:46 1556480 ----a-w- C:\Windows\System32\DWrite.dll
2013-08-27 02:00:46 1149952 ----a-w- C:\Windows\System32\FntCache.dll
2013-08-27 01:52:08 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-08-27 01:50:40 486400 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-08-27 01:32:20 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-08-27 01:28:36 1069056 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-08-14 17:12:17 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2013-08-13 20:38:37 3271472 ---ha-w- C:\bdr-bz02
2013-08-13 20:38:37 3271472 ---ha-w- C:\bdr-bz01
.
============= FINISH: 13:46:05.06 ===============
 

Attached Files


Edited by karenluvs2collect, 02 November 2013 - 12:28 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:04 PM

Posted 05 November 2013 - 09:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 karenluvs2collect

karenluvs2collect
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:04 PM

Posted 05 November 2013 - 03:24 PM

I appreciate your help with all of this. Thank you. Here are the reports that you requested.

 

 

 

RogueKiller V8.7.6 _x64_ [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Drama Llama [Admin rights]
Mode : Remove -- Date : 11/05/2013 10:53:48
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK2552GSX +++++
--- User ---
[MBR] 4b4753bfdcf601246bc94b2daf79f0cd
[BSP] f96ca7aeeeff47f54e330a5bcf3053b5 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 236974 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_11052013_105348.txt >>
RKreport[0]_S_11052013_105252.txt



#4 karenluvs2collect

karenluvs2collect
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:04 PM

Posted 05 November 2013 - 03:26 PM

AdwCleaner report:

 

 

 

# AdwCleaner v3.011 - Report created 05/11/2013 at 11:00:28
# Updated 03/11/2013 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : Drama Llama - TOSHIBA
# Running from : C:\Users\Drama Llama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FB12O9OE\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16514

*************************

AdwCleaner[R0].txt - [587 octets] - [05/11/2013 11:00:28]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [646 octets] ##########



#5 karenluvs2collect

karenluvs2collect
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:04 PM

Posted 05 November 2013 - 03:28 PM


JRT report:






~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows ™ Vista Home Premium x64
Ran by Drama Llama on Tue 11/05/2013 at 11:47:27.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 11/05/2013 at 11:54:31.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#6 karenluvs2collect

karenluvs2collect
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:04 PM

Posted 05 November 2013 - 03:30 PM

Combofix report:

 

 

 

 

ComboFix 13-11-04.01 - Drama Llama 11/05/2013  12:05:05.2.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2550.1083 [GMT -8:00]
Running from: c:\users\Drama Llama\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
FW: Bitdefender Firewall *Disabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
SP: Bitdefender Antispyware *Disabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1382807440.bdinstall.bin
c:\programdata\1382825832.bdinstall.bin
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-05 to 2013-11-05  )))))))))))))))))))))))))))))))
.
.
2013-11-05 20:14 . 2013-11-05 20:14 -------- d-----w- c:\users\Drama Llama\AppData\Local\temp
2013-11-05 20:14 . 2013-11-05 20:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-05 19:00 . 2013-11-05 19:03 -------- d-----w- C:\AdwCleaner
2013-11-05 18:41 . 2013-11-05 18:50 -------- d-----w- c:\windows\system32\catroot2
2013-11-05 18:26 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4B66509A-66D7-4347-BE92-8B35C083E01E}\mpengine.dll
2013-10-31 02:47 . 2013-11-05 18:11 -------- d-----w- c:\windows\system32\wbem\repository
2013-10-31 01:53 . 2013-10-31 01:53 -------- d-----w- c:\program files (x86)\Tweaking.com
2013-10-30 00:59 . 2013-10-30 00:59 -------- d-----w- c:\program files (x86)\ESET
2013-10-27 20:39 . 2013-10-27 20:39 -------- d-----w- c:\program files (x86)\Windows Live
2013-10-26 22:19 . 2013-10-26 22:26 -------- d-----w- c:\users\Drama Llama\AppData\Roaming\Bitdefender
2013-10-26 22:18 . 2013-08-13 20:38 3271472 ---ha-w- C:\bdr-bz02
2013-10-26 22:18 . 2013-10-26 22:58 389240 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-10-26 22:18 . 2013-10-26 22:58 150256 ----a-w- c:\windows\system32\drivers\gzflt.sys
2013-10-26 17:13 . 2013-08-13 20:38 3271472 ---ha-w- C:\bdr-bz01
2013-10-26 09:09 . 2013-10-26 09:09 -------- d-----w- C:\$RECYCLE(2).BIN
2013-10-25 19:14 . 2013-10-25 19:14 -------- d-----w- C:\_OTL
2013-10-24 15:58 . 2013-10-31 02:45 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2013-10-24 15:37 . 2013-10-31 02:58 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-10-22 19:04 . 2013-10-22 19:04 -------- d-----w- c:\users\Drama Llama\AppData\Roaming\Malwarebytes
2013-10-22 03:33 . 2013-10-22 03:33 -------- d-----w- c:\windows\ERUNT
2013-10-22 01:33 . 2013-10-22 01:33 -------- d-----w- c:\programdata\Malwarebytes
2013-10-22 01:33 . 2013-10-26 08:54 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-10-21 20:19 . 2013-10-21 20:19 -------- d-----w- C:\FRST
2013-10-17 00:59 . 2013-10-17 00:59 -------- d-----w- c:\users\Drama Llama\AppData\Roaming\Absolute Uninstaller
2013-10-17 00:44 . 2013-10-18 03:51 -------- d-----w- c:\users\Drama Llama\AppData\Roaming\GlarySoft
2013-10-17 00:10 . 2013-10-17 00:10 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-17 00:10 . 2013-10-17 00:10 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-16 20:48 . 2013-10-16 20:48 -------- d-----w- c:\users\Drama Llama\AppData\Roaming\SUPERAntiSpyware.com
2013-10-15 17:02 . 2013-10-17 00:15 -------- d-----w- c:\users\Drama Llama\AppData\Roaming\SlimCleaner
2013-10-12 21:08 . 2013-10-12 21:08 -------- d-----w- c:\users\Drama Llama\AppData\Local\SlimWare Utilities Inc
2013-10-12 21:08 . 2013-10-12 21:09 -------- d-----w- c:\program files (x86)\SlimCleaner
2013-10-11 21:41 . 2013-10-21 04:49 -------- d-----w- c:\program files (x86)\Google
2013-10-11 21:41 . 2013-10-16 23:54 -------- d-----w- c:\users\Drama Llama\AppData\Local\Google
2013-10-10 01:00 . 2013-08-29 07:48 2775552 ----a-w- c:\windows\system32\win32k.sys
2013-10-10 01:00 . 2013-08-01 04:10 901568 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-10-10 01:00 . 2013-08-01 03:37 47104 ----a-w- c:\windows\system32\cdd.dll
2013-10-10 00:58 . 2013-07-20 10:44 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 00:58 . 2013-07-20 10:45 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 00:58 . 2013-07-04 04:13 633856 ----a-w- c:\windows\system32\comctl32.dll
2013-10-10 00:58 . 2013-07-04 04:21 532480 ----a-w- c:\windows\SysWow64\comctl32.dll
2013-10-10 00:58 . 2013-06-26 23:00 785624 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-10-10 00:58 . 2013-06-29 02:25 274944 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-10 00:58 . 2013-06-29 02:25 95744 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-10 00:58 . 2013-06-29 02:25 259584 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-10 00:58 . 2013-06-29 02:25 7552 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-10-10 00:58 . 2011-05-05 14:17 49664 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-10 00:58 . 2011-05-05 14:17 29184 ----a-w- c:\windows\system32\drivers\usbuhci.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-10 02:44 . 2006-11-02 12:35 80541720 ----a-w- c:\windows\system32\mrt.exe
2013-09-28 06:20 . 2013-09-28 06:20 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-09-19 06:43 . 2013-08-29 22:36 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-09-12 21:05 . 2013-09-13 07:57 450616 ----a-w- c:\windows\system32\LavasoftProxy64.dll
2013-09-12 20:58 . 2013-09-13 07:57 357432 ----a-w- c:\windows\SysWow64\LavasoftProxy.dll
2013-09-11 02:39 . 2013-09-11 02:40 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-11 02:39 . 2012-08-27 19:54 868264 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-09-11 02:39 . 2011-12-02 20:59 790440 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-09-03 21:35 . 2010-02-02 16:24 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-08-28 20:21 . 2013-08-28 20:20 27136 ----a-w- c:\windows\system32\bddel.exe
2013-08-14 17:12 . 2013-08-14 17:12 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2013-10-30 564256]
"Bitdefender Wallet Application Agent"="c:\program files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" [2013-10-30 621448]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2013-10-30 564256]
"Bitdefender Wallet"="c:\program files\Bitdefender\Bitdefender\pwdmanui.exe" [2013-10-30 1004608]
"Bitdefender Wallet Application Agent"="c:\program files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" [2013-10-30 621448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ    w3svc was
apphost REG_MULTI_SZ    apphostsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-17 00:10]
.
2013-10-13 c:\windows\Tasks\SlimCleaner Run.job
- c:\program files (x86)\SlimCleaner\SlimCleaner.exe [2013-07-10 16:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2013-07-08 22:59 206352 ------w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2013-07-08 22:59 206352 ------w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2013-07-08 22:59 206352 ------w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2013-07-08 22:59 206352 ------w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bdagent"="c:\program files\Bitdefender\Bitdefender\bdagent.exe" [2013-10-30 1738968]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2013-11-05  12:19:37
ComboFix-quarantined-files.txt  2013-11-05 20:19
ComboFix2.txt  2013-10-26 09:09
.
Pre-Run: 100,090,376,192 bytes free
Post-Run: 100,004,761,600 bytes free
.
- - End Of File - - 4981FDF8E930D85A77E038CBC23A5DD3
5B5E648D12FCADC244C1EC30318E1EB9
 



#7 karenluvs2collect

karenluvs2collect
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:04 PM

Posted 05 November 2013 - 03:42 PM

One of the problems I see is that when I go to log into my yahoo email account I am seeing www.hsrd.yahoo in the bottom address window. I have tried resetting my

internet settings. I am not sure what this is. I also do not know how to fix it. I do have a photo if you need it. I don't feel safe checking my email and or sending email.

My bank debit account has already been compromised once and I don't feel safe doing anything as far as personal information goes. It seems as though I am being

redirected.

 

I also have an online Etsy account from which I sell from and I am unable to even sign into my account.

 

I have noticed when I do a Bitdefender scan it shows there are files that are locked.

 

Thank you for all of your help. It is appreciated.

 

Karen



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:04 PM

Posted 06 November 2013 - 09:05 AM


There is nothing wrong with hsrd.yahoo.com I just tried it and it gives me http://ca.yahoo.com/?p=us
Yours may be different.

If you only want Yahoo.com then follow this directive.

http://answers.microsoft.com/en-us/ie/forum/ie10-windows_8/yahoo-is-redirecting-re-hsrdyahoocom/90d2720e-3e09-47bc-baef-de3d17abb1d5
===

I also have an online Etsy account from which I sell from and I am unable to even sign into my account.

Delete all the Cookies associated with that site.

Open Internet Explorer > Menu > Internet Options > General tab
Under Browser History select Delete button > History Tab
Select Temporary Internet files and Cookies
Click the Delete button.
Restart the computer normally.

Can you reach Etsy?
===

Let me know what problem persists.

#9 karenluvs2collect

karenluvs2collect
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:04 PM

Posted 07 November 2013 - 02:34 AM

Hi,

Thank you for getting back to me. I was wondering if you were able to find any information on the reports that you asked me to post? I was able to

sign into my Etsy account. It was due to IE9 settings.

 

 

I only am making reference to hsrd.yahoo because this is the only visual description that I can give that is different. Until I blocked it, I would also get

www.yimg.com and a few others. I also have been seeing about:blank and sometimes the page won't load. Also about:tabs. I appologize I am not

that computer literate. I can only describe it as it is a fake version of internet explorer. Items do not line up on the page/page does not fully load/the

information on the page is over-lapping etc. .... 

I don't know if it has anything to do with it but I have quite a few antivirus/malware programs/trials on this computer. Including Comodo Firewall and

geekbuddy.

 

I purchased a new computer in July of this year (windows 8) and it has the same problems.

 

 

While I was typing this I decided to look in the registry and I think I found the problem. Here is what I believe to be a big part: (I just copied the key name)

This is just a few that I copied so you could see. There are hundreds under zonemap.

 

I did come across more/see posts after zonemap.

 

Thanks again for your help.

 

 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mzdsoftware.com

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mywebsearch.net

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\myadultexplorer.com

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\browser-control.com

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\antivirus-hq.net

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\antispyware-2008.info

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\advancedcleaner.com

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adobe-9.com

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\antimalwareguard.com

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adware-download.com

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

 

 

 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Url History

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ime

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones

HKEY_CURRENT_USER\Software\Microsoft\Web Service Providers

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer

HKEY_CURRENT_USER\Software\JEDI-VCL

HKEY_CURRENT_USER\Software\Classes

HKEY_CURRENT_USER\Software\Classes\*

HKEY_CURRENT_USER\Software\Classes\.F19BA38CEE75F04D2658

HKEY_CURRENT_USER\Software\Classes\Software

HKEY_CURRENT_USER\Software\Classes\Wow6432Node

HKEY_LOCAL_MACHINE\COMPONENTS\Winners

HKEY_LOCAL_MACHINE\COMPONENTS\Winners\msil_microsoft.backgroun..anagement.resources_31bf3856ad364e35_en-us_207a4ce9136cf8e0

HKEY_LOCAL_MACHINE\COMPONENTS\Winners\msil_iiehost_b03f5f7f11d50a3a_none_972a794106a6d712

HKEY_LOCAL_MACHINE\COMPONENTS\Winners\amd64_policy.1.0.microsof..op.security.azroles_31bf3856ad364e35_none_d6e9e86c6e764c6f

HKEY_LOCAL_MACHINE\COMPONENTS\Winners\amd64_cxfalcon_ibv64.inf.resources_31bf3856ad364e35_en-us_effe168f9abcbaf3

HKEY_LOCAL_MACHINE\SAM

HKEY_USERS

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wow64ProxyAgent

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures         -         norton security and google update tool

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree   -   AVG, google update, microsoft antimalware,

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Tcpip

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wired\GatherWiredInfo

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wireless\GatherWirelessInfo

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton 360

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SlimCleaner Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\User_Feed_Synchronization-{3204CE6C-4134-4807-A77A-72E4137F4D81}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-3990693864-1508302122-2185680450-1001

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Superfetch

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\iissvcs

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\SDRSVC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\FirewallAPI\FirewallAPI

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\GAPA\GAPA_ENG

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\LiveMesh\Global

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NCDTrace\UmBusDriver\CtlGuid    -   fatal warning trace verbose

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\Windows\TextInputServices\CCIME

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\Windows\TextInputServices\CCIME\ConfigMgr\CtlGuid

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Portable Devices\Devices

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Portable Devices\Devices\USB#VID_040A&PID_058A#C31072222528

HKEY_CURRENT_CONFIG\System\CurrentControlSet\Control\Print\Printers   -     canon mx510, lexmark 5400, HP deskjet 4200

HKEY_CURRENT_CONFIG\System\CurrentControlSet\Enum\IDE

HKEY_CURRENT_CONFIG\System\CurrentControlSet\Enum\IDE\CDROMHL-DT-ST_DVDRAM_GSA-T40N________________JT02____



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:04 PM

Posted 07 November 2013 - 09:24 AM

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.mydigitallife.info/2007/02/17/how-to-open-elevated-command-prompt-with-administrator-privileges-in-windows-vista/
<<<>>>

Lets reset your ZoneMaps also.

Launch Notepad, and copy/paste all the blue instructions below to it.
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save
 

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]


Then, disconnect from the Internet!
Next,
Back on the Desktop, double-click on the fixme.reg file you just saved and click on Yes when asked to merge the information.

On a Vista or Windows 7 operating system right click on the fixme.reg file and run as Administrator.

Optional if the following programs are in your computer.
Note that since the Domains are deleted SpywareBlaster protection must be re-enabled. Spybot's Immunize feature must be used again, also you have to re-install IE-SpyAd if installed.

Restart the computer normally.

How is it now?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users