Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

6313.com has made itself my homepage, can't get rid of it

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

6313.com has made itself my homepage, can't get rid of it

Unread postby bramwell40 » August 31st, 2010, 9:21 pm

This website has become my homepage and I just cant get rid of it. I have run Malwarebytes, and Spybot SandD but to no avail.

My uninstall list:
Sansa Media Converter
10 Days To Save The World
3DMark06
4PLAY 5.0
4PLAY60
4PLAY60
AC3Filter (remove only)
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.0
Adobe Premiere Elements 2.0
Adobe Reader 8.2.4
Airport Mania
Amazon Unbox Video
Angela Young 2 - Escape the Dreamscape
APC PowerChute Personal Edition v2.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 6
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Brochures & Flyers
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Funhouse II
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Photo Prints
ArcSoft Print Creations - Poster Creator
ArcSoft Print Creations - Quick Photo Book
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Ashampoo StartUp Tuner 2.00
Assassin's Creed
Atmosphere Lite Plus v6.0
Auction Sentry Deluxe
Audible Download Manager
AudibleManager
avast! Free Antivirus
Awakening: The Dreamless Castle
Barnes & Noble Desktop Reader
Batman: Arkham Asylum Demo
Battlefield Bad Company 2 - BETA
Beyond Good and Evil
Bible Explorer 4 Download Edition
Bible Explorer 4 Download Edition
Big Fish Games: Game Manager
Bing Maps 3D
BioShock
BitLord 1.1
BLOCKBUSTER Movielink
Blue Squirrel ClickBook 10
Bonjour
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
CD Label Designer 3.6
CDBurnerXP
CDDRV_Installer
Celestia 1.6.0
Cleanse Uninstaller Pro 5
ClearView
Codec Checker
Combat Arms
Combined Community Codec Pack 2008-09-21 16:18
Daniusoft Video to Creative Zen Converter(Build 1.3.35)
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Web Player
Dogfighter Demo
Download Manager 2.3.10
DVD Decrypter (Remove Only)
DVD-Cover Printmaster 1.2
E.M. DVD Copy 2.20
Easy Backup Wizard
EAX Unified
EPSON Print CD
EPSON Printer Software
Epson Printer Study
EPSON RX595 User's Guide
EPSON Scan
EPSON Stylus Photo RX595 Series Scanner Driver Update
EPSON Web-To-Page
EVEREST Home Edition v2.20
exPressit S.E. 2.2
F.E.A.R. 2: Project Origin
FarCry 2
FaxRedist
ffdshow [rev 3154] [2009-12-09]
File, Print FedEx Kinko's
FLV Player 2.0 (build 25)
FOX DMI
FOX LiveUpdate
FOX LOGO
FOX ONE
Frets On Fire
Futuremark SystemInfo
GameSpy Comrade
GameTap
Garmin City Navigator North America NT 2010.10 Update
Garmin Communicator Plugin
Garmin USB Drivers
Garmin WebUpdater
GEAR driver installer for x86 and x64
GetFLV Pro 8.8.48
Ghost Recon
Ghost Recon: Island Thunder
GPL Ghostscript 8.64
Greeting Card Builder Full
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
HDD Regenerator
Hidden World of Art 2
HiJackThis
HLSW v1.2.1.2
Hollywood - The Director's Cut
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Insurgency ( Remove only)
Interpol 2 - Most Wanted
IrfanView (remove only)
IsoBuster 2.8
iTunes
Jahshaka
James Patterson's Women's Murder Club: Twice in a Blue Moon
Java(TM) 6 Update 21
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
KhalInstallWrapper
K-Lite Mega Codec Pack 4.9.0
Left 4 Dead
LEGO® Batman™
Leisure Suit Larry - Magna Cum Laude
LeKuSoft DVD Ripper 5.2
Liquid Story Binder XE 2.91
Logitech Gaming Software 5.02
Logitech QuickCam Driver Package
Logitech SetPoint
Logitech Updater
Logitech Vid
Logitech Webcam Software
Machinarium
Machinarium
Macrium Reflect
Macromedia Shockwave Player
Magic Encyclopedia 3 Free Trial
Malwarebytes' Anti-Malware
Margrave Manor 2 - The Lost Ship
Masters of Mystery - Blood of Betrayal
Max-Bid-Timer v2.11
Memorex exPressit Label Design Studio
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Expression Web 3
Microsoft Expression Web 3
Microsoft Expression Web 3 SP1
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Web Publishing Wizard 1.52
Mirror's Edge
Mortimer Beckett and the Secrets of Spooky Manor
Mozilla Firefox (3.6.8)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
msxml4
MultiStage Recovery 3.6
NBC Direct Beta
NCH Toolbox
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA PhysX
ooVoo
OpenAL
OpenLibraries
OpenOffice.org 3.2
Paint.NET 3.8
Peggle Extreme
Penumbra Overture
Penumbra: Black Plague
Penumbra: Requiem
PhysicsTutor Excalibur
PingPlotter Standard 3.20.1s
PixiePack Codec Pack
PlayFLV
Portal
Prince of Persia: The Sands of Time
PrintMaster
PrintMaster Express
Prism Video Converter
Psychonauts
PunkBuster Services
Puzzle Hero 1.1.1
PVSonyDll
QuickTime
RealPlayer
Realtek Ethernet Controller Driver For Windows Vista and Later
Recover Keys
Revo Uninstaller 1.85
Sam & Max 302: The Tomb of Sammun-Mak
Sam and Max - Season One - Sam and Max Episode 101 - Culture Shock
Sam and Max - Season One - Sam and Max Episode 102 - Situation: Comedy
Sam and Max - Season One - Sam and Max Episode 103 - The Mole, The Mob, and the Meatball
Sam and Max - Season One - Sam and Max Episode 104 - Abe Lincoln Must Die!
Sam and Max - Season One - Sam and Max Episode 105 - Reality 2.0
Sauerbraten
Scribus 1.3.5svn
Serious Sam HD: The Second Encounter
Shockwave
Sibelius Scorch (ActiveX Only)
Sibelius Scorch (ActiveX Only)
Silent Hunter III
SiN Episodes: Emergence
Skype Toolbars
Skype™ Beta 5.0
Smart Diary Suite 4
SmartFTP Client
SmartFTP Client 4.0 Setup Files (remove only)
Solitaire Epic
Sothink FLV Player
Sothink Web Video Downloader
Sound Editor Deluxe v3.9
SoundTaxi Media Suite 3.9.9
Source SDK Base
Spybot - Search & Destroy
Steam
Stellarium 0.9.1
Streaming Video Recorder V2.0.5
Sunset Studio Deluxe
System Requirements Lab
TBS WMP Plug-in
Team Fortress 2
The Conjurer
The Conjurer
The Experiment
The Longest Journey
The Path 1.01
The Time Machine - Trapped in Time
The Word
Tom Clancy's Splinter Cell
Tom Clancy's Splinter Cell Conviction
Tom Clancy's Splinter Cell: Chaos Theory
Tom Clancy's Splinter Cell: Double Agent
Tomb Raider: Anniversary
Tunebite
Tunebite
UBCD4Win 3.50
Ubisoft Game Launcher
Uniblue DriverScanner 2009
Uniblue DriverScanner 2009
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
USB Network Driver
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
Veoh Video Compass
Veoh Web Player
VideoReDo TVSuite Version 3.1.5.564
VLC media player 1.1.3
WinAce Archiver
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Media Player Firefox Plugin
Windows Movie Maker 2.6
winpcap-nmap 4.02
WinRAR archiver
WinX DVD Author 5.5
WinX DVD Ripper Platinum 5.1.1
Wise Disk Cleaner 3 Professional V3.2
Wise Registry Cleaner 3 Professional V3.2
Wondershare DVD Ripper Platinum(Build 4.2.0.16)
Wondershare FLV Downloader Pro(Build 1.4.1.16)
Wondershare Media Converter(Build 1.0.0.16)
Wondershare Movie Story GAOTD Edition 4.5.0
Xvid 1.2.2 final uninstall
Z Engine
ZEN Vision W Media Explorer
Zoner Photo Studio 10

My Hijack this log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:45:34 PM, on 8/31/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Steam\steam.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: File Print FedEx Kinko's - {9566395f-43d2-4c64-b525-b501ffa276e2} - mscoree.dll (file missing)
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32 /S CTASIO.DLL
O4 - HKLM\..\Run: [Display] C:\Program Files\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [USB Gamepad] C:\Windows\USB Vibration\dr100&110\USB Gamepad.exe -boot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/ ... tion32.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/OneClickFix/tgctlsr.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://webgames.d.tmsrv.com/c=1f7b75231 ... .0.0.8.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 10.115.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/softwa ... Plugin.cab
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} (CPlayFirstzenerchiControl Object) - http://chill.comcast.net/AspNet2.0/App/ ... 0.0.10.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/Game ... meHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: EPCRMON - Unknown owner - C:\Program Files\epson\epcrmon\epcrsvc.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kingsoft Antivirus WebShield Service - Kingsoft Corporation - C:\ProgramData\kingsoft\kws2\KSWebShield.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Movielink Core Service - Blockbuster - C:\Program Files\Movielink\MovielinkManager\MovielinkCore.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: STSService - Unknown owner - C:\Program Files\SoundTaxi Media Suite\STSService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - Unknown owner - C:\Program Files\VMware\VMware Server\vmware-authd.exe (file missing)
O23 - Service: VMware Registration Service (vmserverdWin32) - Unknown owner - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe (file missing)

--
End of file - 12589 bytes


I appreciate any time that you might be able to spend to tell me what is wrong and how to get rid of this home page problem. At the moment, it does not hijack me anywhere else. It just won't let me set my own homepage.

Thanks

Dave
bramwell40
Active Member
 
Posts: 9
Joined: August 31st, 2010, 9:13 pm
Advertisement
Register to Remove

Re: 6313.com has made itself my homepage, can't get rid of i

Unread postby askey127 » September 3rd, 2010, 3:23 pm

Hi bramwell40,
-----------------------------------------------------------
There are some Issues with infections in relation to PunkBuster:
Your computer has installed gaming tools. Some of these, like Punkbuster, use spyware techniques to engage in the anti-piracy battle.
In the process, they take control of much of your PC, and they actually meet the definition of spyware/malware.
They are sometimes designed to prevent orderly removal or modification, and they have only limited respect for retaining the overall security and integrity of your machine.
It is not a certainty that your computer can be cleaned without breaking or removing some of these programs, and this could result in not being able to play the associated games, or corruption of your system.
Since we are dedicated to causing No Harm, we won't normally work on machines with this type of program installed without explicit permission from the owner.
If you want to continue using the machine in this way, you should consider using imaging software like Norton Ghost or Acronis TrueImage, or Terabyte Image, which can put your entire C: drive back into an earlier state whenever the infections or malfunctions get too severe.

If you really want to clean this machine, I will help, but if you so choose, understand there is NO assurance you will be able to do games afterwards.
-----------------------------------------------
Please Note Our Policy on the Use of P2P (Person to Person / Peer to Peer) file sharing programs
It is posted here: http://malwareremoval.com/forum/viewtopic.php?f=11&t=33112
As a condition of receiving our help, I have included the P2P program BitLord 1.1 in the removal instructions below, so we are not wasting our time.
If you have used this, you can be fairly confident this is a principal reason your computer is infected

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Limewire, Vuze, Shareaza, Bitlord.
Criminals have "planted" thousands upon thousands of infections in the "free" shared files. Some of the recent infections can turn your machine into a doorstop.
It's also very important to avoid any "cracks" or "Keygens" that allow unauthorized use of programs. Besides being illegal, these files also are loaded with "planted" malware.
-----------------------------------------------------------
Remove Registry items with HighjackThis. Start HijackThis. (Right-click and "Run as administrator" in Vista/Win7)
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)

R3 - URLSearchHook: (no name) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: File Print FedEx Kinko's - {9566395f-43d2-4c64-b525-b501ffa276e2} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
----------------------------------------------
Download and Run Temp File Cleaner (TFC.exe)
Download Temp File Cleaner and save it to your desktop.
Double click to run it. (Right click and Run as Administrator in Vista)
If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
When it's done, if it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Adobe Reader 8.2.4
BitLord 1.1
Codec Checker
Download Manager 2.3.10
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Spybot - Search & Destroy

Take extra care in answering questions posed by any Uninstaller.
If the Spybot Uninstaller asks whether you want to remove all files and settings, answer YES. If it reports that it cannot remove all files, that's OK.
-----------------------------------------------------------
REBOOT(RESTART) Your Machine one more time.
--------------------------------------------------------
Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 9.33 are vulnerable.
Go HERE and click on AdbeRdr933_en_US.exe to download the latest version of Adobe Acrobat Reader.
Save this file to your desktop and run it to install the latest version of Adobe Reader.
-----------------------------------------------------------
Post a New HiJackThis Log
Start HijackThis (double-click in XP, or right-click and "Run as administrator" in Vista/Win7)
Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl +A), copy (Ctrl+C) and paste (Ctrl+V) the log contents into a reply.
-----------------------------------------------------------
Retrieve the List of Installed programs Using HJT
Open HijackThis, click Open The Misc Tools Section. Then scroll down the list if you need to, click Open Uninstall Manager and Save List...
The List of installed programs will automatically be saved as uninstall_list.txt in your HiJackThis folder.
In addition, the list opens in Notepad so you can also save as another name in another location if you wish.
Please paste the contents into your next reply.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: 6313.com has made itself my homepage, can't get rid of i

Unread postby bramwell40 » September 3rd, 2010, 6:01 pm

Thank you for your reply.

Maybe I should explain what happened to get me where I am. My daughter just came home from China. While there she picked up a game from one of the local stores called "East Front". I installed the game which refused to run on my machine so I uninstalled it. However, I then noticed that I had a new home page. It was after this that I looked at the package and saw that it was put out by the pirate bay. It is sold in regular stores in China, but apparently it is pirated software.

so anyway, here are the logs you asked for:

uninstalled list:


Sansa Media Converter
10 Days To Save The World
3DMark06
4PLAY 5.0
4PLAY60
4PLAY60
AC3Filter (remove only)
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.0
Adobe Premiere Elements 2.0
Adobe Reader 9.3.3
Airport Mania
Amazon Unbox Video
Angela Young 2 - Escape the Dreamscape
APC PowerChute Personal Edition v2.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 6
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Brochures & Flyers
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Funhouse II
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Photo Prints
ArcSoft Print Creations - Poster Creator
ArcSoft Print Creations - Quick Photo Book
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Ashampoo StartUp Tuner 2.00
Assassin's Creed
Atmosphere Lite Plus v6.0
Auction Sentry Deluxe
Audible Download Manager
AudibleManager
avast! Free Antivirus
Awakening: The Dreamless Castle
Barnes & Noble Desktop Reader
Batman: Arkham Asylum Demo
Battlefield Bad Company 2 - BETA
Beyond Good and Evil
Bible Explorer 4 Download Edition
Bible Explorer 4 Download Edition
Big Fish Games: Game Manager
Bing Maps 3D
BioShock
BLOCKBUSTER Movielink
Blue Squirrel ClickBook 10
Bonjour
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
CD Label Designer 3.6
CDBurnerXP
CDDRV_Installer
Celestia 1.6.0
Cleanse Uninstaller Pro 5
ClearView
Combat Arms
Combined Community Codec Pack 2008-09-21 16:18
Daniusoft Video to Creative Zen Converter(Build 1.3.35)
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Web Player
Dogfighter Demo
DVD Decrypter (Remove Only)
DVD-Cover Printmaster 1.2
E.M. DVD Copy 2.20
Easy Backup Wizard
EAX Unified
EPSON Print CD
EPSON Printer Software
Epson Printer Study
EPSON RX595 User's Guide
EPSON Scan
EPSON Stylus Photo RX595 Series Scanner Driver Update
EPSON Web-To-Page
EVEREST Home Edition v2.20
exPressit S.E. 2.2
F.E.A.R. 2: Project Origin
FarCry 2
FaxRedist
ffdshow [rev 3154] [2009-12-09]
File, Print FedEx Kinko's
FLV Player 2.0 (build 25)
FOX DMI
FOX LiveUpdate
FOX LOGO
FOX ONE
Frets On Fire
Futuremark SystemInfo
GameSpy Comrade
GameTap
Garmin City Navigator North America NT 2010.10 Update
Garmin Communicator Plugin
Garmin USB Drivers
Garmin WebUpdater
GEAR driver installer for x86 and x64
GetFLV Pro 8.8.48
Ghost Recon
Ghost Recon: Island Thunder
GPL Ghostscript 8.64
Greeting Card Builder Full
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
HDD Regenerator
Hidden World of Art 2
HiJackThis
HLSW v1.2.1.2
Hollywood - The Director's Cut
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Insurgency ( Remove only)
Interpol 2 - Most Wanted
IrfanView (remove only)
IsoBuster 2.8
iTunes
Jahshaka
James Patterson's Women's Murder Club: Twice in a Blue Moon
Java(TM) 6 Update 21
KhalInstallWrapper
K-Lite Mega Codec Pack 4.9.0
Left 4 Dead
LEGO® Batman™
Leisure Suit Larry - Magna Cum Laude
LeKuSoft DVD Ripper 5.2
Liquid Story Binder XE 2.91
Logitech Gaming Software 5.02
Logitech QuickCam Driver Package
Logitech SetPoint
Logitech Updater
Logitech Vid
Logitech Webcam Software
Machinarium
Machinarium
Macrium Reflect
Macromedia Shockwave Player
Magic Encyclopedia 3 Free Trial
Malwarebytes' Anti-Malware
Margrave Manor 2 - The Lost Ship
Masters of Mystery - Blood of Betrayal
Max-Bid-Timer v2.11
Memorex exPressit Label Design Studio
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Expression Web 3
Microsoft Expression Web 3
Microsoft Expression Web 3 SP1
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Web Publishing Wizard 1.52
Mirror's Edge
Mortimer Beckett and the Secrets of Spooky Manor
Mozilla Firefox (3.6.8)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
msxml4
MultiStage Recovery 3.6
NBC Direct Beta
NCH Toolbox
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA PhysX
ooVoo
OpenAL
OpenLibraries
OpenOffice.org 3.2
Paint.NET 3.8
Peggle Extreme
Penumbra Overture
Penumbra: Black Plague
Penumbra: Requiem
PhysicsTutor Excalibur
PingPlotter Standard 3.20.1s
PixiePack Codec Pack
PlayFLV
Portal
Prince of Persia: The Sands of Time
PrintMaster
PrintMaster Express
Prism Video Converter
Psychonauts
PunkBuster Services
Puzzle Hero 1.1.1
PVSonyDll
QuickTime
RealPlayer
Realtek Ethernet Controller Driver For Windows Vista and Later
Recover Keys
Revo Uninstaller 1.85
Sam & Max 302: The Tomb of Sammun-Mak
Sam and Max - Season One - Sam and Max Episode 101 - Culture Shock
Sam and Max - Season One - Sam and Max Episode 102 - Situation: Comedy
Sam and Max - Season One - Sam and Max Episode 103 - The Mole, The Mob, and the Meatball
Sam and Max - Season One - Sam and Max Episode 104 - Abe Lincoln Must Die!
Sam and Max - Season One - Sam and Max Episode 105 - Reality 2.0
Sauerbraten
Scribus 1.3.5svn
Serious Sam HD: The Second Encounter
Shockwave
Sibelius Scorch (ActiveX Only)
Sibelius Scorch (ActiveX Only)
Silent Hunter III
SiN Episodes: Emergence
Skype Toolbars
Skype™ Beta 5.0
Smart Diary Suite 4
SmartFTP Client
SmartFTP Client 4.0 Setup Files (remove only)
Solitaire Epic
Sothink FLV Player
Sothink Web Video Downloader
Sound Editor Deluxe v3.9
SoundTaxi Media Suite 3.9.9
Source SDK Base
Steam
Stellarium 0.9.1
Streaming Video Recorder V2.0.5
Sunset Studio Deluxe
System Requirements Lab
TBS WMP Plug-in
Team Fortress 2
The Conjurer
The Conjurer
The Experiment
The Longest Journey
The Path 1.01
The Time Machine - Trapped in Time
The Word
Tom Clancy's Splinter Cell
Tom Clancy's Splinter Cell Conviction
Tom Clancy's Splinter Cell: Chaos Theory
Tom Clancy's Splinter Cell: Double Agent
Tomb Raider: Anniversary
Tunebite
Tunebite
UBCD4Win 3.50
Ubisoft Game Launcher
Uniblue DriverScanner 2009
Uniblue DriverScanner 2009
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
USB Network Driver
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
Veoh Video Compass
Veoh Web Player
VideoReDo TVSuite Version 3.1.5.564
VLC media player 1.1.3
WinAce Archiver
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Media Player Firefox Plugin
Windows Movie Maker 2.6
winpcap-nmap 4.02
WinRAR archiver
WinX DVD Author 5.5
WinX DVD Ripper Platinum 5.1.1
Wise Disk Cleaner 3 Professional V3.2
Wise Registry Cleaner 3 Professional V3.2
Wondershare DVD Ripper Platinum(Build 4.2.0.16)
Wondershare FLV Downloader Pro(Build 1.4.1.16)
Wondershare Media Converter(Build 1.0.0.16)
Wondershare Movie Story GAOTD Edition 4.5.0
Xvid 1.2.2 final uninstall
Z Engine
ZEN Vision W Media Explorer
Zoner Photo Studio 10

Hijack This log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:52:22 PM, on 9/3/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Steam\steam.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32 /S CTASIO.DLL
O4 - HKLM\..\Run: [Display] C:\Program Files\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [USB Gamepad] C:\Windows\USB Vibration\dr100&110\USB Gamepad.exe -boot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/ ... tion32.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/OneClickFix/tgctlsr.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://webgames.d.tmsrv.com/c=1f7b75231 ... .0.0.8.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/ ... 10.115.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/softwa ... Plugin.cab
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} (CPlayFirstzenerchiControl Object) - http://chill.comcast.net/AspNet2.0/App/ ... 0.0.10.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/Game ... meHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: EPCRMON - Unknown owner - C:\Program Files\epson\epcrmon\epcrsvc.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kingsoft Antivirus WebShield Service - Kingsoft Corporation - C:\ProgramData\kingsoft\kws2\KSWebShield.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Movielink Core Service - Blockbuster - C:\Program Files\Movielink\MovielinkManager\MovielinkCore.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: STSService - Unknown owner - C:\Program Files\SoundTaxi Media Suite\STSService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - Unknown owner - C:\Program Files\VMware\VMware Server\vmware-authd.exe (file missing)
O23 - Service: VMware Registration Service (vmserverdWin32) - Unknown owner - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe (file missing)

--
End of file - 11352 bytes


After following the other instructions, I still have 6313.com as my homepage. Thanks again.

Dave
bramwell40
Active Member
 
Posts: 9
Joined: August 31st, 2010, 9:13 pm

Re: 6313.com has made itself my homepage, can't get rid of i

Unread postby askey127 » September 3rd, 2010, 7:46 pm

bramwell40,
Most pirated software contains trojans, to ultimately steal money from you.
These people would be prosecuted in the U.S.
if you have already done what I asked, please proceed:
------------------------------------------------------------
Please download the GMER Rootkit Scanner from Here.
  • XP : Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • VISTA/Win7: Right click the .exe file and chose Run as Administrator. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than the System drive (which is typically C:\)
    • Show All (don't miss this one)
      See image below
      Image
  • Then click the Scan button & wait for it to finish
    **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
Note: Do not run any other programs while Gmer is running.
------------------------------------------------------------
Let's check whether you have any other leftover infected files or settings.
This scan can take a long time (hours), but it is very thorough. Please start it when you can let it finish.
It doesn't remove anything. The report, however, is very valuable.
-----------------------------------------------------
Run an Online Kaspersky WebScan
  • Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the Program and Database downloads have finished, (may take a while), Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post the contents of this log in your next reply.

So we are looking for the log from Gmer and the report from the Kaspersky scan.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: 6313.com has made itself my homepage, can't get rid of i

Unread postby bramwell40 » September 3rd, 2010, 9:51 pm

Okay, I have done each step as you requested.
However, I tried running the GMER program from my desktop. I ran it in administrative mode in Windows Vista.
I unchecked each of the boxes that you said to do. However, the scan gets to Devices\HarddiskVolumeShadowCopy either 3 or 4 and then stops, saying that it has stopped running in Windows.
Any ideas? I have stopped all other programs from running, etc. Still stops.

Thanks
Dave
bramwell40
Active Member
 
Posts: 9
Joined: August 31st, 2010, 9:13 pm

Re: 6313.com has made itself my homepage, can't get rid of i

Unread postby askey127 » September 4th, 2010, 6:34 am

bramwell40,
Please try again to run Gmer followed by the Kaspersky scan.
Only this time please run this Rkill program FIRST.
------------------------------------------------
Download and Run Rkill
Please download Rkill from one of the following links and save to your Desktop:
One, Two,Three or Four
  • Double click on Rkill. (Right-click and "Run as administrator" in Vista/Win7).
  • A command window will open, then disappear upon completion, this is normal.
  • Please leave Rkill on the Desktop until otherwise advised.
Note: If your security software warns about Rkill, please ignore and allow the download to continue. If you cannot get one of the downloads to work for you, try one of the other links.
If you cannot get Rkill to run without being stopped, don't proceed further, and post back to tell me about it.
------------------------------------------------
If Gmer still stops/refuses to run, shut it down and proceed with the Kaspersky scan.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: 6313.com has made itself my homepage, can't get rid of i

Unread postby bramwell40 » September 4th, 2010, 2:11 pm

Okay, next round...

I can get rkill to run with no problem. However, after running it, GMER still will stop when it gets to the device\harddisk volumeshadowcopy section. it then errors out.

Also, I tried to run Kaspersky's all night. It ran for about 5 hours and then just stopped and went no further. I have tried to run it many times, but it still just stops.

Thanks

Dave
bramwell40
Active Member
 
Posts: 9
Joined: August 31st, 2010, 9:13 pm

Re: 6313.com has made itself my homepage, can't get rid of i

Unread postby askey127 » September 4th, 2010, 3:18 pm

Right-Click RKill on your desktop and run it.
-----------------------------------------------------------
Download and Run ComboFix
IMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without guidance.
ComboFix uses very forceful tactics to remove malware from your system. Your antivirus software may warn you about the file.
You will need to disable all your antivirus software BEFORE running ComboFix.
.
  • Download ComboFix from here
  • Rename it while saving the download to zzz.exe and save it to your Desktop. Do not try to rename it after it has been saved to your desktop, or the infection may prevent you from using it.
    **Note: It is important that it is saved directly to your desktop and run from the desktop, not from any other folder on your computer**
  • DISABLE AVAST
    Right click on the avast! icon in system tray (looks like this: Image) and choose (Stop On-Access Protection)
    Avast On-Access Protection is now disabled.
  • Now double click to start ComboFix (zzz.exe) Give permission when prompted by the UAC.
  • Do not touch the computer AT ALL while ComboFix is running, or it may stall.
  • When finished, the report will open. Post the log in your next reply, and then Reenable your protection software
A copy of the log will be located here if you need it-> C:\ComboFix.txt
If you cannot connect to the internet after running ComboFix, unplug the cable you use to connect to the internet and plug it back in.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: 6313.com has made itself my homepage, can't get rid of i

Unread postby bramwell40 » September 4th, 2010, 5:44 pm

Okay. Thanks again for all the help. Here is the combofix log.

omboFix 10-09-03.02 - Dave 09/04/2010 16:59:58.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.1251 [GMT -4:00]
Running from: c:\users\Dave\Desktop\zzz.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\kingsoft\kws\kws.ini
c:\users\Dave\AppData\Local\1633618601.dll
c:\users\Dave\AppData\Roaming\inst.exe
c:\users\Public\noisereduction20c.exe
c:\windows\system32\%appdata%
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((( Files Created from 2010-08-04 to 2010-09-04 )))))))))))))))))))))))))))))))
.

2010-09-01 00:27 . 2010-09-01 00:27 -------- d-----w- c:\program files\Trend Micro
2010-08-31 20:23 . 2010-08-31 20:23 -------- d-----w- C:\game
2010-08-31 20:22 . 2010-08-31 20:35 -------- d-----w- c:\programdata\kingsoft
2010-08-24 21:57 . 2010-08-31 19:38 -------- d-----w- c:\users\Dave\AppData\Roaming\vlc
2010-08-22 14:16 . 2010-08-22 14:16 -------- d-----w- c:\users\Dave\AppData\Roaming\Juniper Networks
2010-08-21 16:45 . 2010-08-21 16:45 -------- d-----w- c:\program files\QuickTime
2010-08-20 23:52 . 2010-08-20 23:52 -------- d-----w- c:\users\Dave\AppData\Local\Logitech
2010-08-19 21:54 . 2010-08-19 21:54 -------- d-----w- c:\program files\Smart Diary Suite 4
2010-08-18 00:14 . 2010-08-18 00:14 -------- d-----w- c:\users\Dave\AppData\Local\DogFighter
2010-08-10 21:23 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-10 21:23 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-10 21:23 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-10 21:23 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-10 21:23 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-10 21:23 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-06 21:04 . 2010-08-06 21:04 -------- d-----w- c:\program files\Machinarium

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-04 21:23 . 2009-06-18 03:00 52592 ----a-w- c:\programdata\nvModes.dat
2010-09-04 21:22 . 2008-09-05 18:43 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-09-04 20:36 . 2008-09-05 19:02 -------- d-----w- c:\users\Dave\AppData\Roaming\Skype
2010-09-04 20:04 . 2008-09-05 19:04 -------- d-----w- c:\users\Dave\AppData\Roaming\skypePM
2010-09-04 18:04 . 2008-02-23 06:50 -------- d-----w- c:\program files\Steam
2010-09-04 12:26 . 2008-02-22 22:27 1356 ----a-w- c:\users\Dave\AppData\Local\d3d9caps.dat
2010-09-03 21:47 . 2008-02-25 02:39 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-03 21:29 . 2008-03-05 23:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-03 21:26 . 2008-03-05 23:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-03 21:20 . 2008-03-23 13:34 -------- d-----w- c:\program files\Java
2010-09-03 21:20 . 2008-03-23 13:34 -------- d-----w- c:\program files\Common Files\Java
2010-09-03 20:55 . 2008-04-19 21:32 -------- d-----w- c:\program files\BitLord
2010-08-31 19:42 . 2008-07-29 23:16 -------- d-----w- c:\users\Dave\AppData\Roaming\dvdcss
2010-08-30 21:32 . 2009-06-12 02:28 -------- d-----w- c:\users\Dave\AppData\Roaming\GARMIN
2010-08-20 23:41 . 2008-06-11 18:37 -------- d-----w- c:\program files\Common Files\Logitech
2010-08-20 23:41 . 2008-06-11 18:37 -------- d-----w- c:\program files\Logitech
2010-08-15 02:03 . 2009-06-05 12:29 -------- d-----w- c:\programdata\Ubisoft
2010-08-10 23:25 . 2009-08-29 20:04 -------- d-----w- c:\program files\Movie Maker 2.6
2010-08-10 23:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-10 01:12 . 2008-07-03 15:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-31 00:52 . 2008-02-22 22:27 141224 ----a-w- c:\users\Dave\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-31 00:48 . 2008-12-30 19:41 -------- d-----w- c:\program files\OpenOffice.org 3
2010-07-29 18:01 . 2010-07-29 18:01 -------- d-----w- c:\program files\Auction Sentry Deluxe
2010-07-27 15:59 . 2010-07-27 15:59 -------- d-----w- c:\program files\AC3Filter
2010-07-24 21:03 . 2010-07-24 21:02 -------- d-----w- c:\program files\iTunes
2010-07-24 21:02 . 2010-07-24 21:02 -------- d-----w- c:\program files\iPod
2010-07-24 21:02 . 2008-04-11 22:14 -------- d-----w- c:\program files\Common Files\Apple
2010-07-20 00:34 . 2008-02-23 22:37 -------- d-----w- c:\program files\DivX
2010-07-19 01:49 . 2010-07-19 01:49 -------- d-----w- c:\program files\Smart Projects
2010-07-18 21:13 . 2010-04-20 23:37 -------- d-----w- c:\programdata\DivX
2010-07-17 09:00 . 2010-04-17 13:34 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-11 04:12 . 2008-02-23 22:58 -------- d-----w- c:\users\Dave\AppData\Roaming\DivX
2010-06-28 20:57 . 2010-07-02 21:55 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2008-02-23 00:52 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2008-02-23 00:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2008-04-06 01:39 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2008-02-23 00:52 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2008-02-23 00:52 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2008-04-06 01:39 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-26 06:05 . 2010-08-10 21:24 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-10 21:24 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-10 21:24 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-10 21:24 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-10 21:24 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-10 21:24 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-11 16:16 . 2010-08-10 21:24 274944 ----a-w- c:\windows\system32\schannel.dll
2008-02-23 20:00 . 2008-02-23 20:00 905 ----a-w- c:\program files\uninstal.log
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2010-08-24 1242448]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-11 26959144]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Zboard"="c:\program files\Ideazon\ZEngine\Zboard.exe" [2008-11-13 57344]
"AsioReg"="CTASIO.DLL" [2007-04-09 79872]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-24 202256]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-6-11 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^APC UPS Status.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk
backup=c:\windows\pss\APC UPS Status.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Reminder.lnk]
backup=c:\windows\pss\Event Reminder.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 15:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
2007-04-09 17:22 79872 ----a-w- c:\windows\System32\ctasio.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2007-04-09 17:32 19456 ----a-w- c:\windows\System32\CtHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
2007-07-17 15:03 868352 ------w- c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2007-04-09 17:32 19968 ----a-w- c:\windows\System32\Ctxfihlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\epcrmon]
2008-04-17 21:13 493032 ----a-w- c:\program files\epson\epcrmon\epcrmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo RX595 Series]
2007-03-30 10:00 182272 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATICLA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 19:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 07:12 76304 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LoadMSvcmm]
2008-12-09 22:19 455112 ----a-w- c:\program files\Movielink\MovielinkManager\Movielink User.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 19:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2005-01-04 23:24 81920 ------w- c:\program files\CyberLink\PowerCinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 09:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-05-24 23:37 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2010-07-06 14:01 2634048 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):0b,ad,62,ae,5d,f4,c9,01

R0 AFS;AFS; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 EPCRMON;EPCRMON;c:\program files\epson\epcrmon\epcrsvc.exe [2008-04-17 173360]
R2 vmserverdWin32;VMware Registration Service;c:\program files\VMware\VMware Server\vmserverdWin32.exe [x]
R3 __FOX__FOXONE_DRIVER__;__FOX__FOXONE_DRIVER__;c:\users\Dave\AppData\Local\Temp\FoxDriver.sys [x]
R3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [2009-07-15 23096]
R3 DrmRDriverV32;DrmRDriverV32;c:\windows\system32\drivers\DrmRDriverV32.sys [2008-02-21 23096]
R3 DrmRVideo;DrmRVideo;c:\windows\system32\DRIVERS\DrmRVideo.sys [2008-10-24 3768]
R3 DrmRVideo32;DrmRVideo32;c:\windows\system32\DRIVERS\DrmRVideo32.sys [2008-02-21 3768]
R3 FXDRV;FXDRV;E:\Fxdrv.sys [x]
R3 FXDrv32;FXDrv32;c:\program files\FOXCONN\FOX LiveUpdate\FXDrv32.sys [2005-12-20 23872]
R3 h647906;DragonRise H647906 AMD64 Driver;c:\windows\system32\drivers\h647906.sys [x]
R3 h648101;DragonRise H648101 AMD64 Driver;c:\windows\system32\drivers\h648101.sys [x]
R3 h648103;DragonRise H648103 AMD64 Driver;c:\windows\system32\drivers\h648103.sys [x]
R3 hid7906;hid7906;c:\windows\system32\drivers\hid7906.sys [2008-08-08 41272]
R3 hid8101;hid8101;c:\windows\system32\drivers\hid8101.sys [2008-08-08 43192]
R3 hid8103;hid8103;c:\windows\system32\drivers\hid8103.sys [2008-08-08 40856]
R3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [2009-05-28 23096]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-24 50704]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-03-04 31848]
R3 STSService;STSService;c:\program files\SoundTaxi Media Suite\STSService.exe [2010-03-19 344064]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-07-02 721904]
S0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\DRIVERS\pssnap.sys [2008-05-20 15328]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 Kingsoft Antivirus WebShield Service;Kingsoft Antivirus WebShield Service;c:\programdata\kingsoft\kws2\KSWebShield.exe [2010-04-06 202136]
S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2008-06-02 216032]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-03-04 31848]
S3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [2008-11-03 16896]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 23:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-09-04 c:\windows\Tasks\User_Feed_Synchronization-{F9151E6A-1E9C-43F0-B78D-A00286ED1D03}.job
- c:\windows\system32\msfeedssync.exe [2010-08-10 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
uInternet Settings,ProxyOverride = *.local
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/ ... tion32.cab
DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://webgames.d.tmsrv.com/c=1f7b75231 ... .0.0.8.cab
FF - ProfilePath - c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ofzurw0x.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\components\TB_WebRipFFPlugin.dll
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\GameTap\bin\Release\npgametaptool.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\plugins\np_TB_OgloPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\Dave\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.01.01);user_pref(general.useragent.extra.zencast, c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-USB Gamepad - c:\windows\USB Vibration\dr100&110\USB Gamepad.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-igndlm - c:\program files\Download Manager\DLM.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-Episode 103 - The Mole, The Mob, and the Meatball - c:\program files\Telltale Games\Sam and Max - Season One\Uninstall Episode 103 - The Mole
AddRemove-The Longest Journey - c:\windows\uninst.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-04 17:23
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,37,36,f6,4b,25,8a,be,4c,9a,65,61,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,37,36,f6,4b,25,8a,be,4c,9a,65,61,\

[HKEY_USERS\S-1-5-21-2664678790-3476728361-2632436362-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:16,d6,7b,7f,d1,1e,f1,18,d8,5b,a2,c5,ec,99,19,42,61,86,4d,01,ab,4a,40,
40,59,97,af,2a,e2,b1,f8,eb,42,47,36,51,6b,1e,44,fc,75,25,53,51,0c,0d,d6,34,\
"??"=hex:96,ed,73,73,29,95,96,f5,27,53,7c,2a,14,24,75,30

[HKEY_USERS\S-1-5-21-2664678790-3476728361-2632436362-1000\Software\SecuROM\License information*]
"datasecu"=hex:8b,1a,09,04,ee,1f,2d,e4,13,82,7f,3a,ad,e7,bf,34,02,03,73,a3,ec,
6e,e9,e1,d9,54,ee,07,12,44,32,15,17,4b,32,ee,29,74,ae,26,56,08,67,cf,54,92,\
"rkeysecu"=hex:d6,f5,6f,eb,68,13,e1,76,67,79,c6,c1,da,63,7e,7d
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2988)
c:\programdata\kingsoft\kws2\kwsui.dll
c:\programdata\kingsoft\kws2\kswebshield.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Movielink\MovielinkManager\MovielinkCore.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehRecvr.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-09-04 17:40:25 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-04 21:40

Pre-Run: 81,092,395,008 bytes free
Post-Run: 81,272,356,864 bytes free

- - End Of File - - 70A6FCEF1E74DBA2A820AC2EAA0FE6CE
bramwell40
Active Member
 
Posts: 9
Joined: August 31st, 2010, 9:13 pm

Re: 6313.com has made itself my homepage, can't get rid of i

Unread postby askey127 » September 4th, 2010, 10:12 pm

bramwell40,
---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it, or right click and "Run as administrator" in Vista..
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :file
    C:\windows\system32\drivers\wdmaud.drv
    
    :filefind
    wdmaud.drv
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: 6313.com has made itself my homepage, can't get rid of i

Unread postby bramwell40 » September 4th, 2010, 11:26 pm

SystemLook 04.09.10 by jpshortstuff
Log created at 23:19 on 04/09/2010 by Dave
Administrator - Elevation successful

========== file ==========

C:\windows\system32\drivers\wdmaud.drv - Unable to find/read file.

========== filefind ==========

Searching for "wdmaud.drv"
C:\Windows\System32\wdmaud.drv --a---- 167424 bytes [21:46 23/06/2009] [06:27 11/04/2009] 4DF066ECEE5A7B20BF8B39EF4D646600
C:\Windows\winsxs\x86_microsoft-windows-a..o-mmecore-wdm-audio_31bf3856ad364e35_6.0.6000.16386_none_48178a2ae8c70f33\wdmaud.drv --a---- 168448 bytes [09:03 02/11/2006] [09:44 02/11/2006] C3A87CA43956F2B8D0C3F567F129ABF3
C:\Windows\winsxs\x86_microsoft-windows-a..o-mmecore-wdm-audio_31bf3856ad364e35_6.0.6001.18000_none_4a4e4c26e5b22007\wdmaud.drv --a---- 166912 bytes [14:35 25/04/2008] [03:32 19/01/2008] 8A833F7BB5F15283E398EB82D7188C76
C:\Windows\winsxs\x86_microsoft-windows-a..o-mmecore-wdm-audio_31bf3856ad364e35_6.0.6002.18005_none_4c39c532e2d3eb53\wdmaud.drv --a---- 167424 bytes [21:46 23/06/2009] [06:27 11/04/2009] 4DF066ECEE5A7B20BF8B39EF4D646600

-= EOF =-
bramwell40
Active Member
 
Posts: 9
Joined: August 31st, 2010, 9:13 pm

Re: 6313.com has made itself my homepage, can't get rid of i

Unread postby askey127 » September 5th, 2010, 6:57 am

OK.
Please delete the file on your desktop named "SystemLook.txt". This is a copy of the results you just posted and we don't need it any more.
  • Double-click SystemLook.exe to run it, or right click and "Run as administrator" in Vista..
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :regfind
    6313.com
    
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop in a new version of SystemLook.txt
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: 6313.com has made itself my homepage, can't get rid of i

Unread postby bramwell40 » September 5th, 2010, 10:28 am

SystemLook 04.09.10 by jpshortstuff
Log created at 10:25 on 05/09/2010 by Dave
Administrator - Elevation successful

========== regfind ==========

Searching for "6313.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]
"url15"="http://www.6313.com/"
[HKEY_USERS\S-1-5-21-2664678790-3476728361-2632436362-1000\Software\Microsoft\Internet Explorer\TypedURLs]
"url15"="http://www.6313.com/"

-= EOF =-
bramwell40
Active Member
 
Posts: 9
Joined: August 31st, 2010, 9:13 pm

Re: 6313.com has made itself my homepage, can't get rid of i

Unread postby askey127 » September 6th, 2010, 8:26 am

bramwell40,
-------------------------------------------------------------
Run a registry correction with CF
  • Open a new Notepad window (Start>All programs>accessories>notepad). Choose File, New.
  • Highlight the contents of the codebox below and press Ctrl+C to copy it to the clipboard. Do Not copy the word "Code".
    Code: Select all
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]
    "url15"=-
    [HKEY_USERS\S-1-5-21-2664678790-3476728361-2632436362-1000\Software\Microsoft\Internet Explorer\TypedURLs]
    "url15"=-
    
    RegLock::
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    
    
  • Paste the contents of the clipboard into the Notepad window by pressing Ctrl+V or Edit, Paste
  • Save it to your desktop as CFScript.txt

    Image
  • Now drag and drop the CFScript.txt icon onto combofix.exe(zzz.exe) as in the picture above, and follow the prompts.
  • Then post the resultant log, C:\ComboFix.txt, in your next reply.
-------------------------------------------------------------
Find Registry Entries with SystemLook
Please delete the file on your desktop named "SystemLook.txt". This is a copy of the results you just posted and we don't need it any more.
  • Double-click SystemLook.exe to run it, or right click and "Run as administrator" in Vista..
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :regfind
    kwsui.dll
    kswebshield.dll
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop in a new version of SystemLook.txt
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: 6313.com has made itself my homepage, can't get rid of i

Unread postby bramwell40 » September 6th, 2010, 11:18 am

ComboFix 10-09-03.02 - Dave 09/06/2010 10:38:33.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.955 [GMT -4:00]
Running from: c:\users\Dave\Desktop\zzz.exe
Command switches used :: c:\users\Dave\Desktop\cfscript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\kingsoft\kws\kws.ini
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2010-08-06 to 2010-09-06 )))))))))))))))))))))))))))))))
.

2010-09-06 14:57 . 2010-09-06 14:57 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-06 14:57 . 2010-09-06 14:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-06 00:33 . 2010-09-06 00:34 -------- d-----w- c:\users\Dave\AppData\Local\pcsx2
2010-09-06 00:32 . 2010-09-06 00:32 -------- d-----w- C:\pcsx2beta
2010-09-05 19:58 . 2009-02-27 13:52 -------- d-----w- C:\Pcsx2
2010-09-05 19:56 . 2010-09-05 19:56 -------- d-----w- c:\program files\7-Zip
2010-09-04 21:40 . 2010-09-06 15:00 -------- d-----w- c:\users\Dave\AppData\Local\temp
2010-09-01 00:27 . 2010-09-01 00:27 -------- d-----w- c:\program files\Trend Micro
2010-08-31 20:23 . 2010-08-31 20:23 -------- d-----w- C:\game
2010-08-31 20:22 . 2010-08-31 20:35 -------- d-----w- c:\programdata\kingsoft
2010-08-24 21:57 . 2010-08-31 19:38 -------- d-----w- c:\users\Dave\AppData\Roaming\vlc
2010-08-22 14:16 . 2010-08-22 14:16 -------- d-----w- c:\users\Dave\AppData\Roaming\Juniper Networks
2010-08-21 16:45 . 2010-08-21 16:45 -------- d-----w- c:\program files\QuickTime
2010-08-20 23:52 . 2010-08-20 23:52 -------- d-----w- c:\users\Dave\AppData\Local\Logitech
2010-08-19 21:54 . 2010-08-19 21:54 -------- d-----w- c:\program files\Smart Diary Suite 4
2010-08-18 00:14 . 2010-08-18 00:14 -------- d-----w- c:\users\Dave\AppData\Local\DogFighter
2010-08-10 21:23 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-10 21:23 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-10 21:23 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-10 21:23 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-10 21:23 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-10 21:23 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-06 15:00 . 2009-06-18 03:00 52592 ----a-w- c:\programdata\nvModes.dat
2010-09-06 14:59 . 2008-09-05 18:43 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-09-06 14:57 . 2008-09-05 19:02 -------- d-----w- c:\users\Dave\AppData\Roaming\Skype
2010-09-06 14:29 . 2008-02-23 06:50 -------- d-----w- c:\program files\Steam
2010-09-06 14:02 . 2008-09-05 19:04 -------- d-----w- c:\users\Dave\AppData\Roaming\skypePM
2010-09-05 19:27 . 2009-10-18 01:56 -------- d-----w- c:\program files\RealArcade
2010-09-04 12:26 . 2008-02-22 22:27 1356 ----a-w- c:\users\Dave\AppData\Local\d3d9caps.dat
2010-09-03 21:47 . 2008-02-25 02:39 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-03 21:29 . 2008-03-05 23:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-03 21:26 . 2008-03-05 23:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-03 21:20 . 2008-03-23 13:34 -------- d-----w- c:\program files\Java
2010-09-03 21:20 . 2008-03-23 13:34 -------- d-----w- c:\program files\Common Files\Java
2010-09-03 20:55 . 2008-04-19 21:32 -------- d-----w- c:\program files\BitLord
2010-08-31 19:42 . 2008-07-29 23:16 -------- d-----w- c:\users\Dave\AppData\Roaming\dvdcss
2010-08-30 21:32 . 2009-06-12 02:28 -------- d-----w- c:\users\Dave\AppData\Roaming\GARMIN
2010-08-20 23:41 . 2008-06-11 18:37 -------- d-----w- c:\program files\Common Files\Logitech
2010-08-20 23:41 . 2008-06-11 18:37 -------- d-----w- c:\program files\Logitech
2010-08-15 02:03 . 2009-06-05 12:29 -------- d-----w- c:\programdata\Ubisoft
2010-08-10 23:25 . 2009-08-29 20:04 -------- d-----w- c:\program files\Movie Maker 2.6
2010-08-10 23:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-10 01:12 . 2008-07-03 15:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-06 21:04 . 2010-08-06 21:04 -------- d-----w- c:\program files\Machinarium
2010-07-31 00:52 . 2008-02-22 22:27 141224 ----a-w- c:\users\Dave\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-31 00:48 . 2008-12-30 19:41 -------- d-----w- c:\program files\OpenOffice.org 3
2010-07-29 18:01 . 2010-07-29 18:01 -------- d-----w- c:\program files\Auction Sentry Deluxe
2010-07-27 15:59 . 2010-07-27 15:59 -------- d-----w- c:\program files\AC3Filter
2010-07-24 21:03 . 2010-07-24 21:02 -------- d-----w- c:\program files\iTunes
2010-07-24 21:02 . 2010-07-24 21:02 -------- d-----w- c:\program files\iPod
2010-07-24 21:02 . 2008-04-11 22:14 -------- d-----w- c:\program files\Common Files\Apple
2010-07-20 00:34 . 2008-02-23 22:37 -------- d-----w- c:\program files\DivX
2010-07-19 01:49 . 2010-07-19 01:49 -------- d-----w- c:\program files\Smart Projects
2010-07-18 21:13 . 2010-04-20 23:37 -------- d-----w- c:\programdata\DivX
2010-07-17 09:00 . 2010-04-17 13:34 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-11 04:12 . 2008-02-23 22:58 -------- d-----w- c:\users\Dave\AppData\Roaming\DivX
2010-06-28 20:57 . 2010-07-02 21:55 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2008-02-23 00:52 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2008-02-23 00:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2008-04-06 01:39 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2008-02-23 00:52 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2008-02-23 00:52 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2008-04-06 01:39 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-26 06:05 . 2010-08-10 21:24 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-10 21:24 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-10 21:24 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-10 21:24 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-10 21:24 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-10 21:24 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-11 16:16 . 2010-08-10 21:24 274944 ----a-w- c:\windows\system32\schannel.dll
2008-02-23 20:00 . 2008-02-23 20:00 905 ----a-w- c:\program files\uninstal.log
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2010-08-24 1242448]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-11 26959144]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Zboard"="c:\program files\Ideazon\ZEngine\Zboard.exe" [2008-11-13 57344]
"AsioReg"="CTASIO.DLL" [2007-04-09 79872]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-24 202256]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-6-11 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^APC UPS Status.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk
backup=c:\windows\pss\APC UPS Status.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Reminder.lnk]
backup=c:\windows\pss\Event Reminder.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 15:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
2007-04-09 17:22 79872 ----a-w- c:\windows\System32\ctasio.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2007-04-09 17:32 19456 ----a-w- c:\windows\System32\CtHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
2007-07-17 15:03 868352 ------w- c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2007-04-09 17:32 19968 ----a-w- c:\windows\System32\Ctxfihlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\epcrmon]
2008-04-17 21:13 493032 ----a-w- c:\program files\epson\epcrmon\epcrmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo RX595 Series]
2007-03-30 10:00 182272 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATICLA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 19:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 07:12 76304 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LoadMSvcmm]
2008-12-09 22:19 455112 ----a-w- c:\program files\Movielink\MovielinkManager\Movielink User.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 19:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2005-01-04 23:24 81920 ------w- c:\program files\CyberLink\PowerCinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 09:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-05-24 23:37 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2010-07-06 14:01 2634048 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):0b,ad,62,ae,5d,f4,c9,01

R0 AFS;AFS; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 EPCRMON;EPCRMON;c:\program files\epson\epcrmon\epcrsvc.exe [2008-04-17 173360]
R2 vmserverdWin32;VMware Registration Service;c:\program files\VMware\VMware Server\vmserverdWin32.exe [x]
R3 __FOX__FOXONE_DRIVER__;__FOX__FOXONE_DRIVER__;c:\users\Dave\AppData\Local\Temp\FoxDriver.sys [x]
R3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [2009-07-15 23096]
R3 DrmRDriverV32;DrmRDriverV32;c:\windows\system32\drivers\DrmRDriverV32.sys [2008-02-21 23096]
R3 DrmRVideo;DrmRVideo;c:\windows\system32\DRIVERS\DrmRVideo.sys [2008-10-24 3768]
R3 DrmRVideo32;DrmRVideo32;c:\windows\system32\DRIVERS\DrmRVideo32.sys [2008-02-21 3768]
R3 FXDRV;FXDRV;E:\Fxdrv.sys [x]
R3 FXDrv32;FXDrv32;c:\program files\FOXCONN\FOX LiveUpdate\FXDrv32.sys [2005-12-20 23872]
R3 h647906;DragonRise H647906 AMD64 Driver;c:\windows\system32\drivers\h647906.sys [x]
R3 h648101;DragonRise H648101 AMD64 Driver;c:\windows\system32\drivers\h648101.sys [x]
R3 h648103;DragonRise H648103 AMD64 Driver;c:\windows\system32\drivers\h648103.sys [x]
R3 hid7906;hid7906;c:\windows\system32\drivers\hid7906.sys [2008-08-08 41272]
R3 hid8101;hid8101;c:\windows\system32\drivers\hid8101.sys [2008-08-08 43192]
R3 hid8103;hid8103;c:\windows\system32\drivers\hid8103.sys [2008-08-08 40856]
R3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [2009-05-28 23096]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-24 50704]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-03-04 31848]
R3 STSService;STSService;c:\program files\SoundTaxi Media Suite\STSService.exe [2010-03-19 344064]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-07-02 721904]
S0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\DRIVERS\pssnap.sys [2008-05-20 15328]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 Kingsoft Antivirus WebShield Service;Kingsoft Antivirus WebShield Service;c:\programdata\kingsoft\kws2\KSWebShield.exe [2010-04-06 202136]
S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2008-06-02 216032]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-03-04 31848]
S3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [2008-11-03 16896]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 23:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-09-06 c:\windows\Tasks\User_Feed_Synchronization-{F9151E6A-1E9C-43F0-B78D-A00286ED1D03}.job
- c:\windows\system32\msfeedssync.exe [2010-08-10 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
uInternet Settings,ProxyOverride = *.local
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/ ... tion32.cab
DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://webgames.d.tmsrv.com/c=1f7b75231 ... .0.0.8.cab
FF - ProfilePath - c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ofzurw0x.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\components\TB_WebRipFFPlugin.dll
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\GameTap\bin\Release\npgametaptool.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\plugins\np_TB_OgloPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\Dave\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.01.01);user_pref(general.useragent.extra.zencast, c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************
scanning hidden processes ...

€ [-8] 0x00010000
€ [-8] 0x0000018A
scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2664678790-3476728361-2632436362-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:16,d6,7b,7f,d1,1e,f1,18,d8,5b,a2,c5,ec,99,19,42,61,86,4d,01,ab,4a,40,
40,59,97,af,2a,e2,b1,f8,eb,42,47,36,51,6b,1e,44,fc,75,25,53,51,0c,0d,d6,34,\
"??"=hex:96,ed,73,73,29,95,96,f5,27,53,7c,2a,14,24,75,30

[HKEY_USERS\S-1-5-21-2664678790-3476728361-2632436362-1000\Software\SecuROM\License information*]
"datasecu"=hex:8b,1a,09,04,ee,1f,2d,e4,13,82,7f,3a,ad,e7,bf,34,02,03,73,a3,ec,
6e,e9,e1,d9,54,ee,07,12,44,32,15,17,4b,32,ee,29,74,ae,26,56,08,67,cf,54,92,\
"rkeysecu"=hex:d6,f5,6f,eb,68,13,e1,76,67,79,c6,c1,da,63,7e,7d
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1116)
c:\programdata\kingsoft\kws2\kwsui.dll
c:\programdata\kingsoft\kws2\kswebshield.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Movielink\MovielinkManager\MovielinkCore.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehRecvr.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-09-06 11:13:46 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-06 15:13
ComboFix2.txt 2010-09-04 21:40

Pre-Run: 76,846,813,184 bytes free
Post-Run: 76,925,906,944 bytes free

- - End Of File - - EEAB9265155FDAB4D8DE27E298A3B154


SystemLook 04.09.10 by jpshortstuff
Log created at 11:16 on 06/09/2010 by Dave
Administrator - Elevation successful

========== regfind ==========

Searching for "kwsui.dll"
No data found.

Searching for "kswebshield.dll"
No data found.

-= EOF =-
bramwell40
Active Member
 
Posts: 9
Joined: August 31st, 2010, 9:13 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 34 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware