Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

6313.com has made itself my homepage, can't get rid of it

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Re: 6313.com has made itself my homepage, can't get rid of i

Unread postby askey127 » September 6th, 2010, 2:32 pm

bramwell40,
----------------------------------------------
Download and Run Temp File Cleaner (TFC.exe)
Download Temp File Cleaner and save it to your desktop.
Double click to run it. (Right click and Run as Administrator in Vista)
If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
When it's done, if it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.
-------------------------------------------------------------
Run a System Change with a Script
  • Open a new Notepad window (Start>All programs>accessories>notepad). Choose File, New.
  • Highlight the contents of the codebox below and press Ctrl+C to copy it to the clipboard. Do Not copy the word "Code".
    Code: Select all
    Folder::
c:\programdata\kingsoft
  • Paste the contents of the clipboard into the Notepad window by pressing Ctrl+V or Edit, Paste
  • Save it to your desktop as CFScript.txt

    Image
  • Now drag and drop the CFScript.txt icon onto combofix.exe (zzz.exe) as in the picture above, and follow the prompts.
  • Then post the resultant log, C:\ComboFix.txt, in your next reply.

Tell me how it's running.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Top
Advertisement
Register to Remove

Re: 6313.com has made itself my homepage, can't get rid of i

Unread postby bramwell40 » September 6th, 2010, 5:30 pm

ComboFix 10-09-03.02 - Dave 09/06/2010 16:47:33.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.1038 [GMT -4:00]
Running from: c:\users\Dave\Desktop\zzz.exe
Command switches used :: c:\users\Dave\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\kingsoft
c:\programdata\kingsoft\kws\kswbc.dll
c:\programdata\kingsoft\kws\kswebshield.dll
c:\programdata\kingsoft\kws\KSWebShield.exe
c:\programdata\kingsoft\kws\kws.ini
c:\programdata\kingsoft\kws\kwssp.dll
c:\programdata\kingsoft\kws\KWSSVC.log
c:\programdata\kingsoft\kws\kwsui.dll
c:\programdata\kingsoft\kws\kwsuif.dat
c:\programdata\kingsoft\kws\spitesp.dat
c:\programdata\kingsoft\kws\urlcache.dat
c:\programdata\kingsoft\kws2\kswbc.dll
c:\programdata\kingsoft\kws2\kswebshield.dll
c:\programdata\kingsoft\kws2\KSWebShield.exe
c:\programdata\kingsoft\kws2\kwssp.dll
c:\programdata\kingsoft\kws2\KWSSVC.log
c:\programdata\kingsoft\kws2\kwsui.dll
c:\programdata\kingsoft\kws2\kwsuif.dat
c:\programdata\kingsoft\kws2\spitesp.dat
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Kingsoft Antivirus WebShield Service
-------\Service_Kingsoft Antivirus WebShield Service


((((((((((((((((((((((((( Files Created from 2010-08-06 to 2010-09-06 )))))))))))))))))))))))))))))))
.

2010-09-06 21:07 . 2010-09-06 21:07 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-06 21:07 . 2010-09-06 21:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-06 18:06 . 2010-09-06 18:06 -------- d-----w- c:\program files\iPod
2010-09-06 18:06 . 2010-09-06 18:07 -------- d-----w- c:\program files\iTunes
2010-09-06 15:13 . 2010-09-06 21:13 -------- d-----w- c:\users\Dave\AppData\Local\temp
2010-09-06 00:33 . 2010-09-06 00:34 -------- d-----w- c:\users\Dave\AppData\Local\pcsx2
2010-09-06 00:32 . 2010-09-06 15:39 -------- d-----w- C:\pcsx2beta
2010-09-05 19:58 . 2009-02-27 13:52 -------- d-----w- C:\Pcsx2
2010-09-05 19:56 . 2010-09-05 19:56 -------- d-----w- c:\program files\7-Zip
2010-09-01 00:27 . 2010-09-01 00:27 -------- d-----w- c:\program files\Trend Micro
2010-08-31 20:23 . 2010-08-31 20:23 -------- d-----w- C:\game
2010-08-24 21:57 . 2010-08-31 19:38 -------- d-----w- c:\users\Dave\AppData\Roaming\vlc
2010-08-22 14:16 . 2010-08-22 14:16 -------- d-----w- c:\users\Dave\AppData\Roaming\Juniper Networks
2010-08-21 16:45 . 2010-08-21 16:45 -------- d-----w- c:\program files\QuickTime
2010-08-20 23:52 . 2010-08-20 23:52 -------- d-----w- c:\users\Dave\AppData\Local\Logitech
2010-08-19 21:54 . 2010-08-19 21:54 -------- d-----w- c:\program files\Smart Diary Suite 4
2010-08-18 00:14 . 2010-08-18 00:14 -------- d-----w- c:\users\Dave\AppData\Local\DogFighter
2010-08-10 21:23 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-10 21:23 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-10 21:23 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-10 21:23 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-10 21:23 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-10 21:23 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-06 21:12 . 2008-09-05 19:04 -------- d-----w- c:\users\Dave\AppData\Roaming\skypePM
2010-09-06 21:12 . 2008-09-05 19:02 -------- d-----w- c:\users\Dave\AppData\Roaming\Skype
2010-09-06 21:11 . 2009-06-18 03:00 52592 ----a-w- c:\programdata\nvModes.dat
2010-09-06 21:10 . 2008-09-05 18:43 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-09-06 20:36 . 2008-02-23 06:50 -------- d-----w- c:\program files\Steam
2010-09-06 18:06 . 2008-04-11 22:14 -------- d-----w- c:\program files\Common Files\Apple
2010-09-05 19:27 . 2009-10-18 01:56 -------- d-----w- c:\program files\RealArcade
2010-09-04 12:26 . 2008-02-22 22:27 1356 ----a-w- c:\users\Dave\AppData\Local\d3d9caps.dat
2010-09-03 21:47 . 2008-02-25 02:39 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-03 21:29 . 2008-03-05 23:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-03 21:26 . 2008-03-05 23:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-03 21:20 . 2008-03-23 13:34 -------- d-----w- c:\program files\Java
2010-09-03 21:20 . 2008-03-23 13:34 -------- d-----w- c:\program files\Common Files\Java
2010-09-03 20:55 . 2008-04-19 21:32 -------- d-----w- c:\program files\BitLord
2010-08-31 19:42 . 2008-07-29 23:16 -------- d-----w- c:\users\Dave\AppData\Roaming\dvdcss
2010-08-30 21:32 . 2009-06-12 02:28 -------- d-----w- c:\users\Dave\AppData\Roaming\GARMIN
2010-08-20 23:41 . 2008-06-11 18:37 -------- d-----w- c:\program files\Common Files\Logitech
2010-08-20 23:41 . 2008-06-11 18:37 -------- d-----w- c:\program files\Logitech
2010-08-15 02:03 . 2009-06-05 12:29 -------- d-----w- c:\programdata\Ubisoft
2010-08-10 23:25 . 2009-08-29 20:04 -------- d-----w- c:\program files\Movie Maker 2.6
2010-08-10 23:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-10 01:12 . 2008-07-03 15:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-06 21:04 . 2010-08-06 21:04 -------- d-----w- c:\program files\Machinarium
2010-07-31 00:52 . 2008-02-22 22:27 141224 ----a-w- c:\users\Dave\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-31 00:48 . 2008-12-30 19:41 -------- d-----w- c:\program files\OpenOffice.org 3
2010-07-29 18:01 . 2010-07-29 18:01 -------- d-----w- c:\program files\Auction Sentry Deluxe
2010-07-27 15:59 . 2010-07-27 15:59 -------- d-----w- c:\program files\AC3Filter
2010-07-20 00:34 . 2008-02-23 22:37 -------- d-----w- c:\program files\DivX
2010-07-19 01:49 . 2010-07-19 01:49 -------- d-----w- c:\program files\Smart Projects
2010-07-18 21:13 . 2010-04-20 23:37 -------- d-----w- c:\programdata\DivX
2010-07-17 09:00 . 2010-04-17 13:34 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-11 04:12 . 2008-02-23 22:58 -------- d-----w- c:\users\Dave\AppData\Roaming\DivX
2010-06-28 20:57 . 2010-07-02 21:55 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2008-02-23 00:52 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2008-02-23 00:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2008-04-06 01:39 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2008-02-23 00:52 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2008-02-23 00:52 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2008-04-06 01:39 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-26 06:05 . 2010-08-10 21:24 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-10 21:24 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-10 21:24 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-10 21:24 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-10 21:24 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-10 21:24 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-11 16:16 . 2010-08-10 21:24 274944 ----a-w- c:\windows\system32\schannel.dll
2008-02-23 20:00 . 2008-02-23 20:00 905 ----a-w- c:\program files\uninstal.log
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2010-08-24 1242448]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-11 26959144]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Zboard"="c:\program files\Ideazon\ZEngine\Zboard.exe" [2008-11-13 57344]
"AsioReg"="CTASIO.DLL" [2007-04-09 79872]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-24 202256]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-6-11 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^APC UPS Status.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk
backup=c:\windows\pss\APC UPS Status.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Reminder.lnk]
backup=c:\windows\pss\Event Reminder.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 15:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
2007-04-09 17:22 79872 ----a-w- c:\windows\System32\ctasio.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2007-04-09 17:32 19456 ----a-w- c:\windows\System32\CtHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
2007-07-17 15:03 868352 ------w- c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2007-04-09 17:32 19968 ----a-w- c:\windows\System32\Ctxfihlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\epcrmon]
2008-04-17 21:13 493032 ----a-w- c:\program files\epson\epcrmon\epcrmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo RX595 Series]
2007-03-30 10:00 182272 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATICLA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 12:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 07:12 76304 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LoadMSvcmm]
2008-12-09 22:19 455112 ----a-w- c:\program files\Movielink\MovielinkManager\Movielink User.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 19:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2005-01-04 23:24 81920 ------w- c:\program files\CyberLink\PowerCinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 09:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-05-24 23:37 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2010-07-06 14:01 2634048 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):0b,ad,62,ae,5d,f4,c9,01

R0 AFS;AFS; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 EPCRMON;EPCRMON;c:\program files\epson\epcrmon\epcrsvc.exe [2008-04-17 173360]
R2 vmserverdWin32;VMware Registration Service;c:\program files\VMware\VMware Server\vmserverdWin32.exe [x]
R3 __FOX__FOXONE_DRIVER__;__FOX__FOXONE_DRIVER__;c:\users\Dave\AppData\Local\Temp\FoxDriver.sys [x]
R3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [2009-07-15 23096]
R3 DrmRDriverV32;DrmRDriverV32;c:\windows\system32\drivers\DrmRDriverV32.sys [2008-02-21 23096]
R3 DrmRVideo;DrmRVideo;c:\windows\system32\DRIVERS\DrmRVideo.sys [2008-10-24 3768]
R3 DrmRVideo32;DrmRVideo32;c:\windows\system32\DRIVERS\DrmRVideo32.sys [2008-02-21 3768]
R3 FXDRV;FXDRV;E:\Fxdrv.sys [x]
R3 FXDrv32;FXDrv32;c:\program files\FOXCONN\FOX LiveUpdate\FXDrv32.sys [2005-12-20 23872]
R3 h647906;DragonRise H647906 AMD64 Driver;c:\windows\system32\drivers\h647906.sys [x]
R3 h648101;DragonRise H648101 AMD64 Driver;c:\windows\system32\drivers\h648101.sys [x]
R3 h648103;DragonRise H648103 AMD64 Driver;c:\windows\system32\drivers\h648103.sys [x]
R3 hid7906;hid7906;c:\windows\system32\drivers\hid7906.sys [2008-08-08 41272]
R3 hid8101;hid8101;c:\windows\system32\drivers\hid8101.sys [2008-08-08 43192]
R3 hid8103;hid8103;c:\windows\system32\drivers\hid8103.sys [2008-08-08 40856]
R3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [2009-05-28 23096]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-24 50704]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-03-04 31848]
R3 STSService;STSService;c:\program files\SoundTaxi Media Suite\STSService.exe [2010-03-19 344064]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-07-02 721904]
S0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\DRIVERS\pssnap.sys [2008-05-20 15328]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2008-06-02 216032]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-03-04 31848]
S3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [2008-11-03 16896]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 23:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-09-06 c:\windows\Tasks\User_Feed_Synchronization-{F9151E6A-1E9C-43F0-B78D-A00286ED1D03}.job
- c:\windows\system32\msfeedssync.exe [2010-08-10 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
uInternet Settings,ProxyOverride = *.local
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/ ... tion32.cab
DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://webgames.d.tmsrv.com/c=1f7b75231 ... .0.0.8.cab
FF - ProfilePath - c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ofzurw0x.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\components\TB_WebRipFFPlugin.dll
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\GameTap\bin\Release\npgametaptool.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\plugins\np_TB_OgloPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\Dave\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.01.01);user_pref(general.useragent.extra.zencast, c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-06 17:11
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2664678790-3476728361-2632436362-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:16,d6,7b,7f,d1,1e,f1,18,d8,5b,a2,c5,ec,99,19,42,61,86,4d,01,ab,4a,40,
40,59,97,af,2a,e2,b1,f8,eb,42,47,36,51,6b,1e,44,fc,75,25,53,51,0c,0d,d6,34,\
"??"=hex:96,ed,73,73,29,95,96,f5,27,53,7c,2a,14,24,75,30

[HKEY_USERS\S-1-5-21-2664678790-3476728361-2632436362-1000\Software\SecuROM\License information*]
"datasecu"=hex:8b,1a,09,04,ee,1f,2d,e4,13,82,7f,3a,ad,e7,bf,34,02,03,73,a3,ec,
6e,e9,e1,d9,54,ee,07,12,44,32,15,17,4b,32,ee,29,74,ae,26,56,08,67,cf,54,92,\
"rkeysecu"=hex:d6,f5,6f,eb,68,13,e1,76,67,79,c6,c1,da,63,7e,7d
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5952)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Movielink\MovielinkManager\MovielinkCore.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Alwil Software\Avast5\AvastUI.exe
c:\windows\ehome\ehmsas.exe
c:\windows\ehome\ehsched.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\ehome\ehRecvr.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2010-09-06 17:26:06 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-06 21:26
ComboFix2.txt 2010-09-06 15:13
ComboFix3.txt 2010-09-04 21:40

Pre-Run: 76,884,123,648 bytes free
Post-Run: 76,452,327,424 bytes free

- - End Of File - - B48A76BD6C88B7EF3EFB81ABEC3B86BC


Thank you so very much for all of your time and help. I have my homepage back. I no longer get the 6313.com hijack.

Thanks,

Dave
bramwell40
Active Member
 
Posts: 9
Joined: August 31st, 2010, 9:13 pm
Top

Re: 6313.com has made itself my homepage, can't get rid of i

Unread postby askey127 » September 6th, 2010, 7:07 pm

bramwell40,

Looks like some of the problem involved a vulnerable set of files from Kingsoft Websmart. Left your machine open to hackers.
Not so "Websmart" after all.

Good luck,
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Top

Re: 6313.com has made itself my homepage, can't get rid of i

Unread postby NonSuch » September 10th, 2010, 1:26 am

As this issue appears to be resolved, this topic is now closed.

You can help support this site from this link :
Donations For Malware Removal
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top
Advertisement
Register to Remove
Previous
Topic locked

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 555 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index