IE RESTRICTED SITES - unblocked by malware on SpyBlaster
1 Red Sherriff (2) - Address = Imrworldwide.com cookies
(SNRG or) ShopNav Variant - Dyfuca / Internet Optimizer Variant
Transponder Variant - Vundo.B - ConHook - Win32.Agent.58368
InternetOptimizer / Nem Variant TX4 Adware (11-17 variants)
MyTotalSearch - BaiduBar Variant
Commission Junction (4)
(CCleaner - registry scan shows left behind unused file extensions
.58368, .B, .itms, .itpc, .pcast
invalid or empty file class - HKR\AcroExch.Document)
-----------------------------------------------------------------------------------------------
Suspicious Entries - (From Rooter.exe scan - when scanning "suspicious files"
the program stops. No log, just this from the screen.
1 - Windows tasks: file - SCHEDLGU.TXT
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Started at 02/06/2009 00:35:38 (Various entries then) Exited at 03/06/2009 03:40:15
a - Double-clicking on file "Norton Security Scan for Edith.job" - adds it to a 7-zip file
Even though I uninstalled 7-zip for another compression utility weeks ago.
b - Same for "Norton Internet Security - Edith - Full System Scan.job"
C - Same for "Google Software Updater.job"
d - Same for "Google Software Updater.job"
e - same for "User_Feed_Synchronization-{5D52DB00-175B-4910-A956-
refers to Windows side bar.
f - file SA.DAT appears to be nearly empty. Just " " characters.
2 - Pictures, videos etc placed in Public Folder also a zipped file of my favorites
though I purposely kept this folder empty for security. Also turned off any sharing.
After deleting the folders - thats when I found the above unused file extensions
in CCleaner.
3 - Previous problem with about:blank, googleupdate(had to reinstall)
4 - Numerous Crashes - antivirus shows nothing.
5 - Old versions of Java found when I had deleted them.
6 - My D: Recovery Drive has about 3GB of data deleted
_____________________________________________________________________________________
MBAM log (22/06/2009 11:02:05 - No malicious items or infections detected)
Previous - Registry Data Items Infected: 1
12/6/2009 - HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\
Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0)
-> Quarantined and deleted successfully.
20/06/2009 - Reinfected as above deleted.