system
29
Open notepad and copy/paste the text present inside the code box below:
File::
c:\progra~2\mcafee\SITEAD~1\McSACore.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\program files (x86)\Norton Identity Safe\Engine\2013.2.1.5\ccSvcHst.exe
Driver::
McAfee SiteAdvisor Service
Skype C2C Service
NCO
DDS::
uStart Page = hxxp://search.orbitdownloader.com
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
Firefox::
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\cx06n1gp.default\
FF - user.js: browser.search.defaultengine - u-Search
FF - user.js: browser.search.defaultenginename - u-Search
FF - user.js: browser.search.order.1 - u-Search
FF - user.js: browser.newtab.url - hxxp://u-search.net/?a=1&e=1
FF - user.js: browser.startup.homepage - hxxp://u-search.net/?a=1&e=1
FF - user.js: browser.search.defaulturl - hxxp://u-search.net/?a=1&e=2&q=
FF - user.js: keyword.URL - hxxp://u-search.net/?a=1&e=2&q=
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
Save this as CFScript.txt
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )