Attached Files
-
Attach.txt 5.7KB
581 downloads
Edited by tokio, 19 October 2009 - 08:09 AM.
WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
[Closed] redirection and issues with firefox
Started by
tokio
, Oct 19 2009 04:51 AM
-
This topic is locked
35 replies to this topic
#1
tokio
-
- Authentic Member
-
- 17 posts
New Member
Posted 19 October 2009 - 04:51 AM
Register to Remove
#2
Tomk
-
- Global Moderator
-
- 20,451 posts
Beguilement Monitor
Posted 26 October 2009 - 11:17 AM
Hi tokio,
My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
JavaRa ...by: Paul McLain and Fred de Vries
Please download JavaRa (Copyright © 2008 RaProducts.org) and unzip it to your desktop.
***Please close any instances of Internet Explorer before continuing!***
Print these instructions...you won't have Internet access during this particular phase!
Download TFC to your desktop
Then
Please download Malwarebytes' Anti-Malware to your desktop.
Also please describe how your computer behaves at the moment.
My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
- I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
- The fixes are specific to your problem and should only be used for the issues on this machine.
- Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
- It's often worth reading through these instructions and printing them for ease of reference.
- If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
- Please reply to this thread. Do not start a new topic.
JavaRa ...by: Paul McLain and Fred de Vries
Please download JavaRa (Copyright © 2008 RaProducts.org) and unzip it to your desktop.
***Please close any instances of Internet Explorer before continuing!***
Print these instructions...you won't have Internet access during this particular phase!
- Double-click on JavaRa.exe to start the program.
- From the drop-down menu, choose English or the appropriate language...and click on Select.
- JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
- Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
- A logfile will pop up. Please save it to a convenient location.
- Copy and paste the contents of the JavaRa log, in your next reply.
Download TFC to your desktop
- Close any open windows.
- Double click the TFC icon to run the program
- TFC will close all open programs itself in order to run,
- Click the Start button to begin the process.
- Allow TFC to run uninterrupted.
- The program should not take long to finish it's job
- Once its finished it should automatically reboot your machine,
- if it doesn't, manually reboot to ensure a complete clean
Then
Please download Malwarebytes' Anti-Malware to your desktop.
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
- Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot (shut down your computer then restart it).
Also please describe how your computer behaves at the moment.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
------------------------------------------------------------
Microsoft MVP 2010-2014
#3
tokio
-
- Authentic Member
-
- 17 posts
New Member
Posted 31 October 2009 - 06:46 PM
Hey,
okay so i tried using javara and the pop up for the logfile would not open or appear. i went looking for it and i see it nowhere.
so i am unsure if you want me to continue on with the tfc clean, i also already have malwarebytes and i can do a quick scan again but it and along with avast has yet to even find any issues. Both are up to date.
i actually got rid of some old files and alot of my temp files so my computer isn't as slow anymore. but once and a while if im on the site allkpop it sometimes redirects me. its hard to describe as i find it works good on some days and others not so much.
thanks for the help
Edited by tokio, 31 October 2009 - 06:47 PM.
#4
Tomk
-
- Global Moderator
-
- 20,451 posts
Beguilement Monitor
Posted 01 November 2009 - 11:40 PM
tokio,
Run TFC then provide me new DDS logs.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
------------------------------------------------------------
Microsoft MVP 2010-2014
#5
tokio
-
- Authentic Member
-
- 17 posts
New Member
Posted 05 November 2009 - 09:30 PM
I tried running the TFC but it just kept freezing on me. so i had to reboot it manually. I tried it twice and i figured it would do it again if i did it for a third time. So since TFC didn't work would you like for me to post new DDS lists?
thanks!
Edited by tokio, 05 November 2009 - 09:31 PM.
#6
Tomk
-
- Global Moderator
-
- 20,451 posts
Beguilement Monitor
Posted 05 November 2009 - 11:23 PM
tokio,
Yes. Please give it a try.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
------------------------------------------------------------
Microsoft MVP 2010-2014
#7
tokio
-
- Authentic Member
-
- 17 posts
New Member
Posted 08 November 2009 - 08:31 PM
here are my dds logs, i tried tfc again and still kept on freezing.
DDS (Ver_09-06-26.01) - NTFSx86
Run by Marinin at 21:25:48.21 on 08/11/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1014.208 [GMT -5:00]
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Users\Marinin\Desktop\important carp**\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=4070522
uWindow Title = Internet Explorer provided by Dell
mDefault_Page_URL = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=4070522
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Yahoo! IE Suggest: {5a263cf7-56a6-4d68-a8cf-345be45bc911} - c:\program files\yahoo!\search\YSearchSuggest.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\users\marinin\appdata\roaming\mozilla\firefox\profiles\5xlkbqzp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\users\marinin\appdata\roaming\mozilla\firefox\profiles\5xlkbqzp.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
============= SERVICES / DRIVERS ===============
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-22 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-22 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-10-22 53328]
=============== Created Last 30 ================
2009-11-04 12:01 1,638,912 a------- c:\windows\system32\mshtml.tlb
2009-10-28 01:12 310,784 a------- c:\windows\system32\unregmp2.exe
2009-10-28 01:12 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-10-22 19:31 53,328 a------- c:\windows\system32\drivers\aswMonFlt.sys
2009-10-20 22:35 1,601,536 a------- c:\windows\system32\stlang.dll
2009-10-20 22:35 102,400 a------- c:\windows\system32\stacsv.exe
2009-10-20 22:35 4,947,968 a------- c:\windows\system32\stacgui.cpl
2009-10-20 22:31 595,456 a------- c:\windows\system32\stapo.dll
2009-10-20 22:31 330,240 a------- c:\windows\system32\drivers\stwrt.sys
2009-10-20 22:31 328,704 a------- c:\windows\system32\stcplx.dll
2009-10-20 22:31 299,520 a------- c:\windows\system32\stapi32.dll
2009-10-20 22:31 146,944 a------- c:\windows\system32\st325614.dll
2009-10-20 22:31 45,568 a------- c:\windows\system32\ctppld.dll
2009-10-20 22:31 <DIR> --d----- c:\program files\SigmaTel
2009-10-14 00:32 218,624 a------- c:\windows\system32\msv1_0.dll
2009-10-14 00:32 3,548,216 a------- c:\windows\system32\ntoskrnl.exe
2009-10-14 00:32 3,600,456 a------- c:\windows\system32\ntkrnlpa.exe
2009-10-14 00:20 604,672 a------- c:\windows\system32\WMSPDMOD.DLL
2009-10-13 23:14 <DIR> --d----- c:\programdata\Office Genuine Advantage
2009-10-11 20:03 <DIR> --d----- c:\users\marinin\Office Genuine Advantage
2009-10-10 18:20 <DIR> --d----- c:\users\marinin\appdata\roaming\Malwarebytes
2009-10-10 18:20 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-10 18:20 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-10 18:20 <DIR> --d----- c:\programdata\Malwarebytes
2009-10-10 18:20 <DIR> --d----- c:\progra~2\Malwarebytes
2009-10-10 18:20 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
==================== Find3M ====================
2009-11-02 20:42 195,456 -------- c:\windows\system32\MpSigStub.exe
2009-10-20 22:35 51,200 a------- c:\windows\inf\infpub.dat
2009-10-20 22:35 143,360 a------- c:\windows\inf\infstrng.dat
2009-10-20 22:34 143,360 a------- c:\windows\inf\infstor.dat
2009-09-14 04:29 144,896 a------- c:\windows\system32\drivers\srv2.sys
2009-09-04 06:41 60,928 a------- c:\windows\system32\msasn1.dll
2009-09-02 16:35 665,600 a------- c:\windows\inf\drvindex.dat
2009-08-28 21:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 21:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 21:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 21:30 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 19:27 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-28 19:14 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-27 00:22 916,480 a------- c:\windows\system32\wininet.dll
2009-08-27 00:17 109,056 a------- c:\windows\system32\iesysprep.dll
2009-08-27 00:17 71,680 a------- c:\windows\system32\iesetup.dll
2009-08-26 22:42 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-08-14 10:53 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 08:49 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 08:49 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 08:49 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 08:49 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 08:49 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 08:49 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-14 08:49 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 08:48 105,984 a------- c:\windows\system32\netiohlp.dll
2009-05-31 15:57 0 a------- c:\users\marinin\appdata\roaming\wklnhst.dat
2008-12-05 12:56 56 a---h--- c:\programdata\ezsidmv.dat
2008-12-05 12:56 56 a---h--- c:\progra~2\ezsidmv.dat
2008-10-04 06:37 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
============= FINISH: 21:28:17.44 ===============
Attached Files
-
Attach.txt 6.02KB
482 downloads
Edited by tokio, 08 November 2009 - 08:32 PM.
#8
Tomk
-
- Global Moderator
-
- 20,451 posts
Beguilement Monitor
Posted 08 November 2009 - 09:48 PM
tokio,
Please go to add or remove programs in your control panel. Uninstall each of the following:
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6
Your Java is out of date.
Java™ 6 can be updated from the Java Control Panel. Go Start > Control Panel(Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts.
Please go to Kaspersky website and perform an online antivirus scan.
Please go to add or remove programs in your control panel. Uninstall each of the following:
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6
Your Java is out of date.
Java™ 6 can be updated from the Java Control Panel. Go Start > Control Panel(Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts.
Please go to Kaspersky website and perform an online antivirus scan.
- Read through the requirements and privacy statement and click on Accept button.
- It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
- When the downloads have finished, click on Settings.
- Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases
- Spyware, Adware, Dialers, and other potentially dangerous programs
- Click on My Computer under Scan.
- Once the scan is complete, it will display the results. Click on View Scan Report.
- You will see a list of infected items there. Click on Save Report As....
- Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
- Please post this log in your next reply.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
------------------------------------------------------------
Microsoft MVP 2010-2014
#9
tokio
-
- Authentic Member
-
- 17 posts
New Member
Posted 08 November 2009 - 10:51 PM
brb. got it to work. brb with results. sorry about the bump.
though i wasn't prompted to dl anything after updating. so unsure about that issue.
Edited by tokio, 08 November 2009 - 10:55 PM.
#10
Tomk
-
- Global Moderator
-
- 20,451 posts
Beguilement Monitor
Posted 08 November 2009 - 11:50 PM
tokio,
Let's see what Kaspersky has to say.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
------------------------------------------------------------
Microsoft MVP 2010-2014
Register to Remove
#11
tokio
-
- Authentic Member
-
- 17 posts
New Member
Posted 09 November 2009 - 01:02 AM
hey the results of my scan was one infection found in temp files. im sorry couldnt copy or post. one, it didn't give me a log file, so i viewed results and read infected temp file and so i tried to copy that but couldnt and now i cant even get on to kaspersky site as it wont load. I'll try to reload and post if i can. sorry.
#12
Tomk
-
- Global Moderator
-
- 20,451 posts
Beguilement Monitor
Posted 09 November 2009 - 12:46 PM
tokio,
If it's a temp file, it should have been removed when you ran TFC earlier. Seeing as how it still exists, we need to know more about it. I'm sorry but you may have to run Kaspersy again in order to get the information.
If you can't get Kaspersky to run again, try this other online scanner:
ESET Online Scanner:
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
If it's a temp file, it should have been removed when you ran TFC earlier. Seeing as how it still exists, we need to know more about it. I'm sorry but you may have to run Kaspersy again in order to get the information.
If you can't get Kaspersky to run again, try this other online scanner:
ESET Online Scanner:
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
- Please go here then click on:
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. - Select the option YES, I accept the Terms of Use then click on:
- When prompted allow the Add-On/Active X to install.
- Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
- Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
- Now click on:
- The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
- When completed the Online Scan will begin automatically.
- Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
- When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
- Now click on:
- Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
- Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
------------------------------------------------------------
Microsoft MVP 2010-2014
#13
tokio
-
- Authentic Member
-
- 17 posts
New Member
Posted 09 November 2009 - 03:46 PM
I got it to work again, hope this helps. as well the reason why tfc didnt get rid of it is because everytime ive tried to get the program to work it comes up as zero items removed from temp files and it freezes on me. So im unsure why but ive tried couple times today with the same result. not sure what i could do to get it to work. thanks again.
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, November 9, 2009
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, November 09, 2009 10:30:17
Records in database: 3180654
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Scan statistics:
Objects scanned: 149735
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 04:08:37
File name / Threat / Threats count
C:\Users\Marinin\AppData\Local\Temp\plugtmp-53\plugin-pdf_4.php Infected: Exploit.Win32.Pidief.akn 1
Selected area has been scanned.
#14
Tomk
-
- Global Moderator
-
- 20,451 posts
Beguilement Monitor
Posted 09 November 2009 - 04:18 PM
tokio,
Let's try a little different tack here.
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Let's try a little different tack here.
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
------------------------------------------------------------
Microsoft MVP 2010-2014
#15
tokio
-
- Authentic Member
-
- 17 posts
New Member
Posted 09 November 2009 - 06:08 PM
here is the log file for combofix
ComboFix 09-11-08.03 - Marinin 09/11/2009 18:42.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1014.344 [GMT -5:00]
Running from: c:\users\Marinin\Desktop\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1296867833-1063234781-1491833618-500
c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
.
((((((((((((((((((((((((( Files Created from 2009-10-09 to 2009-11-09 )))))))))))))))))))))))))))))))
.
2009-11-09 23:58 . 2009-11-09 23:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-28 06:12 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 06:12 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-23 00:32 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-23 00:32 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-23 00:32 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-23 00:32 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-23 00:32 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-23 00:31 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-23 00:31 . 2009-09-15 10:55 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-10-23 00:31 . 2009-10-23 00:31 -------- d-----w- c:\program files\Alwil Software
2009-10-21 03:35 . 2007-09-13 18:45 102400 ----a-w- c:\windows\system32\stacsv.exe
2009-10-21 03:35 . 2007-04-10 21:02 1601536 ----a-w- c:\windows\system32\stlang.dll
2009-10-21 03:31 . 2007-09-13 18:46 330240 ----a-w- c:\windows\system32\drivers\stwrt.sys
2009-10-21 03:31 . 2007-09-13 18:45 328704 ----a-w- c:\windows\system32\stcplx.dll
2009-10-21 03:31 . 2007-09-13 18:45 595456 ----a-w- c:\windows\system32\stapo.dll
2009-10-21 03:31 . 2007-09-13 18:45 146944 ----a-w- c:\windows\system32\st325614.dll
2009-10-21 03:31 . 2007-09-13 18:44 299520 ----a-w- c:\windows\system32\stapi32.dll
2009-10-21 03:31 . 2007-03-05 17:05 45568 ----a-w- c:\windows\system32\ctppld.dll
2009-10-21 03:31 . 2009-10-21 03:31 -------- d-----w- c:\program files\SigmaTel
2009-10-21 03:24 . 2009-10-21 03:24 -------- d-----w- c:\users\Marinin\AppData\Local\Apps
2009-10-21 03:24 . 2009-10-21 03:29 -------- d-----w- c:\users\Marinin\AppData\Local\Deployment
2009-10-19 10:27 . 2009-10-19 10:27 4096 d-----w- c:\program files\ERUNT
2009-10-14 05:32 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 05:32 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-14 05:32 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-14 05:20 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-14 04:14 . 2009-10-14 04:14 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-10-12 01:03 . 2009-10-12 01:03 -------- d-----w- c:\users\Marinin\Office Genuine Advantage
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-09 04:04 . 2007-05-21 22:14 4096 d-----w- c:\program files\Java
2009-11-03 01:42 . 2009-10-02 16:52 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-21 11:37 . 2007-06-04 16:44 -------- d-----w- c:\users\Marinin\AppData\Roaming\BSplayer
2009-10-21 11:37 . 2007-06-04 16:44 -------- d-----w- c:\program files\Webteh
2009-10-14 07:44 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-10-14 07:13 . 2007-05-21 22:30 24576 d-----w- c:\program files\Microsoft Works
2009-10-12 00:45 . 2007-05-21 22:26 4096 d-----w- c:\programdata\McAfee
2009-10-12 00:01 . 2008-07-18 19:44 680 ----a-w- c:\users\Marinin\AppData\Local\d3d9caps.dat
2009-10-11 13:13 . 2007-06-02 12:07 4096 d-----w- c:\programdata\Spybot - Search & Destroy
2009-10-10 23:20 . 2009-10-10 23:20 -------- d-----w- c:\users\Marinin\AppData\Roaming\Malwarebytes
2009-10-10 23:20 . 2009-10-10 23:20 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-10 23:20 . 2009-10-10 23:20 -------- d-----w- c:\programdata\Malwarebytes
2009-10-04 00:14 . 2009-10-01 03:48 -------- d-----w- c:\program files\EA GAMES
2009-09-27 01:39 . 2007-06-01 04:25 4096 d-----w- c:\program files\Winamp
2009-09-27 01:37 . 2007-06-01 04:25 4096 d-----w- c:\users\Marinin\AppData\Roaming\Winamp
2009-09-14 09:29 . 2009-10-14 05:31 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 18:54 . 2009-10-10 23:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-10-10 23:20 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 11:41 . 2009-10-14 05:31 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-09-02 21:35 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-08-29 00:27 . 2009-09-03 02:53 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-03 02:54 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22 . 2009-10-14 05:31 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-14 05:31 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-14 05:31 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-14 05:31 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-14 16:27 . 2009-09-09 00:35 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 00:35 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 00:35 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 00:35 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 00:35 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 00:35 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 00:35 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 00:35 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 00:35 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 00:35 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 00:35 105984 ----a-w- c:\windows\system32\netiohlp.dll
2008-08-06 12:56 . 2008-08-06 12:56 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-05-22 05:52 . 2007-05-22 05:52 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-27 1540096]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-06 29744]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2006-10-13 184320]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2007-01-03 520192]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-07-02 623960]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-04-11 236016]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-12-12 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-12-12 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-12-12 81920]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-5-21 50688]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-5-21 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(
:63,5e,ec,61,17,2c,ca,01
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [22/10/2009 7:32 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [22/10/2009 7:32 PM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [22/10/2009 7:31 PM 53328]
R2 SSPORT;SSPORT;c:\windows\System32\drivers\SSPORT.SYS [18/10/2007 2:36 PM 5120]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe --> c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [?]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [21/02/2009 12:10 AM 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 6:08 PM 533360]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [21/05/2007 5:29 PM 29744]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder
2009-11-09 c:\windows\Tasks\User_Feed_Synchronization-{EC955D27-72D3-4D53-8E88-14C618900E31}.job
- c:\windows\system32\msfeedssync.exe [2009-10-14 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=4070522
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\users\Marinin\AppData\Roaming\Mozilla\Firefox\Profiles\5xlkbqzp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\users\Marinin\AppData\Roaming\Mozilla\Firefox\Profiles\5xlkbqzp.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-09 19:00
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-11-10 19:06
ComboFix-quarantined-files.txt 2009-11-10 00:06
Pre-Run: 40,344,080,384 bytes free
Post-Run: 44,131,917,824 bytes free
- - End Of File - - 42CA7457B91C5BEAAC614849C2A960F3
ComboFix 09-11-08.03 - Marinin 09/11/2009 18:42.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1014.344 [GMT -5:00]
Running from: c:\users\Marinin\Desktop\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1296867833-1063234781-1491833618-500
c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
.
((((((((((((((((((((((((( Files Created from 2009-10-09 to 2009-11-09 )))))))))))))))))))))))))))))))
.
2009-11-09 23:58 . 2009-11-09 23:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-28 06:12 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 06:12 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-23 00:32 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-23 00:32 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-23 00:32 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-23 00:32 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-23 00:32 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-23 00:31 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-23 00:31 . 2009-09-15 10:55 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-10-23 00:31 . 2009-10-23 00:31 -------- d-----w- c:\program files\Alwil Software
2009-10-21 03:35 . 2007-09-13 18:45 102400 ----a-w- c:\windows\system32\stacsv.exe
2009-10-21 03:35 . 2007-04-10 21:02 1601536 ----a-w- c:\windows\system32\stlang.dll
2009-10-21 03:31 . 2007-09-13 18:46 330240 ----a-w- c:\windows\system32\drivers\stwrt.sys
2009-10-21 03:31 . 2007-09-13 18:45 328704 ----a-w- c:\windows\system32\stcplx.dll
2009-10-21 03:31 . 2007-09-13 18:45 595456 ----a-w- c:\windows\system32\stapo.dll
2009-10-21 03:31 . 2007-09-13 18:45 146944 ----a-w- c:\windows\system32\st325614.dll
2009-10-21 03:31 . 2007-09-13 18:44 299520 ----a-w- c:\windows\system32\stapi32.dll
2009-10-21 03:31 . 2007-03-05 17:05 45568 ----a-w- c:\windows\system32\ctppld.dll
2009-10-21 03:31 . 2009-10-21 03:31 -------- d-----w- c:\program files\SigmaTel
2009-10-21 03:24 . 2009-10-21 03:24 -------- d-----w- c:\users\Marinin\AppData\Local\Apps
2009-10-21 03:24 . 2009-10-21 03:29 -------- d-----w- c:\users\Marinin\AppData\Local\Deployment
2009-10-19 10:27 . 2009-10-19 10:27 4096 d-----w- c:\program files\ERUNT
2009-10-14 05:32 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 05:32 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-14 05:32 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-14 05:20 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-14 04:14 . 2009-10-14 04:14 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-10-12 01:03 . 2009-10-12 01:03 -------- d-----w- c:\users\Marinin\Office Genuine Advantage
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-09 04:04 . 2007-05-21 22:14 4096 d-----w- c:\program files\Java
2009-11-03 01:42 . 2009-10-02 16:52 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-21 11:37 . 2007-06-04 16:44 -------- d-----w- c:\users\Marinin\AppData\Roaming\BSplayer
2009-10-21 11:37 . 2007-06-04 16:44 -------- d-----w- c:\program files\Webteh
2009-10-14 07:44 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-10-14 07:13 . 2007-05-21 22:30 24576 d-----w- c:\program files\Microsoft Works
2009-10-12 00:45 . 2007-05-21 22:26 4096 d-----w- c:\programdata\McAfee
2009-10-12 00:01 . 2008-07-18 19:44 680 ----a-w- c:\users\Marinin\AppData\Local\d3d9caps.dat
2009-10-11 13:13 . 2007-06-02 12:07 4096 d-----w- c:\programdata\Spybot - Search & Destroy
2009-10-10 23:20 . 2009-10-10 23:20 -------- d-----w- c:\users\Marinin\AppData\Roaming\Malwarebytes
2009-10-10 23:20 . 2009-10-10 23:20 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-10 23:20 . 2009-10-10 23:20 -------- d-----w- c:\programdata\Malwarebytes
2009-10-04 00:14 . 2009-10-01 03:48 -------- d-----w- c:\program files\EA GAMES
2009-09-27 01:39 . 2007-06-01 04:25 4096 d-----w- c:\program files\Winamp
2009-09-27 01:37 . 2007-06-01 04:25 4096 d-----w- c:\users\Marinin\AppData\Roaming\Winamp
2009-09-14 09:29 . 2009-10-14 05:31 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 18:54 . 2009-10-10 23:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-10-10 23:20 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 11:41 . 2009-10-14 05:31 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-09-02 21:35 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-08-29 00:27 . 2009-09-03 02:53 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-03 02:54 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22 . 2009-10-14 05:31 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-14 05:31 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-14 05:31 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-14 05:31 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-14 16:27 . 2009-09-09 00:35 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 00:35 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 00:35 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 00:35 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 00:35 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 00:35 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 00:35 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 00:35 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 00:35 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 00:35 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 00:35 105984 ----a-w- c:\windows\system32\netiohlp.dll
2008-08-06 12:56 . 2008-08-06 12:56 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-05-22 05:52 . 2007-05-22 05:52 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-27 1540096]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-06 29744]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2006-10-13 184320]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2007-01-03 520192]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-07-02 623960]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-04-11 236016]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-12-12 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-12-12 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-12-12 81920]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-5-21 50688]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-5-21 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(
:63,5e,ec,61,17,2c,ca,01R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [22/10/2009 7:32 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [22/10/2009 7:32 PM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [22/10/2009 7:31 PM 53328]
R2 SSPORT;SSPORT;c:\windows\System32\drivers\SSPORT.SYS [18/10/2007 2:36 PM 5120]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe --> c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [?]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [21/02/2009 12:10 AM 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 6:08 PM 533360]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [21/05/2007 5:29 PM 29744]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder
2009-11-09 c:\windows\Tasks\User_Feed_Synchronization-{EC955D27-72D3-4D53-8E88-14C618900E31}.job
- c:\windows\system32\msfeedssync.exe [2009-10-14 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=4070522
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\users\Marinin\AppData\Roaming\Mozilla\Firefox\Profiles\5xlkbqzp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\users\Marinin\AppData\Roaming\Mozilla\Firefox\Profiles\5xlkbqzp.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-09 19:00
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-11-10 19:06
ComboFix-quarantined-files.txt 2009-11-10 00:06
Pre-Run: 40,344,080,384 bytes free
Post-Run: 44,131,917,824 bytes free
- - End Of File - - 42CA7457B91C5BEAAC614849C2A960F3
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
