|
|
#11
1st Nov 2009, 12:17
| |||
| |||
| ComboFix 09-10-30.01 - Bloomy 11/01/2009 13:41.2.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.514 [GMT -5:00] Running from: c:\documents and settings\Bloomy\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Bloomy\Desktop\CFScript.txt AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . ((((((((((((((((((((((((( Files Created from 2009-10-01 to 2009-11-01 ))))))))))))))))))))))))))))))) . 2009-11-01 16:32 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-01 16:32 . 2009-11-01 16:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-01 16:32 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-31 22:53 . 2009-10-31 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-10-31 22:52 . 2009-10-31 22:52 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-10-31 22:52 . 2009-10-31 22:52 -------- d-----w- c:\documents and settings\Bloomy\Application Data\SUPERAntiSpyware.com 2009-10-31 22:12 . 2009-10-31 22:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-10-13 23:21 . 2009-10-13 23:21 -------- d-----w- c:\documents and settings\Bloomy\Local Settings\Application Data\AIM 2009-10-05 23:24 . 2009-10-05 23:27 -------- d-----w- c:\documents and settings\Bloomy\Application Data\U3 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-01 18:56 . 2008-11-27 02:03 8429600 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-11-01 18:56 . 2008-11-27 02:03 67984 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-11-01 18:56 . 2008-11-27 02:03 6272 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-11-01 18:56 . 2008-11-27 02:03 1212448 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-11-01 18:25 . 2009-05-01 22:48 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-11-01 18:24 . 2009-11-01 18:24 0 ----a-w- c:\windows\system32\REN40.tmp 2009-11-01 18:24 . 2009-11-01 18:24 0 ----a-w- c:\windows\system32\REN3F.tmp 2009-11-01 18:24 . 2009-11-01 18:24 0 ----a-w- c:\windows\system32\REN3E.tmp 2009-11-01 18:19 . 2003-12-29 12:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-11-01 18:17 . 2009-05-01 21:12 -------- d-----w- c:\program files\Panda Security 2009-11-01 18:16 . 2003-12-29 12:23 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-11-01 18:16 . 2006-02-14 20:30 -------- d-----w- c:\program files\Logitech 2009-11-01 16:23 . 2008-11-27 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-10-31 22:09 . 2006-02-06 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-10-31 21:42 . 2006-02-06 18:52 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-10-18 00:11 . 2009-07-13 02:09 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-10-14 19:47 . 2008-11-27 02:05 108059 ----a-w- c:\windows\system32\drivers\klin.dat 2009-10-14 19:47 . 2008-11-27 02:05 95259 ----a-w- c:\windows\system32\drivers\klick.dat 2009-10-07 22:52 . 2004-08-31 01:19 -------- d-----w- c:\program files\Dell AIO Printer A920 2009-09-30 00:57 . 2009-09-30 00:57 -------- d-----w- c:\documents and settings\Bloomy\Application Data\avidemux 2009-09-11 14:18 . 2002-08-29 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:03 . 2002-08-29 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 07:36 . 2005-02-18 20:19 832512 ----a-w- c:\windows\system32\wininet.dll 2009-08-29 07:36 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-08-29 07:36 . 2002-08-29 11:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-08-26 08:00 . 2002-08-29 11:00 247326 ------w- c:\windows\system32\strmdll.dll 2009-08-20 19:09 . 2009-08-20 19:09 1193832 ----a-w- c:\windows\system32\FM20.DLL 2009-08-19 03:34 . 2004-01-03 21:41 112568 ----a-w- c:\documents and settings\Bloomy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-06 23:24 . 2004-09-01 18:28 327896 ----a-w- c:\windows\system32\wucltui.dll 2009-08-06 23:24 . 2004-09-01 18:28 209632 ----a-w- c:\windows\system32\wuweb.dll 2009-08-06 23:24 . 2005-05-26 08:16 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-06 23:24 . 2004-09-01 18:28 35552 ----a-w- c:\windows\system32\wups.dll 2009-08-06 23:24 . 2002-08-29 11:00 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-08-06 23:24 . 2002-08-29 11:00 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-06 23:23 . 2004-09-01 18:28 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-06 23:23 . 2008-05-19 17:46 215920 ----a-w- c:\windows\system32\muweb.dll 2009-08-06 23:23 . 2008-05-19 17:46 274288 ----a-w- c:\windows\system32\mucltui.dll 2009-08-06 23:23 . 2002-08-29 11:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-08-05 09:01 . 2002-12-12 06:14 204800 ------w- c:\windows\system32\mswebdvd.dll 2009-08-05 00:44 . 1980-01-01 06:00 2189184 ------w- c:\windows\system32\ntoskrnl.exe 2009-08-04 14:20 . 1980-01-01 06:00 2066048 ------w- c:\windows\system32\ntkrnlpa.exe 2006-02-06 01:52 . 2006-01-30 16:45 12 ----a-w- c:\program files\MOBILE.INI 2004-01-04 18:41 . 2004-01-04 18:41 3130328 ----a-w- c:\program files\Install_AIM.exe 2002-04-23 12:39 . 2005-08-02 18:51 10431072 ----a-w- c:\program files\mp71.exe 2002-04-23 12:35 . 2005-08-02 18:51 35842 ----a-w- c:\program files\microsoft.comwindowswindowsmediadownload.html 2002-04-23 12:35 . 2005-08-02 18:51 6552 ----a-w- c:\program files\GoldWave 4.26-sound editor player recorder converterFULL.html 2002-04-23 11:30 . 2005-08-02 18:51 644622 ----a-w- c:\program files\lamewin32.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1FB2F9A-D35E-11DD-8935-E46A56D89593}] 2009-03-16 13:53 87512 ----a-w- c:\program files\oovootb\dtx.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{A1FB2F9A-D35E-11DD-8935-E46A56D89593}"= "c:\program files\oovootb\dtx.dll" [2009-03-16 87512] [HKEY_CLASSES_ROOT\clsid\{a1fb2f9a-d35e-11dd-8935-e46a56d89593}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-13 2000112] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "<NO NAME>"="c:\program files\Internet Explorer\IEXPLORE.EXE" [2009-08-27 634648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Samsung PanelMgr"="c:\program files\Samsung\Samsung CLP-310 Series\Install\Application\SPANEL\PanelMgr\SSMMgr.exe" [2008-05-08 524288] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-01 149280] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-21 208616] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech1\SetPoint\SetPoint.exe [2007-4-30 593920] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminders Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Planner Reminders Tray Icon.lnk backup=c:\windows\pss\Event Planner Reminders Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartUI.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SmartUI.lnk backup=c:\windows\pss\SmartUI.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk backup=c:\windows\pss\Verizon Online Support Center.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Bloomy^Start Menu^Programs^Startup^Webshots.lnk] path=c:\documents and settings\Bloomy\Start Menu\Programs\Startup\Webshots.lnk backup=c:\windows\pss\Webshots.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ISPwdSvc"=3 (0x3) "iPodService"=3 (0x3) "comHost"=3 (0x3) "Adobe LM Service"=3 (0x3) "ZuneNetworkSvc"=3 (0x3) "RoxWatch9"=2 (0x2) "RoxMediaDB9"=3 (0x3) "Roxio Upnp Server 9"=2 (0x2) "Roxio UPnP Renderer 9"=3 (0x3) "RichVideo"=2 (0x2) "LiveUpdate Notice Service"=2 (0x2) "LiveUpdate Notice Ex"=2 (0x2) "LiveUpdate"=3 (0x3) "WMPNetworkSvc"=3 (0x3) "WLSetupSvc"=3 (0x3) "RoxLiveShare9"=2 (0x2) "PD91Engine"=3 (0x3) "PD91Agent"=2 (0x2) "ose"=3 (0x3) "iPod Service"=3 (0x3) "IDriverT"=3 (0x3) "gusvc"=3 (0x3) "Bonjour Service"=2 (0x2) "AGWinService"=2 (0x2) "LexBceS"=2 (0x2) "Brother XP spl Service"=2 (0x2) "brmfrmps"=2 (0x2) "Apple Mobile Device"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Common Files\\AOL\\1135956007\\ee\\aolsoftware.exe"= "c:\\Program Files\\Common Files\\AOL\\1135956007\\ee\\aim6.exe"= "c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\LimeWire3\\LimeWire.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443 "443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443 "37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674 "37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674 "37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675 "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundTimestampRequest"= 1 (0x1) "AllowInboundMaskRequest"= 1 (0x1) "AllowInboundRouterRequest"= 1 (0x1) "AllowOutboundDestinationUnreachable"= 1 (0x1) "AllowOutboundSourceQuench"= 1 (0x1) "AllowOutboundParameterProblem"= 1 (0x1) "AllowOutboundTimeExceeded"= 1 (0x1) "AllowRedirect"= 1 (0x1) "AllowOutboundPacketTooBig"= 1 (0x1) R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\SYSTEM32\DRIVERS\klbg.sys [1/29/2008 6:29 PM 33808] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/12/2009 8:24 PM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 8:24 PM 74480] R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/04/20 20:57];f:\program files\CyberLink\PowerDVD9\PowerDVD9\000.fcl [3/30/2009 4:53 PM 87536] R2 LBeepKE;LBeepKE;c:\windows\SYSTEM32\DRIVERS\LBeepKE.sys [4/30/2007 3:31 PM 3712] R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [9/9/2008 1:49 PM 693512] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\SYSTEM32\DRIVERS\klfltdev.sys [3/13/2008 7:02 PM 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\SYSTEM32\DRIVERS\klim5.sys [4/30/2008 6:06 PM 24592] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 8:24 PM 7408] S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?] S3 brfilt;Brother MFC Filter Driver;c:\windows\SYSTEM32\DRIVERS\BrFilt.sys [1/3/2004 5:41 PM 2944] S3 BrSerWDM;Brother Serial driver;c:\windows\SYSTEM32\DRIVERS\BrSerWdm.sys [1/3/2004 5:41 PM 60416] S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\SYSTEM32\DRIVERS\BrUsbMdm.sys [1/3/2004 5:41 PM 11008] S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\SYSTEM32\DRIVERS\BrUsbScn.sys [1/3/2004 5:41 PM 10368] S3 Fapieied;Fapieied; [x] S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [9/9/2008 1:49 PM 906504] S3 PLUsbbc2;USB 2.0 Networking/Data Transfer Cable;c:\windows\SYSTEM32\DRIVERS\usbbc2.sys [7/26/2007 3:55 PM 8960] S3 Winacusb;Winacusb;c:\windows\system32\DRIVERS\winacusb.sys --> c:\windows\system32\DRIVERS\winacusb.sys [?] S4 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [11/26/2008 10:59 PM 10240] --- Other Services/Drivers In Memory --- *NewlyCreated* - CLASSPNP_2 *NewlyCreated* - MBR *Deregistered* - CLASSPNP_2 *Deregistered* - mbr . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = localhost;*.local mSearchURL = hxxp://ie.search.msn.com IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {5F8A33E7-6A32-4EE0-887A-134C627CB052} - hxxp://bloomyisia.myphotoalbum.com/EasyUploadTool.cab FF - ProfilePath - c:\documents and settings\Bloomy\Application Data\Mozilla\Firefox\Profiles\mxm2pcme.default\ FF - prefs.js: browser.search.selectedEngine - Thesaurus - Reference.com FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll FF - plugin: f:\program files\Google\Picasa3\npPicasa3.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); . - - - - ORPHANS REMOVED - - - - AddRemove-123VideoMagic - f:\progra~1\123VID~1\UNWISE.EXE AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\UninstFl.exe AddRemove-Verizon Online Support Center - c:\progra~1\VERIZO~1\SUPPOR~1\Uninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-01 13:59 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}] "ImagePath"="\??\f:\program files\CyberLink\PowerDVD9\PowerDVD9\000.fcl" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(972) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(1048) c:\windows\system32\WININET.dll c:\program files\Logitech1\SetPoint\lgscroll.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\UPnPUI.dll c:\program files\Common Files\Roxio Shared\9.0\DLLShared\FakeAvRenderer.dll c:\program files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll c:\windows\system32\MSVCP71.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\progra~1\MI3AA1~1\rapimgr.exe c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.EXE c:\program files\AIM6\aolsoftware.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2009-11-01 14:14 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-01 19:13 Pre-Run: 3,035,111,424 bytes free Post-Run: 3,111,460,864 bytes free - - End Of File - - 9915A023231B5278B30DA9E09AA699A6 |
|
#12
1st Nov 2009, 12:36
| |||
| |||
| Go to Start > Run, and copy/paste the following into the Open box (one line at a time) then Click OK after each. Code: sc config Fapieied start= disabled Code: sc stop Fapieied Code: sc delete Fapieied How is the computer now?
__________________  |
|
#13
1st Nov 2009, 12:44
| |||
| |||
| It seems to be better. I'm gonna start using firefox now and see if I get any problems like before, but I doubt I will thanks a lot :)))) |
|
#14
1st Nov 2009, 12:49
| |||
| |||
| Sounds good. We still need to clean up. * Click START then RUN - Vista users press the Windows Key and the R keys for the Run box. * Now type Combofix /u in the runbox * Make sure there's a space between Combofix and /u * Then hit Enter * The above procedure will: * Delete the following: * ComboFix and its associated files and folders. * Reset the clock settings. * Hide file extensions, if required. * Hide System/Hidden files, if required. * Set a new, clean Restore Point. ---------- Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ---------- Use the Secunia Software Inspector to check for out of date software. Out of date software has security vulnerabilities that malware can exploit.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- Make sure all of your security programs are up to date and run scans with them regularly. I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself safe On The Web for tips and free tools to keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.
__________________ |
|
#15
6th Nov 2009, 16:24
| |||
| |||
| I actually cannot believe this. Everything was clean. I did another google search of something totally different and got the same thing. This is really just not normal. |
|
#16
6th Nov 2009, 16:25
| |||
| |||
| Did you follow EF's last instruction there? Viruses have a nasty tendency to come back if you don't 100% get rid |
|
#17
6th Nov 2009, 16:28
| |||
| |||
| Yes, I did everything... It's like I'm clicking on a legitimate website and then some bullshit pops up about how my system is infected. Firefox didn't shut down yet though... so idk |
|
#18
6th Nov 2009, 16:29
| |||
| |||
| That's Adware. The SECOND that appears, close it. Use the Alt-F4 shortcut to make sure you don't get any nasties and PM EF to see what he can do for you. |
|
#19
6th Nov 2009, 16:31
| |||
| |||
| I closed the tab instantly, I'll totally close firefox now |
|
#20
6th Nov 2009, 18:14
| |||
| |||
| Open Malwarebytes' Anti-Malware. * Click the Update tab. * Click Check for Updates * If an update is found, it will download and install. * Click the Scanner tab. * Select Perform Quick Scan, then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy & Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. ---------- Download Lop S&D by Eric_71 and save it to your desktop. Lop S&D will only run on Windows XP and Windows Vista Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D. If needed see: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs Double click LopSD.exe - If you are using Windows Vista or Windows 7, right-click on the LopSD icon and select Run as administrator to perform this scan. * Choose the language by typing of the corresponding letter and press Enter * Click OK at the informative window * Type 1, to choose Option 1 (Search) then press Enter * Wait until the end of the scan * A report will be generated, post the contents of it in your next reply. A copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt
__________________ |
 |
 |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| My Computer is Infected, I Think? Can Anyone Help? | lawt555 | Virus, Spyware & Security | 5 | 16th Mar 2009 04:59 |
| Help cleaning infected PC | veritas9 | Virus, Spyware & Security | 52 | 11th Jan 2009 15:12 |
| Kids pc infected? | redden137 | Virus, Spyware & Security | 6 | 4th Jan 2009 15:10 |
| I'm not sure if my computer is infected or not | Rob1 | Virus, Spyware & Security | 4 | 4th Feb 2008 15:14 |
| Thread Tools | |
| |
