Search Result Program Popup Randomly

**sjb007** · #11 8th May 2009, 12:19

Not a problem, just carry on with the rest of the fix...

**computernoob64** · #12 8th May 2009, 12:51

I did the scan and it found nothing

**sjb007** · #13 8th May 2009, 12:57

Howdy...

Did you check firefox for the file I requested before the MBAM scan

**computernoob64** · #14 8th May 2009, 13:05

yeah, there was no such file

**sjb007** · #15 8th May 2009, 13:22

Hi there

One thing I do notice is this program in add/remove software - Advertising Center. It is not something I am familiar with, have you installed this program yourself? If not then I would advise that you remove it via add/remove programs.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Quote:

File::
C:\Documents and Settings\New Folder\Ownerold\Local Settings\Temporary Internet Files\Content.IE5\4CHQNCAG\newmajorse2[1].cab
c:\ac tool\php528kBfbnhide\MngHide\release\bnhide.sys

Driver::
bnhide

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"=""

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Update me on how things are running

**computernoob64** · #16 8th May 2009, 14:00

I opened add/remove programms are there was no such thing as advertising center

**sjb007** · #17 8th May 2009, 14:05

No problem there - Please carry on with the rest of the fix and post back with the combofix log and update me on how things are

**computernoob64** · #18 8th May 2009, 14:26

ComboFix 09-05-08.03 - MansourF 05/08/2009 14:08.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.639.191 [GMT -7:00]
Running from: c:\documents and settings\MansourF\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\MansourF\Desktop\CFScript.txt
AV: CA Anti-Virus *On-access scanning disabled* (Updated)
FW: CA Personal Firewall *enabled*
* Created a new restore point
FILE ::
c:\ac tool\php528kBfbnhide\MngHide\release\bnhide.sys
c:\documents and settings\New Folder\Ownerold\Local Settings\Temporary Internet Files\Content.IE5\4CHQNCAG\newmajorse2[1].cab
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\MansourF\LOCALS~1\Temp\cmd.execf
c:\documents and settings\MansourF\Local Settings\Temp\cmd.execf
c:\documents and settings\New Folder\Ownerold\Local Settings\Temporary Internet Files\Content.IE5\4CHQNCAG\newmajorse2[1].cab
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BNHIDE
-------\Service_bnhide

((((((((((((((((((((((((( Files Created from 2009-04-08 to 2009-05-08 )))))))))))))))))))))))))))))))
.
2009-05-07 05:50 . 2009-05-07 05:50 -------- d-----w c:\program files\Cedelia
2009-05-06 06:28 . 2009-05-06 06:32 -------- d-----w c:\program files\Common Files\DivX Shared
2009-05-06 06:28 . 2009-05-06 06:33 -------- d-----w c:\program files\DivX
2009-05-04 06:35 . 2009-05-06 01:05 -------- d-----w c:\program files\Taskbar Hide
2009-04-30 22:13 . 2009-04-30 22:12 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-30 04:03 . 2003-03-18 20:20 1060864 ----a-w c:\windows\system32\MFC71.dll
2009-04-30 04:02 . 2009-04-30 04:02 -------- d-----w c:\program files\Alwil Software
2009-04-29 21:06 . 2009-04-29 21:06 -------- d-----w c:\documents and settings\MansourF\Application Data\Sunbelt
2009-04-29 21:05 . 2009-04-29 21:05 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Sunbelt
2009-04-29 21:01 . 2009-04-29 21:01 -------- d-----w c:\documents and settings\MansourF\Application Data\QuickScan
2009-04-29 21:01 . 2009-05-04 06:51 -------- d-----w c:\program files\Sunbelt Software
2009-04-29 20:58 . 2009-05-08 21:04 -------- d-----w C:\Downloads
2009-04-28 05:29 . 2009-04-28 05:29 -------- d-----w c:\windows\system32\scripting
2009-04-28 05:29 . 2009-04-28 05:29 -------- d-----w c:\windows\l2schemas
2009-04-28 05:29 . 2009-04-28 05:29 -------- d-----w c:\windows\system32\en
2009-04-28 05:29 . 2009-04-28 05:29 -------- d-----w c:\windows\system32\bits
2009-04-28 02:57 . 2009-04-28 02:57 -------- d-----w c:\program files\Common Files\Scanner
2009-04-28 02:56 . 2009-02-16 19:17 161008 ----a-w c:\windows\system32\drivers\vetmonnt.sys
2009-04-28 02:56 . 2009-02-16 19:17 21488 ----a-w c:\windows\system32\drivers\vetfddnt.sys
2009-04-28 02:56 . 2009-02-16 19:17 21104 ----a-w c:\windows\system32\drivers\vet-rec.sys
2009-04-28 02:56 . 2009-02-16 19:17 26352 ----a-w c:\windows\system32\drivers\vet-filt.sys
2009-04-28 02:56 . 2007-12-04 18:47 83256 ----a-w c:\windows\system32\vetredir.dll
2009-04-28 02:56 . 2009-02-16 19:16 111856 ----a-w c:\windows\system32\isafprod.dll
2009-04-28 02:56 . 2009-02-16 19:16 99568 ----a-w c:\windows\system32\isafeif.dll
2009-04-28 02:56 . 2009-04-28 03:08 880560 ----a-w c:\windows\system32\drivers\vetefile.sys
2009-04-28 02:56 . 2009-04-28 03:08 108368 ----a-w c:\windows\system32\drivers\veteboot.sys
2009-04-28 02:56 . 2009-02-18 20:55 1254640 ----a-w c:\windows\system32\cfgmig32.dll
2009-04-28 02:30 . 2008-04-14 00:12 276992 ------w c:\windows\system32\wmphoto.dll
2009-04-28 02:30 . 2008-04-14 00:12 69120 ------w c:\windows\system32\wlanapi.dll
2009-04-28 02:30 . 2008-04-14 00:12 346112 ------w c:\windows\system32\windowscodecsext.dll
2009-04-28 02:30 . 2008-04-14 00:12 712704 ------w c:\windows\system32\windowscodecs.dll
2009-04-28 02:30 . 2008-04-14 00:12 50688 ------w c:\windows\system32\tspkg.dll
2009-04-28 02:30 . 2008-04-14 00:12 53248 ------w c:\windows\system32\tsgqec.dll
2009-04-28 02:28 . 2008-04-13 16:36 144384 ------w c:\windows\system32\drivers\hdaudbus.sys
2009-04-28 02:15 . 2009-04-28 02:15 -------- d-----w c:\program files\Orbitdownloader
2009-04-28 02:15 . 2009-05-08 21:14 -------- d-----w c:\documents and settings\MansourF\Application Data\Orbit
2009-04-28 01:34 . 2008-06-13 11:05 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-04-28 01:30 . 2008-05-08 14:02 203136 -c----w c:\windows\system32\dllcache\rmcast.sys
2009-04-28 01:30 . 2008-04-11 19:04 691712 -c----w c:\windows\system32\dllcache\inetcomm.dll
2009-04-28 01:30 . 2008-12-11 10:57 333952 -c----w c:\windows\system32\dllcache\srv.sys
2009-04-28 01:28 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-28 01:28 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-28 01:28 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-28 01:28 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-28 01:28 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-28 01:28 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-28 01:28 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-28 01:28 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-28 01:28 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-28 01:28 . 2009-02-06 11:06 2145280 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-28 01:28 . 2009-02-06 11:08 2189056 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-28 01:28 . 2009-02-06 10:32 2023936 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-28 01:27 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-04-28 01:20 . 2008-10-15 16:34 337408 -c----w c:\windows\system32\dllcache\netapi32.dll
2009-04-28 01:19 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-28 01:19 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w c:\windows\system32\dpl100.dll
2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w c:\windows\system32\DivX.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w c:\windows\system32\divx_xx11.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-04-30 22:53 . 2006-07-21 09:40 -------- d-----w c:\program files\Common Files\Adobe
2009-04-30 22:12 . 2007-06-04 22:17 -------- d-----w c:\program files\Java
2009-04-30 06:03 . 2006-07-23 07:04 -------- d-----w c:\program files\Viewpoint
2009-04-28 05:33 . 2005-09-25 21:16 77423 ----a-w c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-04-28 03:58 . 2009-03-06 23:46 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-28 03:56 . 2009-03-06 23:45 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-28 02:56 . 2007-10-12 01:12 2732032 ----a-w c:\windows\system32\win32cpr.dll
2009-04-28 02:56 . 2007-10-12 01:12 1568870 ----a-w c:\windows\system32\winsflt.dll
2009-04-28 02:56 . 2005-09-25 23:37 -------- d-----w c:\program files\CA
2009-04-28 01:57 . 2008-02-20 07:55 -------- d-----w c:\program files\Google
2009-04-28 01:26 . 2005-09-26 16:46 -------- d-----w c:\program files\Microsoft AntiSpyware
2009-04-15 20:25 . 2009-05-06 06:33 9464 ------w c:\windows\system32\drivers\cdralw2k.sys
2009-04-15 20:25 . 2009-05-06 06:33 9336 ------w c:\windows\system32\drivers\cdr4_xp.sys
2009-04-15 20:25 . 2009-05-06 06:33 43528 ------w c:\windows\system32\drivers\PxHelp20.sys
2009-04-15 20:25 . 2009-05-06 06:33 120056 ------w c:\windows\system32\pxcpyi64.exe
2009-04-15 20:25 . 2009-05-06 06:33 118520 ------w c:\windows\system32\pxinsi64.exe
2009-04-15 20:25 . 2009-05-06 06:33 129784 ------w c:\windows\system32\pxafs.dll
2009-04-06 23:34 . 2009-04-06 23:34 20747 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-04-06 23:34 . 2009-04-06 23:33 -------- d-----w c:\program files\Linksys Wireless-G USB Wireless Network Monitor
2009-04-06 23:20 . 2005-09-25 13:57 90112 ----a-w c:\windows\DUMP5553.tmp
2009-04-06 22:32 . 2009-03-06 23:46 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 22:32 . 2009-03-06 23:47 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-05 05:42 . 2009-04-05 05:42 253688 ----a-w c:\windows\system32\cssdll32.dll
2009-04-01 07:29 . 2005-09-25 13:57 90112 ----a-w c:\windows\DUMP4aa5.tmp
2009-03-06 14:22 . 2001-08-18 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2001-08-18 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2005-09-25 23:27 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2001-08-18 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2003-07-05 19:14 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2001-08-18 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2001-08-18 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2001-08-18 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-08 02:02 . 2001-08-17 13:48 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-02-14 06:04 . 2007-10-12 01:12 30720 --sha-w c:\windows\rnapxs\Rnapxs.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-05-06_21.29.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-08 21:16 . 2009-05-08 21:16 16384 c:\windows\Temp\Perflib_Perfdata_224.dat
+ 2009-05-07 08:09 . 2009-05-07 08:09 84661 c:\windows\system32\Macromed\Flash\uninstall_plugi n.exe
+ 2009-02-03 02:15 . 2009-02-03 02:15 240544 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUt il.exe
+ 2008-02-20 07:09 . 2009-05-08 21:14 483328 c:\windows\rnapxs\CSDK\urlcache\domainNames.dat
+ 2009-02-03 02:15 . 2009-02-03 02:15 3771296 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2008-02-20 07:09 . 2009-05-08 21:14 1114112 c:\windows\rnapxs\CSDK\urlcache\urlCacheDb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-02-20 68856]
"Taskbar Hide"="c:\program files\Taskbar Hide\TaskBar.exe" [2008-10-17 402432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"cctray"="c:\program files\CA\CA Internet Security Suite\casc.exe" [2009-02-18 374000]
"dvHighMem"="c:\windows\cfgmng32.exe" [2008-09-07 11333632]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-02-16 271600]
"CAPPActiveProtection"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe" [2009-02-16 324848]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-05-12 6729728]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-30 148888]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll" [2008-12-14 1376256]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-01-31 22:00 79368 ----a-w c:\windows\system32\UmxWNP.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
[HKLM\~\startupfolder\C:^Documents and Settings^MansourF^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\MansourF\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxS tart.sys [1/5/2009 11:36 AM 107512]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxA gent.sys [11/18/2008 12:14 PM 72696]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFil e.sys [6/24/2008 7:08 PM 45584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2009 12:43 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2009 12:43 PM 55024]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [4/6/2009 12:29 AM 128240]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/24/2008 7:08 PM 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.s ys [6/24/2008 7:08 PM 66576]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [12/12/2008 12:37 PM 1153528]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [12/10/2008 12:58 PM 797176]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [12/19/2008 1:59 PM 297464]
R2 WinSvchostManager;WinSock Svchost Manager;c:\windows\system32\svcprs32.exe [10/11/2007 6:12 PM 823296]
R2 WUSB54Gv42SVC;WUSB54Gv42SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [4/6/2009 4:34 PM 53307]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.s ys [12/12/2008 12:37 PM 205304]
R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [4/27/2009 7:57 PM 222448]
S1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [6/24/2008 7:08 PM 115216]
S3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [10/2/2005 11:50 AM 636416]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2009 12:43 PM 7408]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv. sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\winsflt.dll
LSP: c:\windows\system32\VetRedir.dll
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {0FAA926E-2AF4-11D3-9995-00A0CC3A27A9} - hxxp://hosted.timecentre.com/status61/Common/pvcombo.cab
DPF: {80A9E319-C338-4027-B1E2-FB73B54A326F} - hxxp://hosted.timecentre.com/status61/reports/DDExportFiles.CAB
DPF: {A71B416C-CB2C-45F4-A67C-39EA7532FECF} - hxxp://hosted.timecentre.com/status61/reports/ActiveReportExport.CAB
DPF: {E9C9692E-F93C-11D1-ABB0-0040054FC6FB} - hxxp://hosted.timecentre.com/status61/Common/pvdt80.cab
FF - ProfilePath - c:\documents and settings\MansourF\Application Data\Mozilla\Firefox\Profiles\svq6brue.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPStreamPlug.dll
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-08 14:17
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(676)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
- - - - - - - > 'lsass.exe'(736)
c:\windows\system32\winsflt.dll
- - - - - - - > 'explorer.exe'(2336)
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DL L
c:\windows\system32\mshtml.dll
c:\windows\system32\winsflt.dll
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll
c:\program files\Taskbar Hide\hook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Citrix\ICA Client\ssonsvr.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfsem.exe
c:\windows\system32\mdmcls32.exe
c:\windows\system32\mdmcls32.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
.
************************************************** ************************
.
Completion time: 2009-05-08 14:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-08 21:22
ComboFix2.txt 2009-05-06 21:32
Pre-Run: 27,172,597,760 bytes free
Post-Run: 27,526,115,328 bytes free
283 --- E O F --- 2009-04-30 01:13

I haven't seen it pop up in a log time

**sjb007** · #19 8th May 2009, 14:34

Hi there

All is looking good log wise.

Just an outdated version of Java to address. Older versions have vulnerabilities that malware can use to infect your system

Go to Add/Remove programs and uninstall the following:

Java(TM) SE Runtime Environment 6 Update 1

Once done.......

Click Start > select Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u

This will implement some cleanup procedures as well as reset System Restore points:

Now that you appear to be free from malware lets help you stay that way!

Update windows on a regular basis - If you do not have automatic updates enabled then

Visit Microsoft's Update Page and update your computer from there
Update your virus checker on a regular basis - It is no use having a virus checker with out of date definitions.
Keep an eye on your firewall. check what it wants to allow, do not simply allow everything, If there is any processes that you are unsure of then dont be afraid to ask for advice. For more information on firewalls read this article here

Make your Internet Explorer more secure - This can be done by following these simple instructions:

Open Internet Explorer, click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.

Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.

Safer Browsing
Use software such as Trendprotect or Sitehound to help you stay away from unsuspecting sites that have malicious purposes.
Use Spywareblaster to help prevent the installation of unwanted BHO's (Browser Helper Objects)

Use an alternative browser
Other browsers tend to be more secure than IE as they do not make use of active x objects, active x objects can be used by spyware as an infection point on your computer. Safer non active x browsers include Opera browser and, more recently, Firefox browser.

Computer Maintenance
Malware can breed in temporary locations. Use a program such as ccleaner slim to clear out temporary files your computer on a regular basis.

Scan your computer regularly for malware
Scan on a regular basis to keep your computer clean, free software such as Spybot's Search & Destroy and Adaware 2007 Free by Lavasoft can help you keep clear. These products are scan on demand and do not have active back ground scanning. These two products can be installed together without any complications.

Other alternative software that runs under licience and monitors your computer continuously in the background for malware is Malwarebytes Anti-Malware (MBAM) - Please note that this product can also be run as free without a licience but the background protection will not be active.

Secure your router
Change your routers default username and password, do not leave it at factory preset, doing so makes it easy for unauthorised access.

Encrypt your network. Set your wireless network encryption to a minimum level of WPA-PSK [TKIP]. This will help prevent any unauthorised users "piggybacking" onto your network and stealing your bandwidth which you have rightly paid for.

I have also included some security related articles that I advise you read through in your own time. These articles will give you tips and advice on preveting malware, and how to stay safe whilst browsing the internet.

-> So How Did I Get Infected In First Place - By TonyKlein
-> How to prevent Malware - By miekiemoes
-> I'm not pulling your leg, honest - By Sandi Hardmeie

**Kindly respond one more time and let me know if we may consider this thread resolved.

**computernoob64** · #20 8th May 2009, 21:28

Thanks for all your help. It can be closed.