Recently had malware

  1. 28-07-2010  #11
    Yuki
    Yuki is offline Full Member

    re: Recently had malware

    ComboFix 10-07-23.04 - Brandon 07/28/2010 12:40:00.9.1 - x86 NETWORK
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.603 [GMT -7:00]
    Running from: c:\documents and settings\Brandon\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Brandon\Desktop\CFScript.txt
    AV: avast! Antivirus *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    FILE ::
    "c:\windows\system32\ezsidmv.dat"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\ezsidmv.dat

    .
    ((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-28 )))))))))))))))))))))))))))))))
    .

    2010-10-21 19:16 . 2009-11-25 18:12 56832 ----a-w- c:\documents and settings\Brandon\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\update.exe
    2010-10-21 19:16 . 2010-04-21 22:46 59209 ----a-w- c:\documents and settings\Brandon\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\UninstallToolbar.exe
    2010-10-21 19:16 . 2009-11-25 18:12 42496 ----a-w- c:\documents and settings\Brandon\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\uninstall.exe
    2010-10-21 19:16 . 2010-02-16 18:57 197632 ----a-w- c:\documents and settings\Brandon\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\TbHelper2.exe
    2010-10-21 04:55 . 2010-10-21 06:35 -------- d-----w- c:\documents and settings\Brandon\Local Settings\Application Data\kdbemasbr
    2010-10-21 04:54 . 2010-10-21 04:54 -------- d-----w- c:\documents and settings\Brandon\Application Data\090CB9AF0895EE878659EC59B3E9A821
    2010-07-24 22:02 . 2004-08-04 11:00 8832 ----a-w- c:\windows\system32\drivers\rasacd.sys
    2010-07-24 22:02 . 2004-08-04 11:00 8832 ----a-w- c:\windows\system32\dllcache\rasacd.sys
    2010-07-24 06:53 . 2010-07-24 06:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-07-15 18:33 . 2010-07-15 18:33 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-07-13 21:47 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
    2010-07-13 07:11 . 2010-07-13 07:26 -------- d-----w- c:\documents and settings\Brandon\ResetGeneration
    2010-07-11 09:19 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-07-11 09:19 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-07-11 08:40 . 2010-07-11 10:25 -------- d-----w- c:\documents and settings\Brandon\Local Settings\Application Data\htmbldpvm
    2010-07-08 05:14 . 2010-07-28 07:05 -------- d-----w- c:\documents and settings\Brandon\Application Data\skypePM
    2010-07-08 05:14 . 2010-07-28 10:32 -------- d-----w- c:\documents and settings\Brandon\Application Data\Skype
    2010-07-08 05:12 . 2010-07-08 05:12 -------- d-----w- c:\program files\Common Files\Skype
    2010-07-08 05:12 . 2010-07-08 05:13 -------- d-----r- c:\program files\Skype
    2010-07-08 05:11 . 2010-07-08 05:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
    2010-07-06 07:39 . 2010-07-06 07:44 -------- d-----w- c:\documents and settings\Brandon\Local Settings\Application Data\Sony
    2010-07-06 07:16 . 2010-07-06 07:44 -------- d-----w- c:\program files\Common Files\Sony Shared
    2010-07-06 07:16 . 2010-07-06 07:16 10134 ----a-r- c:\documents and settings\Brandon\Application Data\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
    2010-07-06 07:15 . 2010-07-06 07:15 -------- d-----w- c:\documents and settings\Brandon\Local Settings\Application Data\Downloaded Installations
    2010-07-06 07:15 . 2010-07-06 07:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
    2010-07-06 07:15 . 2010-07-06 07:16 -------- d-----w- c:\program files\Sony
    2010-07-06 07:08 . 2010-07-06 07:27 -------- d-----w- c:\documents and settings\Brandon\Application Data\Sony
    2010-07-05 06:19 . 2010-07-05 06:19 -------- d-----w- c:\program files\Outsim

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2010-07-26 05:24 . 2009-06-19 02:44 -------- d-----w- c:\program files\Mozilla Firefox 3.5 Beta 4
    2010-07-25 02:25 . 2010-04-21 22:46 -------- d-----w- c:\program files\HyperCam Toolbar
    2010-07-24 06:52 . 2010-01-21 18:04 1324 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-07-15 18:33 . 2009-05-23 01:18 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-07-15 18:24 . 2009-05-23 01:18 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-07-11 10:35 . 2010-01-25 14:46 1 ----a-w- c:\documents and settings\Brandon\Application Data\OpenOffice.org\3\user\uno_packages\cache\stam p.sys
    2010-07-11 09:19 . 2009-04-20 06:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-05 06:26 . 2007-10-24 03:42 -------- d-----w- c:\program files\Image-Line
    2010-07-05 06:21 . 2007-10-24 04:11 -------- d-----w- c:\program files\ASIO4ALL v2
    2010-07-05 06:21 . 2007-10-24 03:44 -------- d-----w- c:\program files\VstPlugins
    2010-06-30 06:49 . 2010-04-22 20:32 439816 ----a-w- c:\documents and settings\Brandon\Application Data\Real\Update\setup3.10\setup.exe
    2010-06-28 09:25 . 2007-11-21 02:07 -------- d-----w- c:\program files\FLV Player
    2010-06-23 21:07 . 2006-12-14 06:31 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-06-14 14:31 . 2004-08-11 23:12 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    2010-06-12 04:28 . 2010-01-26 07:13 -------- d-----w- c:\documents and settings\Brandon\Application Data\Azureus
    2010-06-12 01:59 . 2009-03-10 06:09 -------- d-----w- c:\program files\NCH Software
    2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\31720\AdobeARM.exe
    2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\31720\AdobeExtractFiles. dll
    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\31720\ReaderUpdater.exe
    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\31720\AcrobatUpdater.exe
    2010-06-04 07:43 . 2010-06-04 07:43 -------- d-----w- c:\program files\Ultra Video Splitter
    2010-06-04 07:25 . 2010-06-04 07:21 -------- d-----w- c:\program files\Fx Splitter
    2010-06-04 06:49 . 2010-02-06 22:59 50354 ----a-w- c:\documents and settings\Brandon\Application Data\Facebook\uninstall.exe
    2010-06-04 06:48 . 2010-02-06 22:59 -------- d-----w- c:\documents and settings\Brandon\Application Data\Facebook
    2010-06-04 06:33 . 2010-06-04 06:33 -------- d-----w- c:\program files\Easy Video Splitter
    2010-06-03 08:04 . 2010-06-03 08:04 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
    2010-06-03 08:04 . 2010-06-03 08:03 -------- d-----w- c:\program files\AIM
    2010-06-03 08:03 . 2010-06-03 08:03 -------- d-----w- c:\program files\Common Files\Software Update Utility
    2010-06-03 08:03 . 2010-01-26 06:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
    2010-06-03 08:03 . 2010-01-26 06:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
    2010-06-02 19:42 . 2007-07-19 00:03 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-05-16 01:46 . 2010-05-16 01:46 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
    2010-05-16 01:46 . 2010-05-16 01:46 47360 ----a-w- c:\documents and settings\Brandon\Application Data\pcouffin.sys
    2010-05-16 01:46 . 2010-05-16 01:46 47360 ----a-w- c:\documents and settings\Brandon\Application Data\pcouffin.sys
    2010-05-04 17:20 . 2004-08-11 23:00 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-05-04 17:20 . 2004-08-11 23:00 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-05-04 17:20 . 2004-08-11 23:00 17408 ----a-w- c:\windows\system32\corpol.dll
    2010-05-02 05:22 . 2004-08-11 23:00 1851264 ----a-w- c:\windows\system32\win32k.sys
    2006-05-03 10:06 . 2007-02-06 04:09 163328 --sh--r- c:\windows\system32\flvDX.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-08-05 224712]
    "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-03-04 2937528]
    "igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-05-15 1103216]
    "Google Update"="c:\documents and settings\Brandon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-04-30 136176]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-17 1392640]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [2004-08-04 455168]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-15 2065760]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
    "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "BootSkin Startup Jobs"="c:\progra~1\Stardock\WINCUS~1\BootSkin\Boot Skin.exe" [2004-04-26 270336]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-06-22 185896]
    "Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-04-10 979344]

    c:\documents and settings\Brandon\Start Menu\Programs\Startup\
    OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2010-01-28 03:47 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-07-15 18:33 12536 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-05-27 00:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2007-06-22 06:23 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
    2009-11-20 18:57 2590456 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "TapiSrv"=3 (0x3)
    "FontCache3.0.0.0"=3 (0x3)
    "Fax"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Azureus\\Azureus.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
    "c:\\Program Files\\Last.fm\\LastFM.exe"=
    "c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=
    "%windir%\\system32\\drivers\\svchost.exe"=
    "c:\\Program Files\\Mozilla Firefox 3.5 Beta 4\\firefox.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Program Files\\AIM\\aim.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Documents and Settings\\Brandon\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
    "14868:TCP"= 14868:TCP:BitComet 14868 TCP
    "14868:UDP"= 14868:UDP:BitComet 14868 UDP
    "27754:TCP"= 27754:TCP:*isabled:SolidNetworkManager
    "27754:UDP"= 27754:UDP:*isabled:SolidNetworkManager
    "58193:TCP"= 58193:TCP:Pando Media Booster
    "58193:UDP"= 58193:UDP:Pando Media Booster

    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/22/2009 6:18 PM 243024]
    R3 Neo_Yukichin;SoftEther VPN Client 2.0 Device Driver - Yukichin;c:\windows\system32\drivers\Neo_Yukichin. sys [1/10/2008 3:01 PM 15232]
    S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/22/2009 6:18 PM 216400]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
    S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/15/2010 11:32 AM 308136]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 7:49 AM 1029456]
    S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 3:06 AM 21632]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/7/2007 7:06 PM 722416]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - MDMXSDK
    .
    Contents of the 'Scheduled Tasks' folder

    2010-07-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 23:05]

    2010-10-21 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

    2010-05-16 c:\windows\Tasks\expressburnSevenDaysInit.job
    - c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-05-16 23:02]

    2010-05-26 c:\windows\Tasks\expressburnShakeIcon.job
    - c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-05-16 23:02]

    2010-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292892305-2415605640-3664216660-1006Core.job
    - c:\documents and settings\Brandon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-30 22:37]

    2010-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292892305-2415605640-3664216660-1006UA.job
    - c:\documents and settings\Brandon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-30 22:37]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    DPF: {4DD988A3-8A9A-4CC1-A763-F822C09E4315} - hxxp://www.va-sa-ra.co.jp/mgx/win/MGXPlugin.cab
    DPF: {C14C061A-6C24-43AC-97C3-B9135B4AB332} - hxxp://www.va-sa-ra.co.jp/mgx2/win/MGX2Plugin.cab
    FF - ProfilePath - c:\documents and settings\Brandon\Application Data\Mozilla\Firefox\Profiles\7gp1154m.default\
    FF - prefs.js: browser.startup.homepage - hxxp://hikaruforums.net/
    FF - component: c:\documents and settings\Brandon\Application Data\Mozilla\Firefox\Profiles\7gp1154m.default\ext ensions\twitternotifier@naan.net\platform\WINNT\co mponents\nsTwitterFoxSign.dll
    FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
    FF - component: c:\program files\Mozilla Firefox 3.5 Beta 4\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
    FF - plugin: c:\documents and settings\Brandon\Application Data\Facebook\npfbplugin_1_0_1.dll
    FF - plugin: c:\documents and settings\Brandon\Application Data\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\documents and settings\Brandon\Application Data\Move Networks\plugins\npqmp071503000010.dll
    FF - plugin: c:\documents and settings\Brandon\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dl l
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Download Manager\npfpdlm.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Mozilla Firefox 3.5 Beta 4\plugins\npPandoWebInst.dll
    FF - plugin: c:\program files\Sony\Media Go\npmediago.dll
    FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: c:\windows\system32\Panda Software\ActiveScan2\npwrapper.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false);
    c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    .

    ************************************************** ************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2010-07-28 12:51
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    ************************************************** ************************

    [HKEY_LOCAL_MACHINE\System\ControlSet005\Services\n pggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(844)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\windows\system32\Ati2evxx.dll
    c:\windows\System32\BCMLogon.dll
    .
    Completion time: 2010-07-28 12:54:24
    ComboFix-quarantined-files.txt 2010-07-28 19:54
    ComboFix2.txt 2010-07-25 21:42
    ComboFix3.txt 2010-07-25 02:54

    Pre-Run: 4,112,949,248 bytes free
    Post-Run: 4,093,472,768 bytes free

    Current=5 Default=5 Failed=2 LastKnownGood=6 Sets=1,2,3,4,5,6
    - - End Of File - - 27E2C1FED407951079F00A426B75F234

  3. 28-07-2010  #12
    broni
    broni is offline Senior Member
    Save 20% on AVG Internet Security 2012 Suite!
    Good

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start>"Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall"
    Click OK (Vista users - press Enter).
    Restart computer.

    ================================================== =======

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    /md5start
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Closed Thread
Page 2 of 2 FirstFirst 1 2
« Various XP Problems (Internet Connection/ Hackers/ Malware) | Google Redirecting....again. »