Jump to content

stupidPC

Members
  • Posts

    7
  • Joined

  • Last visited

Everything posted by stupidPC

  1. One last thing, please: Today, AVG ResidentShield keeps reporting that Trojan Fake AV is detected but inaccessible, but when I run MBAM, it finds nothing. Would that suggest that AVG is malfunctioning? Sometimes my different anti-malware programs pick up different stuff, I've realized. Thanks again.
  2. It seems that they are (crossing fingers) totally fantastic. In addition to getting rid of AV Security, the ComboFix program cured a bunch of other stuff, too! My search links were highjacked for months, and I couldn't access Gmail, and even had a fake version of Google that came up on Mozilla, but those awful symptoms are all gone! Windows Security randomly downloaded something and restarted without my permission, but I think that's okay. Thank you so, so much! You have no idea how happy I am to be able to use real Google and Gmail again. I hope it stays this way! Thanks again. P.S. Can I use "Combo-Fix" again if I get another virus?
  3. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4282 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 7/6/2010 8:44:39 AM mbam-log-2010-07-06 (08-44-39).txt Scan type: Quick scan Objects scanned: 130613 Time elapsed: 10 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  4. Here's the log from ComboFix: ComboFix 10-07-04.04 - j-dawg 07/05/2010 15:23:37.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.380 [GMT -8:00] Running from: c:\documents and settings\j-dawg\Desktop\Combo-Fix.exe AV: Sophos Anti-Virus *On-access scanning disabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD} FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\pragmamfeklnmal.dll c:\documents and settings\All Users\Favorites\_favdata.dat c:\documents and settings\j-dawg\Application Data\a256fb97-162a-4558-be23-08ae4bbcb195_42.avi c:\documents and settings\NetworkService\Local Settings\Application Data\cmtaihmyx c:\documents and settings\NetworkService\Local Settings\Application Data\cmtaihmyx\yuujppstssd.exe C:\s c:\windows\PRAGMAvrevxtuidt c:\windows\PRAGMAvrevxtuidt\PRAGMAd.sys c:\windows\system32\11478.exe c:\windows\system32\11942.exe c:\windows\system32\14604.exe c:\windows\system32\15724.exe c:\windows\system32\16827.exe c:\windows\system32\18467.exe c:\windows\system32\19169.exe c:\windows\system32\23281.exe c:\windows\system32\24464.exe c:\windows\system32\26500.exe c:\windows\system32\26962.exe c:\windows\system32\28145.exe c:\windows\system32\29358.exe c:\windows\system32\2995.exe c:\windows\system32\32391.exe c:\windows\system32\3902.exe c:\windows\system32\4827.exe c:\windows\system32\491.exe c:\windows\system32\5436.exe c:\windows\system32\5705.exe c:\windows\system32\6334.exe c:\windows\system32\9961.exe c:\windows\system32\PRAGMAbjoqylpssi.dat c:\windows\system32\PRAGMAbvsefphulq.dat c:\windows\system32\PRAGMAbvtnemuwor.dat c:\windows\system32\PRAGMAbwnwecmbdj.dll c:\windows\system32\PRAGMAbyfquftitu.dat c:\windows\system32\PRAGMAcqnwjddxmu.log c:\windows\system32\PRAGMAdtpvyuefwo.dll c:\windows\system32\PRAGMAefxtcyhgic.dll c:\windows\system32\PRAGMAeholwwgipv.dll c:\windows\system32\PRAGMAeqvrviripf.dat c:\windows\system32\PRAGMAettbqpfvnq.dll c:\windows\system32\PRAGMAewmeshiqpc.dat c:\windows\system32\PRAGMAgcktqvnscr.dat c:\windows\system32\PRAGMAhorvjksinl.dll c:\windows\system32\PRAGMAhutnvrttkp.dat c:\windows\system32\PRAGMAidltruxjvu.dll c:\windows\system32\pragmaidltruxjvu.dll.uss_dis c:\windows\system32\PRAGMAixrevspikp.dat c:\windows\system32\PRAGMAjcoclxofax.dll c:\windows\system32\PRAGMAjkcjmpkggx.dll c:\windows\system32\PRAGMAkjwkdlyoya.dll c:\windows\system32\PRAGMAktvvmgksao.dll c:\windows\system32\pragmaktvvmgksao.dll.uss_dis c:\windows\system32\PRAGMAlpnrtuodym.dll c:\windows\system32\PRAGMAlvjgavklqu.dll c:\windows\system32\PRAGMAmcxfkfeymq.dll c:\windows\system32\PRAGMAmqwefjnwhx.dat c:\windows\system32\PRAGMAmtympqjpwt.dat c:\windows\system32\PRAGMAnwxnfqstid.dat c:\windows\system32\PRAGMApbavvbxdow.dll c:\windows\system32\PRAGMApevsrvlftn.dat c:\windows\system32\PRAGMApinlkyxetb.dat c:\windows\system32\PRAGMApmituomirc.dll c:\windows\system32\PRAGMApqfwbdrhvp.dat c:\windows\system32\PRAGMApromohrfcx.log c:\windows\system32\PRAGMAputejuevts.dll c:\windows\system32\PRAGMAqecvsnbfta.dat c:\windows\system32\PRAGMAqjgqxtnptn.dat c:\windows\system32\PRAGMArarixswqhi.dll c:\windows\system32\PRAGMAsieviycykc.dat c:\windows\system32\PRAGMAsqciqxolns.dat c:\windows\system32\PRAGMAtgrcsttxhp.dll c:\windows\system32\PRAGMAtputowxtgv.dll c:\windows\system32\PRAGMAtqvijconog.dll c:\windows\system32\PRAGMAvpdttfdibc.dat c:\windows\system32\PRAGMAwtmkytwpnm.dll c:\windows\system32\PRAGMAwyllsnobap.log c:\windows\system32\PRAGMAxbquansyhd.dll c:\windows\system32\PRAGMAxmxlcnxqve.dat c:\windows\system32\PRAGMAycvivrqrns.dat c:\windows\system32\PRAGMAyhfbecapwm.dll c:\windows\system32\PRAGMAyrwlmoiybs.log c:\windows\TEMP\logishrd\LVPrcInj02.dll c:\windows\xpsp1hfm.log Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected Restored copy from - Kitty had a snack . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_PRAGMAd.sys -------\Legacy_PRAGMAVREVXTUIDT -------\Service_PRAGMAvrevxtuidt ((((((((((((((((((((((((( Files Created from 2010-06-05 to 2010-07-05 ))))))))))))))))))))))))))))))) . 2010-07-05 19:21 . 2010-04-29 23:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-05 19:21 . 2010-07-05 19:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-05 19:21 . 2010-04-29 23:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-16 16:22 . 2010-06-16 16:22 -------- d-----w- c:\documents and settings\j-dawg\Application Data\SUPERAntiSpyware.com 2010-06-16 16:22 . 2010-06-16 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-06-16 16:20 . 2010-06-16 16:20 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-06-16 16:16 . 2010-06-16 16:16 -------- d-----w- c:\documents and settings\j-dawg\Local Settings\Application Data\Help 2010-06-10 02:43 . 2010-06-10 02:43 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure 2010-06-06 03:17 . 2010-06-06 03:17 96512 ----a-w- c:\windows\system32\drivers\hafcqatd.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-05 19:15 . 2010-04-20 03:38 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-07-05 18:29 . 2010-04-22 04:46 0 ----a-w- c:\documents and settings\j-dawg\Local Settings\Application Data\prvlcl.dat 2010-07-01 03:24 . 2010-06-16 16:23 63488 ----a-w- c:\documents and settings\j-dawg\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-07-01 03:24 . 2010-06-16 16:23 117760 ----a-w- c:\documents and settings\j-dawg\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-06-16 16:23 . 2010-06-16 16:23 52224 ----a-w- c:\documents and settings\j-dawg\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-06-11 18:07 . 2007-11-02 02:50 119512 ----a-w- c:\documents and settings\j-dawg\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-08 03:26 . 2009-08-20 20:45 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-06-03 10:51 . 2009-12-18 03:39 130088 ----a-w- c:\windows\system32\sdccoinstaller.dll 2010-06-03 10:51 . 2009-02-26 14:34 111232 ----a-w- c:\windows\system32\drivers\savonaccesscontrol.sys 2010-06-03 10:50 . 2009-02-26 14:35 38912 ----a-w- c:\windows\system32\drivers\savonaccessfilter.sys 2010-06-02 17:28 . 2010-04-20 03:39 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-06-02 17:28 . 2010-04-20 03:39 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-05-30 05:41 . 2010-05-30 05:41 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer 2010-05-25 07:56 . 2010-05-25 07:56 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM 2010-04-20 10:09 . 2010-05-11 03:12 30552 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4506.2.4\Uninstaller.exe 2010-04-20 03:39 . 2010-04-20 03:39 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-04-20 03:39 . 2010-04-20 03:39 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-04-13 22:30 . 2007-11-02 03:07 54056 ----a-w- c:\documents and settings\j-dawg\Application Data\wklnhst.dat 2010-04-12 05:41 . 2009-11-13 02:16 79488 ----a-w- c:\documents and settings\j-dawg\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2010-04-19 18:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-03 68856] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-07 2403568] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-23 1392640] "SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 282624] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184] "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-10-23 26112] "dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-23 1862144] "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-26 267064] "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-15 565008] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-15 2407184] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-06 413696] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-10-03 221184] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2005-07-23 172032] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-07-23 49152] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-02 2065248] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2008-07-26 439568] c:\documents and settings\All Users\Start Menu\Programs\Startup\ AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2009-7-2 245760] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-10-23 24576] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-04-20 03:39 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ \0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService] @="service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\AOL\\1193153808\\EE\\AOLServiceHost.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Documents and Settings\\j-dawg\\Desktop\\FileFormatConverters.exe"= "c:\\Program Files\\Sophos\\Sophos Anti-Virus\\SavMain.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/19/2010 7:39 PM 216200] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/19/2010 7:39 PM 242896] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67656] R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2/26/2009 6:34 AM 111232] R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2/26/2009 6:35 AM 38912] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [4/19/2010 7:38 PM 308064] R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [10/28/2009 10:16 AM 80936] R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [9/30/2008 4:31 AM 98304] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/3/2007 8:56 AM 24652] S1 nsqygjmw;nsqygjmw;\??\c:\windows\system32\drivers\nsqygjmw.sys --> c:\windows\system32\drivers\nsqygjmw.sys [?] S1 xkmeailf;xkmeailf;\??\c:\windows\system32\drivers\xkmeailf.sys --> c:\windows\system32\drivers\xkmeailf.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/21/2010 3:08 PM 135664] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [4/19/2010 7:39 PM 430152] S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\j-dawg\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\j-dawg\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?] S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [9/30/2008 4:33 AM 14976] . Contents of the 'Scheduled Tasks' folder 2010-06-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34] 2010-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 23:08] 2010-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 23:08] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyServer = http=127.0.0.1:5577 uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll FF - ProfilePath - c:\documents and settings\j-dawg\Application Data\Mozilla\Firefox\Profiles\6eci0mio.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= FF - prefs.js: network.proxy.http - proxy.library.ubc.ca FF - prefs.js: network.proxy.http_port - 8000 FF - prefs.js: network.proxy.type - 0 FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - plugin: c:\documents and settings\j-dawg\Application Data\Mozilla\Firefox\Profiles\6eci0mio.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - Toolbar-{AE6DF15C-242C-41FB-BA83-16FB08FD4977} - c:\windows\system32\winnc75.dll WebBrowser-{AE6DF15C-242C-41FB-BA83-16FB08FD4977} - c:\windows\system32\winnc75.dll HKCU-Run-a256fb97-162a-4558-be23-08ae4bbcb195_42 - c:\documents and settings\j-dawg\Application Data\a256fb97-162a-4558-be23-08ae4bbcb195_42.avi SharedTaskScheduler-{792ef84a-8ba5-407e-877d-4ec92c4105f8} - (no file) SSODL-sovenirol-{792ef84a-8ba5-407e-877d-4ec92c4105f8} - (no file) AddRemove-BFG-Diner Dash: Hometown Hero - c:\program files\Diner Dash Hometown Hero\Uninstall.exe AddRemove-Mozilla Firefox (2.0.0.12) - e:\portapps\PortableApps\FirefoxPortable\App\firefox\uninstall\helper.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-05 15:40 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(820) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\Ati2evxx.dll c:\windows\System32\BCMLogon.dll - - - - - - - > 'explorer.exe'(9024) c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Roxio\Drag-to-Disc\Shellex.dll c:\windows\system32\DLAAPI_W.DLL c:\windows\system32\CDRTC.DLL c:\program files\Roxio\Drag-to-Disc\ShellRes.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\SUPERAntiSpyware\SASSEH.DLL c:\windows\system32\wpdshext.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\program files\Common Files\AOL\ACS\AOLAcsd.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Sophos\AutoUpdate\ALsvc.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\ATI Technologies\ATI.ACE\CLI.EXE c:\windows\stsystra.exe c:\windows\system32\wscntfy.exe c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe c:\program files\ATI Technologies\ATI.ACE\cli.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2010-07-05 15:49:37 - machine was rebooted ComboFix-quarantined-files.txt 2010-07-05 23:49 Pre-Run: 5,513,543,680 bytes free Post-Run: 8,186,671,104 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 6480967A7290A84AB51356ABC7236876
  5. Hi Borislav- Thanks for your help. I really appreciate it. How do I disable Sophos (which is in my toolbar, and has been detected by ComboFix)? Janet
  6. I'm trying really hard to remove AV Security. I first tried AVG (which got some stuff) and SuperAntiSpyware (which seemed to delete it... about four times). Keeps coming back. I followed the instructions on bleepingcomputer to remove it, including running the rkill program (which helps) before running MBAM. However: 1. Whenever I try to run my computer in Safe Mode or Safe Mode with Networking, the boot menu runs through a bunch of commands on screen but ALWAYS freezes at: multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\System32\Drivers.Mup.sys I think that my inability to get into Safe Mode (for whatever evil reasion) is causing.... 2. MBAM crashes towards the end of the scan, each time (though AV never pops up once I've run the rkill), after getting my hopes up by finding 26 items. Please, please help! I work online, and I'm at the end of my rope.
  7. I'm trying really hard to remove AV Security. I first tried AVG (which got some stuff) and SuperAntiSpyware (which seemed to delete it... about four times). Keeps coming back. I followed the instructions on bleepingcomputer to remove it, including running the rkill program (which helps) before running MBAM. However: 1. Whenever I try to run my computer in Safe Mode or Safe Mode with Networking, the boot menu runs through a bunch of commands on screen but ALWAYS freezes at: multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\System32\Drivers.Mup.sys I think that my inability to get into Safe Mode (for whatever evil reasion) is causing.... 2. MBAM crashes towards the end of the scan, each time (though AV never pops up once I've run the rkill), after getting my hopes up by finding 26 items. Please, please help! I work online, and I'm at the end of my rope. This one is tricky as *bleep*.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.