Jump to content

Pyro101

Honorary Members
 View Profile  See their activity

  • Posts

    33

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Pyro101
    My mouse still double-clicks a lot, but aside from that, all's good! Thanks again LDTate!
  2. Pyro101
    ComboFix 10-11-27.01 - Ben 11/28/2010 12:50:51.6.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.568 [GMT -5:00] Running from: c:\documents and settings\Ben\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Ben\Desktop\CFScript.txt AV: Norton Security Suite *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Security Suite *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2010-10-28 to 2010-11-28 ))))))))))))))))))))))))))))))) . 2010-11-25 01:56 . 2010-11-25 01:56 -------- d-----w- c:\program files\ESET 2010-11-16 02:41 . 2010-11-16 03:16 -------- d-----w- c:\windows\system32\XPSViewer 2010-11-16 02:41 . 2010-11-16 02:41 -------- d-----w- c:\program files\MSBuild 2010-11-16 02:41 . 2010-11-16 02:41 -------- d-----w- c:\program files\Reference Assemblies 2010-11-16 02:40 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-11-16 02:40 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2010-11-16 02:40 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2010-11-16 02:40 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll 2010-11-16 02:40 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2010-11-16 02:40 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll 2010-11-16 02:40 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2010-11-16 02:40 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2010-11-16 02:40 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2010-11-14 15:02 . 2010-11-14 15:03 -------- d-----w- c:\program files\DYMO Scale Manager 2010-11-11 03:31 . 2010-11-11 03:36 -------- d-----w- c:\program files\Magic Workstation 2010-11-06 16:37 . 2010-11-06 16:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll 2010-11-06 16:37 . 2010-11-06 16:37 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-18 16:23 . 2004-08-10 20:00 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2004-08-10 20:00 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2004-08-10 20:00 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53 . 2004-08-10 20:00 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-15 09:50 . 2010-08-27 21:00 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-09-15 07:29 . 2010-08-27 21:00 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-09-10 05:58 . 2005-07-03 02:11 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-10 05:58 . 2004-08-10 20:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-10 05:58 . 2004-08-10 20:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-09-01 11:51 . 2004-08-10 20:00 285824 ----a-w- c:\windows\system32\atmfd.dll 2010-08-31 13:42 . 2005-03-02 01:06 1852800 ----a-w- c:\windows\system32\win32k.sys 2008-09-03 01:21 . 2008-09-03 01:20 1567232 ----a-w- c:\program files\SteamInstall.msi 2006-08-14 15:03 . 2006-08-14 15:03 774144 ----a-w- c:\program files\RngInterstitial.dll . ------- Sigcheck ------- [7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfcfiles.dll [7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll [-] 2004-08-10 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll c:\windows\System32\sfcfiles.dll ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aim"="c:\program files\AIM\aim.exe" [2006-08-01 67112] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "SoundMan"="SOUNDMAN.EXE" [2005-09-22 90112] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168] "nwiz"="nwiz.exe" [2007-09-17 1626112] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008] "ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-12 45056] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952] "eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-10-31 393216] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-10-14 45056] "REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248] "ADUserMon"="c:\program files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 147456] "Iomega Drive Icons"="c:\program files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 86016] "Deskup"="c:\program files\Iomega\DriveIcons\deskup.exe" [2002-07-16 32768] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-17 81920] "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-07-30 177448] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160] "nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2006-05-01 1042000] c:\documents and settings\Sam\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\documents and settings\Ben\Start Menu\Programs\Startup\ MEMonitor.lnk - c:\program files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2008-4-14 947544] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784] Wireless 802.11g USB Adapter.lnk - c:\program files\Wireless 802.11g USB Adapter\ZDWlan.exe [2004-11-19 425984] Wireless Network Monitor.lnk - c:\program files\Linksys\WUSB600N\WUSB600N.exe [2008-1-9 6922240] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-03 19:56 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunesHelper.exe"= "c:\\Program Files\\Iomega\\DriveIcons\\IomUpdateIcons.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\NewTech Infosystems\\NTI CD & DVD-Maker 7\\ntiMUI.exe"= "c:\\WINDOWS\\ehome\\ehRec.exe"= "c:\\WINDOWS\\system32\\regsvr32.exe"= "c:\\Program Files\\Microsoft Office\\Office\\OSA9.EXE"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM7\\aim.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\magic the gathering - duels of the planeswalkers\\DotP.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "67:UDP"= 67:UDP:DHCP Discovery Service R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/4/2008 1:50 PM 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/4/2008 1:50 PM 55024] R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [7/30/2008 1:23 PM 161064] R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [2/26/2010 11:04 PM 117640] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS --> c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [?] S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\Drivers\N360\0308000.029\BHDrvx86.sys --> c:\windows\system32\Drivers\N360\0308000.029\BHDrvx86.sys [?] S1 ccHP;Symantec Hash Provider;c:\windows\system32\Drivers\N360\0308000.029\ccHPx86.sys --> c:\windows\system32\Drivers\N360\0308000.029\ccHPx86.sys [?] S1 IDSxpx86;IDSxpx86;\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100805.004\IDSxpx86.sys --> c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100805.004\IDSxpx86.sys [?] S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [10/6/2004 12:39 PM 283904] S3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\AE1000XP.sys [10/17/2010 3:18 PM 816672] S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [10/4/2004 8:28 AM 43392] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/25/2010 6:37 PM 102448] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 10:49 PM 18688] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 10:49 PM 8320] S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 7:18 PM 23680] S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?] S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?] S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [2/1/2007 3:39 PM 31872] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/4/2008 1:50 PM 7408] S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\StumbleUpon\StumbleUponUpdateService.exe [6/3/2009 3:52 PM 120168] . Contents of the 'Scheduled Tasks' folder 2010-10-31 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2010-11-28 c:\windows\Tasks\User_Feed_Synchronization-{8C6AE620-BD03-431F-AF31-A0E9A36DF361}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 08:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = hxxp://www.hackerwatch.org/library/app/feedback/?Md5=0337F4162BC241726590604ECC11524C&hwid=23E15AC501525BDD IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage FF - ProfilePath - c:\documents and settings\Ben\Application Data\Mozilla\Firefox\Profiles\ibh42uoc.default\ FF - prefs.js: browser.startup.homepage - hxxp://google.com/ FF - prefs.js: network.proxy.type - 0 FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-28 13:05 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2BC9C452-BB57-4896-A9A2-64611E06C9AA}\Implemented Categories\{00021493-0000-0000-C000-000000000046}] @DACL=(02 0000) @="" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(680) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(2056) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\program files\Iomega\DriveIcons\IMGHOOK.DLL c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\progra~1\Iomega\System32\AppServices.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\SearchIndexer.exe c:\program files\Iomega\AutoDisk\ADService.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Pure Networks\Network Magic\nmsrvc.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\windows\SOUNDMAN.EXE c:\windows\eHome\ehmsas.exe c:\windows\system32\RUNDLL32.EXE c:\windows\system32\SearchProtocolHost.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\SearchFilterHost.exe . ************************************************************************** . Completion time: 2010-11-28 13:11:46 - machine was rebooted ComboFix-quarantined-files.txt 2010-11-28 18:11 ComboFix2.txt 2010-11-26 17:53 ComboFix3.txt 2010-08-25 19:25 Pre-Run: 41,996,566,528 bytes free Post-Run: 42,139,078,656 bytes free - - End Of File - - CAC697FFAB5187F6DC430F0D74E92601
  3. Pyro101
    ComboFix 10-11-25.06 - Ben 11/26/2010 12:36:33.5.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.453 [GMT -5:00] Running from: c:\documents and settings\Ben\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Norton Security Suite *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Security Suite *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\notepad.exe c:\windows\system32\arp.exe . ((((((((((((((((((((((((( Files Created from 2010-10-26 to 2010-11-26 ))))))))))))))))))))))))))))))) . 2010-11-25 01:56 . 2010-11-25 01:56 -------- d-----w- c:\program files\ESET 2010-11-16 02:41 . 2010-11-16 03:16 -------- d-----w- c:\windows\system32\XPSViewer 2010-11-16 02:41 . 2010-11-16 02:41 -------- d-----w- c:\program files\MSBuild 2010-11-16 02:41 . 2010-11-16 02:41 -------- d-----w- c:\program files\Reference Assemblies 2010-11-16 02:40 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-11-16 02:40 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2010-11-16 02:40 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2010-11-16 02:40 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll 2010-11-16 02:40 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2010-11-16 02:40 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll 2010-11-16 02:40 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2010-11-16 02:40 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2010-11-16 02:40 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2010-11-14 15:02 . 2010-11-14 15:03 -------- d-----w- c:\program files\DYMO Scale Manager 2010-11-11 03:31 . 2010-11-11 03:36 -------- d-----w- c:\program files\Magic Workstation 2010-11-06 16:37 . 2010-11-06 16:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll 2010-11-06 16:37 . 2010-11-06 16:37 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-23 02:26 . 2010-08-23 19:06 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-11-02 14:26 . 2010-08-23 19:06 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-09-18 16:23 . 2004-08-10 20:00 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2004-08-10 20:00 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2004-08-10 20:00 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53 . 2004-08-10 20:00 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-15 09:50 . 2010-08-27 21:00 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-09-15 07:29 . 2010-08-27 21:00 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-09-10 05:58 . 2005-07-03 02:11 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-10 05:58 . 2004-08-10 20:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-10 05:58 . 2004-08-10 20:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-09-01 11:51 . 2004-08-10 20:00 285824 ----a-w- c:\windows\system32\atmfd.dll 2010-08-31 13:42 . 2005-03-02 01:06 1852800 ----a-w- c:\windows\system32\win32k.sys 2008-09-03 01:21 . 2008-09-03 01:20 1567232 ----a-w- c:\program files\SteamInstall.msi 2006-08-14 15:03 . 2006-08-14 15:03 774144 ----a-w- c:\program files\RngInterstitial.dll . ------- Sigcheck ------- [7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfcfiles.dll [7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll [-] 2004-08-10 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll c:\windows\System32\sfcfiles.dll ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aim"="c:\program files\AIM\aim.exe" [2006-08-01 67112] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "SoundMan"="SOUNDMAN.EXE" [2005-09-22 90112] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168] "nwiz"="nwiz.exe" [2007-09-17 1626112] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008] "ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-12 45056] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952] "eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-10-31 393216] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-10-14 45056] "REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248] "ADUserMon"="c:\program files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 147456] "Iomega Drive Icons"="c:\program files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 86016] "Deskup"="c:\program files\Iomega\DriveIcons\deskup.exe" [2002-07-16 32768] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-17 81920] "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-07-30 177448] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160] "nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2006-05-01 1042000] c:\documents and settings\Sam\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\documents and settings\Ben\Start Menu\Programs\Startup\ MEMonitor.lnk - c:\program files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2008-4-14 947544] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784] Wireless 802.11g USB Adapter.lnk - c:\program files\Wireless 802.11g USB Adapter\ZDWlan.exe [2004-11-19 425984] Wireless Network Monitor.lnk - c:\program files\Linksys\WUSB600N\WUSB600N.exe [2008-1-9 6922240] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-03 19:56 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunesHelper.exe"= "c:\\Program Files\\Iomega\\DriveIcons\\IomUpdateIcons.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\NewTech Infosystems\\NTI CD & DVD-Maker 7\\ntiMUI.exe"= "c:\\WINDOWS\\ehome\\ehRec.exe"= "c:\\WINDOWS\\system32\\regsvr32.exe"= "c:\\Program Files\\Microsoft Office\\Office\\OSA9.EXE"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM7\\aim.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\magic the gathering - duels of the planeswalkers\\DotP.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "67:UDP"= 67:UDP:DHCP Discovery Service R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/4/2008 1:50 PM 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/4/2008 1:50 PM 55024] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/23/2010 2:06 PM 135336] R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [7/30/2008 1:23 PM 161064] R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [2/26/2010 11:04 PM 117640] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS --> c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [?] S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\Drivers\N360\0308000.029\BHDrvx86.sys --> c:\windows\system32\Drivers\N360\0308000.029\BHDrvx86.sys [?] S1 ccHP;Symantec Hash Provider;c:\windows\system32\Drivers\N360\0308000.029\ccHPx86.sys --> c:\windows\system32\Drivers\N360\0308000.029\ccHPx86.sys [?] S1 IDSxpx86;IDSxpx86;\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100805.004\IDSxpx86.sys --> c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100805.004\IDSxpx86.sys [?] S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [10/6/2004 12:39 PM 283904] S3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\AE1000XP.sys [10/17/2010 3:18 PM 816672] S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [10/4/2004 8:28 AM 43392] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/25/2010 6:37 PM 102448] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 10:49 PM 18688] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 10:49 PM 8320] S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 7:18 PM 23680] S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?] S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?] S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [2/1/2007 3:39 PM 31872] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/4/2008 1:50 PM 7408] S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\StumbleUpon\StumbleUponUpdateService.exe [6/3/2009 3:52 PM 120168] . Contents of the 'Scheduled Tasks' folder 2010-10-31 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2010-11-26 c:\windows\Tasks\User_Feed_Synchronization-{8C6AE620-BD03-431F-AF31-A0E9A36DF361}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 08:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = hxxp://www.hackerwatch.org/library/app/feedback/?Md5=0337F4162BC241726590604ECC11524C&hwid=23E15AC501525BDD uInternet Settings,ProxyOverride = *.local;<local> uInternet Settings,ProxyServer = http=127.0.0.1:5555 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage FF - ProfilePath - c:\documents and settings\Ben\Application Data\Mozilla\Firefox\Profiles\ibh42uoc.default\ FF - prefs.js: browser.startup.homepage - hxxp://google.com/ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-26 12:47 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2BC9C452-BB57-4896-A9A2-64611E06C9AA}\Implemented Categories\{00021493-0000-0000-C000-000000000046}] @DACL=(02 0000) @="" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(680) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll . Completion time: 2010-11-26 12:53:19 ComboFix-quarantined-files.txt 2010-11-26 17:53 ComboFix2.txt 2010-08-25 19:25 Pre-Run: 41,317,580,800 bytes free Post-Run: 41,991,872,512 bytes free - - End Of File - - DBB589AF22E9938249E936F2C2BB3E43
  4. Pyro101
    No good. Still blanks after a few hours. Could it just be old?
  5. Pyro101
    ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=4f42d6e4ba084247bcd663e7fa30ce1f # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-11-25 03:03:39 # local_time=2010-11-24 10:03:39 (-0500, Eastern Standard Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 49706823 49706823 0 0 # compatibility_mode=1536 16777215 100 0 0 0 0 0 # compatibility_mode=1797 16775125 100 93 0 48800603 0 0 # compatibility_mode=3584 16777195 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=107150 # found=2 # cleaned=2 # scan_time=3513 C:\Documents and Settings\Sam\My Documents\Sam's Awesome Folder\Sam's Work Folder\Install_AIM.exe Win32/Adware.WBug.A application (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Sam\My Documents\Sam's Awesome Folder\Sam's Work Folder\Writings\received\Install_AIM.exe Win32/Adware.WBug.A application (deleted - quarantined) 00000000000000000000000000000000 C
  6. Pyro101
    Yeah, my Dad just thinks my computer is really old. So, when it finished updating, I got the following message: "Update has failed The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab. Successful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet connection. Please make sure that the Internet connection is established. [ERROR: License has expired]" Where on the website do I go to find the scanner?
  7. Pyro101
    So, I ran Malware Bytes, and it came up with two infected items. I clicked to remove them, it said that it did, and then a warning window popped up about how I can't make a log or something because of something but - surprise, surprise - the text disappeared. Really inconvinient. It said I needed to restart to finish the process so I did, but of course it didn't save a log for some reason. So I ran it again, found no infected stuff. Make of it what you will (As a side note, I forgot to mention that my mouse seems to double-click a lot so it's hard to navigate menus on the internet sometimes - but that may just be a sensitive mouse. Still, something worth considering as a symptom): Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5178 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 11/23/2010 8:52:00 PM mbam-log-2010-11-23 (20-52-00).txt Scan type: Quick scan Objects scanned: 202544 Time elapsed: 11 minute(s), 12 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  8. Pyro101
    So I've done everything up to downloading Malware Bytes because I wanted to ask you: is it alright if I have it from a previous help session as long as I update it? And if so, do I still have to rename it, or should I just tell you that I already have it?
  9. Pyro101
    Hello again. I believe this is my fourth time here or something. I promise I take good care of my computer! xP Anyway, the problem is kinda hard to explain: when my computer's been on for about 3 hours or so, it starts to wipe text away. I mean wipe. If you try to highlight something, the text disappears, with the page intact. Then tabs start to vanish, the internet freezes, and I can't run any programs because of some warning I can't read because the text isn't there. When I restart the computer it goes away, only to start happening again in a few hours. Sometimes I think it almost reverts back to an older version of Windows or something. I just went from wireless to a connection straight into the router, and while I doubt this is the cause, nothing like this happened before that. So, in summation, I don't know what's wrong with my computer, and I would really like to fix it. Thank you!
  10. Pyro101
    Thank you so much Borislav!
  11. Pyro101
    Thank you for all your help Borislav! Only one more question. It seems I saved the shortcut to GMER to my desktop, but I can't find where I saved the actual program. Does it say anywhere in the previous logs where I saved it? And if it doesn't, how can I find it?
  12. Pyro101
    Everything seems to be working properly. You removed Norton, yes? Some Flash based things seems slower without Java (of course), but aside from that it all runs pretty smoothly.
  13. Pyro101
    Thanks for everything by the way. Combofix rebooted my computer to finish the log. It said "don't run any other programs until this is finished", but my computer has some automatic processes when it starts up. I don't know if they matter or if they're in the log or what. Just thought I should mention it. Also, I tried posting the log, but the site said the post was too long so I just attached it. Is that okay? Combofix.txt
  14. Pyro101
    I believe IE is working again now! Thank you. Anything else I need to do? Any looming problems?
  15. Pyro101
    JavaRa 1.13 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Tue May 19 22:56:45 2009 Found and removed: Software\JavaSoft\Java2D\1.5.0_06 Found and removed: Software\JavaSoft\Java2D\1.5.0_09 Found and removed: SOFTWARE\Classes\JavaPlugin.150_05 Found and removed: SOFTWARE\Classes\JavaPlugin.150_06 Found and removed: SOFTWARE\Classes\JavaPlugin.150_09 Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0 Found and removed: Software\Classes\JavaPlugin.160_01 ------------------------------------ Finished reporting. JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Tue Aug 24 18:46:43 2010 Found and removed: C:\Documents and Settings\Ben\Application Data\Sun\Java\jre1.6.0_12 Found and removed: C:\Documents and Settings\Ben\Application Data\Sun\Java\jre1.6.0_14 Found and removed: C:\Documents and Settings\Ben\Application Data\Sun\Java\jre1.6.0_15 Found and removed: C:\Documents and Settings\Ben\Application Data\Sun\Java\jre1.6.0_17 Found and removed: C:\Documents and Settings\Ben\Application Data\Sun\Java\jre1.6.0_19 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_13 Found and removed: Software\Classes\JavaPlugin.160_13 Found and removed: Software\Classes\JavaPlugin.160_19 JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Tue Aug 24 18:46:58 2010 ------------------------------------ Finished reporting. ComboFix 10-08-24.07 - Ben 08/24/2010 20:03:53.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.350 [GMT -4:00] Running from: c:\documents and settings\Ben\Desktop\Combo-Fix.exe AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Norton Security Suite *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Security Suite *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . ((((((((((((((((((((((((( Files Created from 2010-07-25 to 2010-08-25 ))))))))))))))))))))))))))))))) . 2010-08-23 19:09 . 2010-08-23 19:09 -------- d-----w- c:\documents and settings\Ben\Application Data\Avira 2010-08-23 19:06 . 2010-08-23 19:06 -------- d-----w- c:\program files\Avira 2010-08-23 19:06 . 2010-08-23 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-08-23 19:06 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-08-23 19:06 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-08-23 19:06 . 2009-05-11 16:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-08-23 19:06 . 2009-05-11 16:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-08-14 00:46 . 2010-08-14 00:48 -------- dc-h--w- c:\windows\ie8 2010-08-02 22:51 . 2010-08-02 22:51 -------- d-sh--w- c:\documents and settings\Dad\IETldCache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-24 22:52 . 2009-05-20 21:00 -------- d-----w- c:\program files\CCleaner 2010-08-24 22:50 . 2006-04-17 03:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2010-08-15 22:19 . 2010-08-15 22:19 61440 ----a-w- c:\documents and settings\Leah\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-370aa321-n\decora-sse.dll 2010-08-15 22:19 . 2010-08-15 22:19 503808 ----a-w- c:\documents and settings\Leah\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-78fcdbbd-n\msvcp71.dll 2010-08-15 22:19 . 2010-08-15 22:19 499712 ----a-w- c:\documents and settings\Leah\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-78fcdbbd-n\jmc.dll 2010-08-15 22:19 . 2010-08-15 22:19 348160 ----a-w- c:\documents and settings\Leah\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-78fcdbbd-n\msvcr71.dll 2010-08-15 22:19 . 2010-08-15 22:19 12800 ----a-w- c:\documents and settings\Leah\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-370aa321-n\decora-d3d.dll 2010-08-15 22:16 . 2006-07-01 16:30 313528 ----a-w- c:\documents and settings\Leah\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-08-14 01:03 . 2007-10-12 02:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-08-12 02:16 . 2010-02-27 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2010-08-07 13:43 . 2010-08-07 13:43 61440 ----a-w- c:\documents and settings\Ben\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7c264e01-n\decora-sse.dll 2010-08-07 13:43 . 2010-08-07 13:43 12800 ----a-w- c:\documents and settings\Ben\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7c264e01-n\decora-d3d.dll 2010-08-07 13:43 . 2010-08-07 13:43 503808 ----a-w- c:\documents and settings\Ben\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-200fa02f-n\msvcp71.dll 2010-08-07 13:43 . 2010-08-07 13:43 499712 ----a-w- c:\documents and settings\Ben\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-200fa02f-n\jmc.dll 2010-08-07 13:43 . 2010-08-07 13:43 348160 ----a-w- c:\documents and settings\Ben\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-200fa02f-n\msvcr71.dll 2010-07-14 16:40 . 2010-07-14 16:40 162816 ----a-w- c:\windows\system32\drivers\NETBT.SYS 2010-07-03 02:26 . 2007-06-21 20:57 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-06-30 12:31 . 2004-08-10 20:00 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:22 . 2005-07-03 02:11 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-23 13:44 . 2005-03-02 01:06 1851904 ----a-w- c:\windows\system32\win32k.sys 2010-06-21 15:27 . 2005-05-10 00:17 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-20 02:57 . 2010-06-20 02:57 311296 ----a-w- c:\windows\~DF88DE.tmp 2010-06-17 14:03 . 2004-08-10 20:00 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-14 14:31 . 2004-08-10 20:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-14 07:41 . 2004-08-10 20:00 1172480 ----a-w- c:\windows\system32\msxml3.dll 2008-09-03 01:21 . 2008-09-03 01:20 1567232 ----a-w- c:\program files\SteamInstall.msi 2006-08-14 15:03 . 2006-08-14 15:03 774144 ----a-w- c:\program files\RngInterstitial.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aim"="c:\program files\AIM7\aim.exe" [2010-04-19 3972440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "SoundMan"="SOUNDMAN.EXE" [2005-09-22 90112] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168] "nwiz"="nwiz.exe" [2007-09-17 1626112] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008] "ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-12 45056] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952] "eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-10-31 393216] "EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-08 98304] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-10-14 45056] "REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248] "ADUserMon"="c:\program files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 147456] "Iomega Drive Icons"="c:\program files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 86016] "Deskup"="c:\program files\Iomega\DriveIcons\deskup.exe" [2002-07-16 32768] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-17 81920] "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-07-30 177448] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SWHelper"="c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe" [2010-06-20 53248] c:\documents and settings\Ben\Start Menu\Programs\Startup\ MEMonitor.lnk - c:\program files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2008-4-14 947544] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784] Wireless 802.11g USB Adapter.lnk - c:\program files\Wireless 802.11g USB Adapter\ZDWlan.exe [2004-11-19 425984] Wireless Network Monitor.lnk - c:\program files\Linksys\WUSB600N\WUSB600N.exe [2008-1-9 6922240] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-03 19:56 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunesHelper.exe"= "c:\\Program Files\\Iomega\\DriveIcons\\IomUpdateIcons.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\NewTech Infosystems\\NTI CD & DVD-Maker 7\\ntiMUI.exe"= "c:\\WINDOWS\\ehome\\ehRec.exe"= "c:\\WINDOWS\\system32\\regsvr32.exe"= "c:\\Program Files\\Microsoft Office\\Office\\OSA9.EXE"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AIM7\\aim.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\magic the gathering - duels of the planeswalkers\\DotP.exe"= R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [2/27/2010 12:05 AM 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [2/27/2010 12:05 AM 259632] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [2/27/2010 12:05 AM 482432] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/4/2008 2:50 PM 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/4/2008 2:50 PM 55024] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/23/2010 3:06 PM 135336] R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [7/30/2008 2:23 PM 161064] R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [2/27/2010 12:04 AM 117640] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/25/2010 7:37 PM 102448] S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100805.004\IDSXpx86.sys [8/5/2010 11:36 PM 331640] S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [10/6/2004 1:39 PM 283904] S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [10/4/2004 9:28 AM 43392] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 11:49 PM 18688] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 11:49 PM 8320] S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 8:18 PM 23680] S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?] S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?] S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [2/1/2007 4:39 PM 31872] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/4/2008 2:50 PM 7408] S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\StumbleUpon\StumbleUponUpdateService.exe [6/3/2009 4:52 PM 120168] . Contents of the 'Scheduled Tasks' folder 2010-08-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2010-08-23 c:\windows\Tasks\User_Feed_Synchronization-{8C6AE620-BD03-431F-AF31-A0E9A36DF361}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 08:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ uInternet Connection Wizard,ShellNext = hxxp://www.hackerwatch.org/library/app/feedback/?Md5=0337F4162BC241726590604ECC11524C&hwid=23E15AC501525BDD uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:5555 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage FF - ProfilePath - c:\documents and settings\Ben\Application Data\Mozilla\Firefox\Profiles\ibh42uoc.default\ FF - prefs.js: browser.startup.homepage - hxxp://google.com/ FF - prefs.js: network.proxy.type - 0 FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - SafeBoot-mcmscsvc SafeBoot-MCODS AddRemove-SmartSoft Video Converter_is1 - c:\program files\SmartSoftVideoConverter\unins000.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-24 20:10 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2BC9C452-BB57-4896-A9A2-64611E06C9AA}\Implemented Categories\{00021493-0000-0000-C000-000000000046}] @DACL=(02 0000) @="" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(792) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(3876) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\program files\Iomega\DriveIcons\IMGHOOK.DLL c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-08-24 20:15:39 ComboFix-quarantined-files.txt 2010-08-25 00:15 Pre-Run: 39,196,581,888 bytes free Post-Run: 39,220,715,520 bytes free - - End Of File - - CDC43DB561B782CA4141949644162181
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.