Jump to content

Serious Firefox Infection


Recommended Posts

I have been a dedicated user of Malwarebytes and user of Mozilla Firefox. The last couple of weeks I have picked up a virus that seems to infect Firefox and will redirect all Google searches to sites that download serious malware onto the computer. Even something as simple as clicking on a link to wikipedia will lead me to a malware site. Some of these downloads are incredibly nasty. These in themselves are sortable and able to be picked up but I need to get rid of what it is that is attached to Firefox as it is not registering of being picked up by Malwarebytes.

I am not a big tech, just a casual user. Can someone help me get rid of this problem? Or better still can Malwarebytes add something to their identification library that will pick up this Firefox bug and delete it. Please don't force me to have to go back and use IE Explorer.

DDS (Ver_10-03-17.01) - NTFSx86

Run by Everyone Else at 19:25:52.42 on 27/03/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17

Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.502.77 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

svchost.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Brother\ControlCenter2\brctrcen.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\WINDOWS\system32\ctfmon.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\WINDOWS\system32\Brmfrmps.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Documents and Settings\Everyone Else\My Documents\Defogger.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\All Users\Application Data\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Everyone Else\My Documents\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.moria.co.nz/

uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html

uDefault_Page_URL = hxxp://www.dell.ca/myway

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat

7.0\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft

shared\windows live\WindowsLiveLogin.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe

mRun: [indexSearch] c:\program files\scansoft\paperport\IndexSearch.exe

mRun: [setDefPrt] c:\program files\brother\brmfl04a\BrStDvPt.exe

mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat

7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft

office\office\OSA9.EXE

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab

DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175715926328

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab

DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\everyo~1\applic~1\mozilla\firefox\profiles\se7t3lqv.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - plugin: c:\documents and settings\all users\application data\mozilla firefox\plugins\npdeploytk.dll

FF - plugin: c:\documents and settings\all users\application data\mozilla firefox\plugins\npnul32.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-12 216200]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-8-12 29512]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-8-12 242696]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-12 308064]

=============== Created Last 30 ================

2010-03-28 02:24:56 0 ----a-w- c:\documents and settings\everyone else\defogger_reenable

2010-03-27 22:47:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-27 22:47:10 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-27 22:47:09 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-03-23 14:13:54 0 d-----w- c:\docume~1\alluse~1\applic~1\RegCure

2010-03-23 14:10:58 0 d-----w- c:\docume~1\alluse~1\applic~1\FileCure

2010-03-23 14:08:21 754 ----a-w- c:\windows\WORDPAD.INI

2010-03-12 16:11:45 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-03-10 23:14:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2010-03-08 11:18:57 0 d-----r- c:\docume~1\everyo~1\applic~1\Brother

==================== Find3M ====================

2010-03-27 16:00:23 96512 ----a-w- c:\windows\system32\drivers\atapi.sys

2010-03-27 16:00:23 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys

2010-03-12 16:11:50 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-03-12 16:09:36 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-01-09 07:04:05 10417688 ----a-w- C:\VeohWebPlayerSetup_eng.exe

2010-01-06 21:01:10 6667584 ----a-w- c:\program files\DivXWebPlayerInstaller.exe

2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys

2007-10-10 22:13:16 88 --sh--r- c:\windows\system32\C517B5A39F.sys

2007-10-10 22:13:18 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys

2008-08-28 07:07:54 32768 --sha-w- c:\windows\system32\config\systemprofile\local

settings\history\history.ie5\mshist012008082820080829\index.dat

============= FINISH: 19:28:18.23 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 14/05/2006 3:06:09 PM

System Uptime: 27/03/2010 7:21:58 PM (0 hours ago)

Motherboard: Dell Inc. | | 0JC474

Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 146 GiB total, 98.837 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 298 GiB total, 224.949 GiB free.

F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1013: 28/12/2009 11:35:37 AM - System Checkpoint

RP1014: 29/12/2009 2:17:15 PM - System Checkpoint

RP1015: 30/12/2009 10:35:15 PM - System Checkpoint

RP1016: 31/12/2009 7:08:17 AM - Avg8 Update

RP1017: 01/01/2010 5:39:21 PM - System Checkpoint

RP1018: 02/01/2010 6:30:16 PM - System Checkpoint

RP1019: 03/01/2010 7:31:42 PM - System Checkpoint

RP1020: 04/01/2010 10:57:14 PM - System Checkpoint

RP1021: 05/01/2010 11:59:22 PM - System Checkpoint

RP1022: 07/01/2010 1:19:49 AM - System Checkpoint

RP1023: 08/01/2010 1:32:23 AM - System Checkpoint

RP1024: 09/01/2010 5:20:19 PM - System Checkpoint

RP1025: 10/01/2010 10:44:53 PM - System Checkpoint

RP1026: 11/01/2010 10:52:17 PM - System Checkpoint

RP1027: 12/01/2010 10:59:11 PM - System Checkpoint

RP1028: 13/01/2010 11:44:59 PM - System Checkpoint

RP1029: 14/01/2010 3:00:38 AM - Software Distribution Service 3.0

RP1030: 15/01/2010 9:36:10 AM - System Checkpoint

RP1031: 16/01/2010 3:10:18 PM - System Checkpoint

RP1032: 17/01/2010 9:10:08 PM - System Checkpoint

RP1033: 18/01/2010 9:18:04 AM - Avg8 Update

RP1034: 19/01/2010 11:10:30 AM - System Checkpoint

RP1035: 20/01/2010 11:29:47 AM - System Checkpoint

RP1036: 21/01/2010 11:48:54 AM - System Checkpoint

RP1037: 22/01/2010 3:01:04 AM - Software Distribution Service 3.0

RP1038: 22/01/2010 4:43:36 AM - Software Distribution Service 3.0

RP1039: 23/01/2010 2:06:00 PM - System Checkpoint

RP1040: 24/01/2010 10:20:44 PM - System Checkpoint

RP1041: 25/01/2010 10:44:56 PM - System Checkpoint

RP1042: 26/01/2010 9:36:30 AM - Avg8 Update

RP1043: 27/01/2010 11:18:59 AM - System Checkpoint

RP1044: 28/01/2010 11:33:00 AM - System Checkpoint

RP1045: 29/01/2010 2:41:47 PM - System Checkpoint

RP1046: 30/01/2010 5:38:00 PM - System Checkpoint

RP1047: 31/01/2010 11:04:16 PM - System Checkpoint

RP1048: 02/02/2010 12:18:25 AM - System Checkpoint

RP1049: 02/02/2010 2:32:49 AM - Installed Java 6 Update 17

RP1050: 03/02/2010 6:40:21 PM - System Checkpoint

RP1051: 05/02/2010 9:13:06 AM - System Checkpoint

RP1052: 06/02/2010 1:08:41 PM - System Checkpoint

RP1053: 07/02/2010 1:14:01 PM - System Checkpoint

RP1054: 08/02/2010 2:15:23 PM - System Checkpoint

RP1055: 09/02/2010 10:04:57 PM - System Checkpoint

RP1056: 10/02/2010 10:36:12 AM - Software Distribution Service 3.0

RP1057: 11/02/2010 11:04:49 AM - System Checkpoint

RP1058: 12/02/2010 6:40:47 PM - System Checkpoint

RP1059: 13/02/2010 9:18:45 PM - System Checkpoint

RP1060: 15/02/2010 9:15:44 AM - System Checkpoint

RP1061: 16/02/2010 2:47:36 PM - System Checkpoint

RP1062: 17/02/2010 4:50:24 PM - System Checkpoint

RP1063: 19/02/2010 9:09:53 AM - System Checkpoint

RP1064: 20/02/2010 2:13:44 PM - System Checkpoint

RP1065: 21/02/2010 5:47:33 PM - System Checkpoint

RP1066: 22/02/2010 11:19:06 PM - System Checkpoint

RP1067: 23/02/2010 10:39:43 PM - Software Distribution Service 3.0

RP1068: 24/02/2010 11:59:58 PM - System Checkpoint

RP1069: 26/02/2010 9:01:14 AM - System Checkpoint

RP1070: 27/02/2010 11:32:27 PM - System Checkpoint

RP1071: 01/03/2010 11:27:05 AM - System Checkpoint

RP1072: 02/03/2010 11:54:37 AM - System Checkpoint

RP1073: 03/03/2010 9:39:03 PM - System Checkpoint

RP1074: 04/03/2010 10:09:04 PM - System Checkpoint

RP1075: 06/03/2010 12:19:57 PM - System Checkpoint

RP1076: 07/03/2010 2:55:30 PM - System Checkpoint

RP1077: 08/03/2010 9:23:58 PM - System Checkpoint

RP1078: 10/03/2010 10:47:28 AM - System Checkpoint

RP1079: 10/03/2010 10:54:49 PM - Software Distribution Service 3.0

RP1080: 12/03/2010 8:07:52 AM - Avg8 Update

RP1081: 12/03/2010 8:12:09 AM - Avg Update

RP1082: 13/03/2010 11:41:17 AM - System Checkpoint

RP1083: 14/03/2010 2:08:10 PM - System Checkpoint

RP1084: 15/03/2010 11:28:36 PM - System Checkpoint

RP1085: 17/03/2010 7:49:34 AM - Avg Update

RP1086: 17/03/2010 11:39:58 PM - Restore Operation

RP1087: 17/03/2010 11:43:40 PM - Restore Operation

RP1088: 19/03/2010 9:35:01 AM - System Checkpoint

RP1089: 20/03/2010 9:40:21 AM - System Checkpoint

RP1090: 21/03/2010 4:21:35 PM - System Checkpoint

RP1091: 23/03/2010 4:09:09 AM - Restore Operation

RP1092: 23/03/2010 4:47:54 AM - Restore Operation

RP1093: 24/03/2010 11:48:00 AM - System Checkpoint

RP1094: 25/03/2010 4:22:02 PM - System Checkpoint

RP1095: 26/03/2010 4:33:23 PM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 7.1.0

AVG Free 9.0

Brother MFL-Pro Suite

Choice Guard

Critical Update for Windows Media Player 11 (KB959772)

Dell CinePlayer

Dell Digital Jukebox Driver

Dell Driver Reset Tool

Dell Support Center (Support Software)

Dell System Restore

DellSupport

Digital Content Portal

DivX Plus Web Player

Encyclop

Link to post
Share on other sites

Hello goatlover! Welcome to MalwareBytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install any software or hardware, while work on.

Please visit Combofix Guide & Instructions for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to Combo-Fix.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.

Note: During this process, it would help a great deal and be very much appreciated if you would refrain from installing any new software or hardware on this machine, unless absolutely necessary, until the clean up process is finished as it makes our job more tedious, with additional new files that may have to be researched, which is very time consuming.

Also, please do not run any security programs or fixes on your own as doing so may compromise what we will be doing. It is important that you wait for instructions.

Link to post
Share on other sites

Hi Maniac,

Here's the ComboFix file. I had major problems switching off the AVG Free version during running it. Even though completely disabled it, aspects kept starting back, even after I did a quit process on them in Task Manager.

ComboFix 10-03-28.02 - Everyone Else 29/03/2010 0:12.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.502.197 [GMT -7:00]

Running from: c:\documents and settings\Everyone Else\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

E:\Autorun.inf

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected

Restored copy from - Kitty ate it :)

.

((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-29 )))))))))))))))))))))))))))))))

.

2010-03-28 05:53 . 2010-03-28 06:24 -------- d-----w- c:\documents and settings\Everyone Else\Application Data\FreeFixer

2010-03-28 05:53 . 2010-03-28 05:53 -------- d-----w- c:\documents and settings\Everyone Else\Local Settings\Application Data\FreeFixer

2010-03-28 05:53 . 2010-03-28 05:53 -------- d-----w- c:\program files\FreeFixer

2010-03-28 05:28 . 2010-03-28 05:28 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2010-03-28 05:28 . 2010-03-28 05:28 -------- d-----w- c:\program files\IObit

2010-03-27 22:47 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-27 22:47 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-27 22:47 . 2010-03-27 22:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-03-15 00:46 . 2010-03-15 00:46 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-03-12 16:11 . 2010-03-12 16:11 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-03-10 23:14 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2010-03-08 11:18 . 2010-03-08 11:18 -------- d-----r- c:\documents and settings\Everyone Else\Application Data\Brother

2010-03-02 07:30 . 2010-03-02 08:38 -------- d-----w- c:\documents and settings\Everyone Else\Local Settings\Application Data\gilkjo

2010-02-28 22:48 . 2010-02-28 22:48 -------- d-----w- c:\program files\Microsoft Silverlight

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-29 07:29 . 2009-11-01 18:21 0 ----a-w- c:\documents and settings\Everyone Else\Local Settings\Application Data\prvlcl.dat

2010-03-29 06:56 . 2009-10-31 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-03-27 16:00 . 2004-08-04 03:59 96512 ----a-w- c:\windows\system32\drivers\atapi.sys

2010-03-24 09:04 . 2010-03-23 14:13 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure

2010-03-23 14:10 . 2010-03-23 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\FileCure

2010-03-23 13:32 . 2009-10-14 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Mozilla Firefox

2010-03-23 11:30 . 2010-03-23 11:47 195328 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat

2010-03-15 01:10 . 2010-03-15 01:10 -------- d-----w- c:\documents and settings\Everyone Else_2\Application Data\Malwarebytes

2010-03-12 16:11 . 2008-08-12 20:50 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-03-12 16:11 . 2008-08-12 20:50 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-03-12 16:09 . 2008-08-12 20:50 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-03-06 06:54 . 2009-12-12 07:50 -------- d-----w- c:\documents and settings\Everyone Else\Application Data\vlc

2010-03-05 04:47 . 2009-12-12 07:51 -------- d-----w- c:\documents and settings\Everyone Else\Application Data\dvdcss

2010-02-02 10:33 . 2006-04-29 16:16 -------- d-----w- c:\program files\Java

2010-01-09 07:04 . 2010-01-09 07:03 10417688 ----a-w- C:\VeohWebPlayerSetup_eng.exe

2010-01-06 21:01 . 2010-01-06 21:01 6667584 ----a-w- c:\program files\DivXWebPlayerInstaller.exe

2009-12-31 16:50 . 2006-04-29 16:02 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2007-10-10 22:13 . 2007-07-05 23:38 88 --sh--r- c:\windows\system32\C517B5A39F.sys

2007-10-10 22:13 . 2007-07-05 23:38 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]

"SetDefPrt"="c:\program files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]

"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-04-29 98304]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]

"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-25 1280272]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-03-12 16:11 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk

backup=c:\windows\pss\AOL 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]

2006-05-03 10:12 98304 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

2005-10-15 01:46 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2005-10-15 01:50 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

2005-10-15 01:49 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2006-04-29 16:21 98304 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

2006-04-29 16:20 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/08/2008 1:50 PM 216200]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/08/2008 1:50 PM 242696]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/03/2010 9:11 AM 308064]

R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [27/03/2010 10:28 PM 311568]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.moria.co.nz/

FF - ProfilePath - c:\documents and settings\Everyone Else\Application Data\Mozilla\Firefox\Profiles\se7t3lqv.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll

FF - plugin: c:\documents and settings\All Users\Application Data\Mozilla Firefox\plugins\npdeploytk.dll

FF - plugin: c:\documents and settings\All Users\Application Data\Mozilla Firefox\plugins\npnul32.dll

FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

.

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Corel Photo Downloader - c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe

MSConfigStartUp-MMTray - c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe

MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe

AddRemove-McAfee Uninstall Utility - c:\progra~1\McAfee.com\Shared\mcappins.exe

AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-29 00:42

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2512)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\windows\system32\brss01a.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\windows\system32\Brmfrmps.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\windows\system32\wscntfy.exe

c:\program files\IObit\IObit Security 360\is360.exe

.

**************************************************************************

.

Completion time: 2010-03-29 00:46:24 - machine was rebooted

ComboFix-quarantined-files.txt 2010-03-29 07:46

Pre-Run: 106,429,812,736 bytes free

Post-Run: 107,210,862,592 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - BFBF49CCFA2A6C735BDF1EB52CC3A58E

Link to post
Share on other sites

Step 1:

Please uninstall the following applications:

Adobe Reader 7.1.0

McAfee QuickClean 6.1

McAfee Uninstaller

After finish our work, please download and install the latest version of Adobe Reader from:

http://www.adobe.com

About products of McAfee, I suggest you to uninstall them, because you don't need them anymore.

Step 2:

Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

Then run this tool to help cleanup any left over Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it back when you reply
    Then look for the following Java folders and if found delete them.
    C:\Program Files\Java
    C:\Program Files\Common Files\Java
    C:\Windows\Sun
    C:\Documents and Settings\All Users\Application Data\Java
    C:\Documents and Settings\All Users\Application Data\Sun\Java
    C:\Documents and Settings\username\Application Data\Java
    C:\Documents and Settings\username\Application Data\Sun\Java

Step 3:

I also see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.


  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player

Step 4:

I see leftovers from FreeFixer, so please manually delete the following folders:

c:\documents and settings\Everyone Else\Application Data\FreeFixer

c:\documents and settings\Everyone Else\Local Settings\Application Data\FreeFixer

c:\program files\FreeFixer

Step 5:

  • Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

In your next reply, please include these log(s):

* JavaRa log

* MalwareBytes' Anti-Malware log

Link to post
Share on other sites

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Mar 29 05:32:25 2010

Found and removed: C:\Program Files\Java\j2re1.4.2_03

Found and removed: C:\Program Files\Java\jre1.5.0_06

Found and removed: C:\Program Files\Java\jre1.5.0_09

Found and removed: C:\Program Files\Java\jre1.5.0_10

Found and removed: C:\Windows\System32\jpicpl32.cpl

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

Found and removed: SOFTWARE\Classes\JavaPlugin.150_09

Found and removed: SOFTWARE\Classes\JavaPlugin.150_10

Found and removed: SOFTWARE\Classes\JavaPlugin.150_11

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_11

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_11

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510009

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150090}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150100}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150110}

Found and removed: SOFTWARE\Classes\JavaPlugin.142_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_11

Found and removed: Software\Classes\JavaPlugin.160_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_09\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_10\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_11\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip

------------------------------------

Finished reporting.

Malwarebytes' Anti-Malware 1.44

Database version: 3926

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

29/03/2010 6:10:15 AM

mbam-log-2010-03-29 (06-10-15).txt

Scan type: Quick Scan

Objects scanned: 146381

Time elapsed: 30 minute(s), 19 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Good news! :rolleyes:

Some final steps:

Step 1:

* Go to start > run and copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Step 2:

Please manually delete DDS ; JavaRa ; GMER ;

Step 3:

Some malware preventions:

http://miekiemoes.blogspot.com/2008/02/how...nt-malware.html

Safe surfing! ;)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.