Jump to content

Google redirecting virus


Guest NVMNTTN
 Share

Recommended Posts

Guest NVMNTTN

Shortly, my computer is infected with that type of virus. And here's the Malwarebytes/DDS logs (attaching with this post are "ark.txt" and "attach.txt" from GMER and DDS respectively)

- CDSongs/Lacviet/TheSage is my daily using software!

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4201

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

6/15/2010 5:17:16 PM

mbam-log-2010-06-15 (17-17-16).txt

Scan type: Full scan (C:\|)

Objects scanned: 165911

Time elapsed: 48 minute(s), 56 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS

DDS (Ver_10-03-17.01) - NTFSx86

Run by Dell at 16:08:07.75 on Tue 06/15/2010

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.383.133 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\UniKey\UniKey.exe

C:\Documents and Settings\Dell\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe

C:\Documents and Settings\Dell\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Dell\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Dell\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.html

uInternet Connection Wizard,ShellNext = iexplore

uURLSearchHooks: N/A: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll

uURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll

TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

uRun: [uniKey] c:\program files\unikey\UniKey.exe

uRun: [Google Update] "c:\documents and settings\dell\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dell\applic~1\mozilla\firefox\profiles\kaj2rhcr.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - plugin: c:\documents and settings\dell\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-4-16 11608]

R1 bacc;bacc;c:\windows\system32\bacc.sys [2010-6-13 80896]

R1 ISODisk;ISODisk;c:\windows\system32\drivers\ISODisk.sys [2009-12-18 9600]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-4-16 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-16 267432]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-19 60936]

R3 WPC54GSv2;Linksys Wireless Notebook Adapter WPC54Gv3 Driver;c:\windows\system32\drivers\WPC54GSv2.SYS [2006-12-1 610816]

S3 SQ931;Zoom 2.0 Webcam;c:\windows\system32\drivers\capt931a.sys --> c:\windows\system32\drivers\Capt931a.sys [?]

=============== Created Last 30 ================

2010-06-15 20:06:42 0 ----a-w- c:\documents and settings\dell\defogger_reenable

2010-06-15 05:39:11 0 d-sha-r- C:\cmdcons

2010-06-15 05:29:48 77312 ----a-w- c:\windows\MBR.exe

2010-06-15 05:29:48 256512 ----a-w- c:\windows\PEV.exe

2010-06-15 05:29:48 161792 ----a-w- c:\windows\SWREG.exe

2010-06-15 05:29:47 98816 ----a-w- c:\windows\sed.exe

2010-06-15 05:18:42 0 d-----w- c:\docume~1\dell\applic~1\GetRightToGo

2010-06-13 04:56:43 80896 ----a-w- c:\windows\system32\bacc.sys

2010-06-08 20:34:35 0 d-----w- c:\program files\GraphCalc

==================== Find3M ====================

2010-05-06 22:57:47 1063320 ----a-w- c:\documents and settings\dell\gotomypc_533.exe

2010-05-06 22:51:35 7046096 ----a-w- c:\documents and settings\dell\gosetup.exe

2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-16 16:09:09 667136 ----a-w- c:\windows\system32\wininet.dll

2010-04-16 16:09:05 81920 ----a-w- c:\windows\system32\ieencode.dll

2010-04-12 21:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll

2009-07-14 00:46:35 115377 ----a-w- c:\program files\VNI-Times.zip

2009-04-12 22:03:49 152743 --sha-w- c:\windows\system32\321321.dat

============= FINISH: 16:08:50.99 ===============

Link to post
Share on other sites

Okay thank you.

First off, we don't recommend running combofix without the guidance of an expert as misuse can cause serious system damage. With that said, let's use combofix to try and clear this up.

You first need to move combofix to the desktop as right now it's in your downloads folder:

c:\documents and settings\Dell\My Documents\Downloads\ComboFix.exe

You can simply copy and paste, or drag it from there to the desktop.

Next,

1. Open Notepad

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Rootkit::
c:\windows\system32\bacc.sys

Driver::
bacc

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScriptB-4.gif

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

  • Combofix.txt
  • A new DDS log. Just DDS.txt. .

NOTE: Unless they are unusually large there's no need to attach the logs.

Link to post
Share on other sites

Guest NVMNTTN

ComboFix 10-06-15.04 - Dell 06/16/2010 13:12:01.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.383.154 [GMT -4:00]

Running from: c:\documents and settings\Dell\My Documents\Downloads\ComboFix.exe

Command switches used :: c:\documents and settings\Dell\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_BACC

-------\Service_bacc

((((((((((((((((((((((((( Files Created from 2010-05-16 to 2010-06-16 )))))))))))))))))))))))))))))))

.

2010-06-15 20:11 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-15 20:11 . 2010-06-15 20:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-15 20:11 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-15 05:18 . 2010-06-15 05:20 -------- d-----w- c:\documents and settings\Dell\Application Data\GetRightToGo

2010-06-08 20:34 . 2010-06-08 20:47 -------- d-----w- c:\program files\GraphCalc

2010-06-06 22:33 . 2010-06-06 22:33 503808 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-19b8b03c-n\msvcp71.dll

2010-06-06 22:33 . 2010-06-06 22:33 61440 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4bdeed3b-n\decora-sse.dll

2010-06-06 22:33 . 2010-06-06 22:33 499712 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-19b8b03c-n\jmc.dll

2010-06-06 22:33 . 2010-06-06 22:33 348160 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-19b8b03c-n\msvcr71.dll

2010-06-06 22:33 . 2010-06-06 22:33 12800 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4bdeed3b-n\decora-d3d.dll

2010-05-23 21:45 . 2010-05-23 21:45 503808 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-723ccc3c-n\msvcp71.dll

2010-05-23 21:45 . 2010-05-23 21:45 499712 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-723ccc3c-n\jmc.dll

2010-05-23 21:45 . 2010-05-23 21:45 348160 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-723ccc3c-n\msvcr71.dll

2010-05-23 21:45 . 2010-05-23 21:45 61440 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3f02ef7b-n\decora-sse.dll

2010-05-23 21:45 . 2010-05-23 21:45 12800 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3f02ef7b-n\decora-d3d.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-15 18:07 . 2009-12-29 22:16 -------- d-----w- c:\documents and settings\Dell\Application Data\MTD

2010-06-15 11:12 . 2008-12-11 00:27 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-06-14 22:34 . 2009-12-23 18:40 -------- d-----w- c:\program files\TheSage

2010-06-13 23:53 . 2009-12-29 22:11 -------- d-----w- c:\program files\mtd9

2010-06-13 03:24 . 2010-02-06 06:18 -------- d-----w- c:\documents and settings\Dell\Application Data\Skype

2010-06-13 03:02 . 2008-12-22 13:59 -------- d-----w- c:\documents and settings\Dell\Application Data\skypePM

2010-06-11 17:02 . 2010-01-07 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-06-07 17:39 . 2010-01-25 05:18 -------- d-----w- c:\program files\Microsoft Silverlight

2010-05-19 15:03 . 2010-03-18 16:46 -------- d-----w- c:\documents and settings\Guest\Application Data\Skype

2010-05-19 15:02 . 2010-04-24 04:40 -------- d-----w- c:\documents and settings\Guest\Application Data\skypePM

2010-05-06 22:57 . 2010-05-06 22:57 1063320 ----a-w- c:\documents and settings\Dell\gotomypc_533.exe

2010-05-06 22:52 . 2010-05-06 22:52 -------- d-----w- c:\documents and settings\All Users\Application Data\CitrixLogs

2010-05-06 22:51 . 2010-05-06 22:50 7046096 ----a-w- c:\documents and settings\Dell\gosetup.exe

2010-05-02 05:22 . 2004-08-04 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-20 05:30 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-16 16:09 . 2004-08-04 12:00 667136 ----a-w- c:\windows\system32\wininet.dll

2010-04-16 16:09 . 2009-06-19 10:30 81920 ----a-w- c:\windows\system32\ieencode.dll

2010-04-15 22:46 . 2008-08-19 19:28 73848 ----a-w- c:\documents and settings\Dell\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-04-12 21:29 . 2010-04-15 22:01 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-03-31 05:45 . 2010-03-31 05:45 503808 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-665d276c-n\msvcp71.dll

2010-03-31 05:45 . 2010-03-31 05:45 499712 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-665d276c-n\jmc.dll

2010-03-31 05:45 . 2010-03-31 05:45 348160 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-665d276c-n\msvcr71.dll

2010-03-31 05:45 . 2010-03-31 05:45 12800 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-715c778d-n\decora-d3d.dll

2010-03-31 05:45 . 2010-03-31 05:45 61440 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-715c778d-n\decora-sse.dll

2010-03-30 16:57 . 2010-03-30 16:57 503808 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-460e3d12-n\msvcp71.dll

2010-03-30 16:57 . 2010-03-30 16:57 499712 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-460e3d12-n\jmc.dll

2010-03-30 16:57 . 2010-03-30 16:57 348160 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-460e3d12-n\msvcr71.dll

2010-03-30 16:57 . 2010-03-30 16:57 12800 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-56761c0c-n\decora-d3d.dll

2010-03-30 16:57 . 2010-03-30 16:57 61440 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-56761c0c-n\decora-sse.dll

2009-07-14 00:46 . 2009-07-14 00:46 115377 ----a-w- c:\program files\VNI-Times.zip

2009-04-12 22:03 . 2009-04-06 00:11 152743 --sha-w- c:\windows\system32\321321.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UniKey"="c:\program files\UniKey\UniKey.exe" [2005-08-16 180224]

"Google Update"="c:\documents and settings\Dell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-27 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKLM\~\startupfolder\C:^Documents and Settings^Dell^Start Menu^Programs^Startup^Webshots.lnk]

path=c:\documents and settings\Dell\Start Menu\Programs\Startup\Webshots.lnk

backup=c:\windows\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

2010-02-17 07:30 5244216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-04-06 06:27 26102056 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wfrmsrv]

2003-09-30 21:09 329728 ----a-w- c:\windows\Wfrmsrv.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"4068:UDP"= 4068:UDP:Windows Media Format SDK (chrome.exe)

"4069:UDP"= 4069:UDP:Windows Media Format SDK (chrome.exe)

R1 ISODisk;ISODisk;c:\windows\system32\drivers\ISODisk.sys [12/18/2009 1:25 PM 9600]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/16/2010 6:52 PM 135336]

R3 WPC54GSv2;Linksys Wireless Notebook Adapter WPC54Gv3 Driver;c:\windows\system32\drivers\WPC54GSv2.SYS [12/1/2006 12:54 AM 610816]

S3 SQ931;Zoom 2.0 Webcam;c:\windows\system32\Drivers\Capt931a.sys --> c:\windows\system32\Drivers\Capt931a.sys [?]

.

Contents of the 'Scheduled Tasks' folder

2010-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-746137067-1957994488-1004Core.job

- c:\documents and settings\Dell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-27 02:27]

2010-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-746137067-1957994488-1004UA.job

- c:\documents and settings\Dell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-27 02:27]

.

.

------- Supplementary Scan -------

.

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.html

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\kaj2rhcr.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

FF - plugin: c:\documents and settings\Dell\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-16 13:26

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2316)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\documents and settings\Dell\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe

.

**************************************************************************

.

Completion time: 2010-06-16 13:32:39 - machine was rebooted

ComboFix-quarantined-files.txt 2010-06-16 17:32

Pre-Run: 44,627,615,744 bytes free

Post-Run: 44,569,161,728 bytes free

- - End Of File - - 98E62D333F68EBCC59ED6495931A4283

DDS

DDS (Ver_10-03-17.01) - NTFSx86

Run by Dell at 13:45:26.70 on Wed 06/16/2010

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.383.139 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\UniKey\UniKey.exe

C:\Documents and Settings\Dell\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Dell\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.html

uInternet Connection Wizard,ShellNext = iexplore

uURLSearchHooks: N/A: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll

uURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll

TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

uRun: [uniKey] c:\program files\unikey\UniKey.exe

uRun: [Google Update] "c:\documents and settings\dell\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dell\applic~1\mozilla\firefox\profiles\kaj2rhcr.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - plugin: c:\documents and settings\dell\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-4-16 11608]

R1 ISODisk;ISODisk;c:\windows\system32\drivers\ISODisk.sys [2009-12-18 9600]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-4-16 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-16 267432]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-19 60936]

R3 WPC54GSv2;Linksys Wireless Notebook Adapter WPC54Gv3 Driver;c:\windows\system32\drivers\WPC54GSv2.SYS [2006-12-1 610816]

S3 SQ931;Zoom 2.0 Webcam;c:\windows\system32\drivers\capt931a.sys --> c:\windows\system32\drivers\Capt931a.sys [?]

=============== Created Last 30 ================

2010-06-15 20:11:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-15 20:11:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-15 20:11:34 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-15 20:06:42 0 ----a-w- c:\documents and settings\dell\defogger_reenable

2010-06-15 05:39:11 0 d-sha-r- C:\cmdcons

2010-06-15 05:29:48 77312 ----a-w- c:\windows\MBR.exe

2010-06-15 05:29:48 256512 ----a-w- c:\windows\PEV.exe

2010-06-15 05:29:48 161792 ----a-w- c:\windows\SWREG.exe

2010-06-15 05:29:47 98816 ----a-w- c:\windows\sed.exe

2010-06-15 05:18:42 0 d-----w- c:\docume~1\dell\applic~1\GetRightToGo

2010-06-08 20:34:35 0 d-----w- c:\program files\GraphCalc

==================== Find3M ====================

2010-05-06 22:57:47 1063320 ----a-w- c:\documents and settings\dell\gotomypc_533.exe

2010-05-06 22:51:35 7046096 ----a-w- c:\documents and settings\dell\gosetup.exe

2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-16 16:09:09 667136 ----a-w- c:\windows\system32\wininet.dll

2010-04-16 16:09:05 81920 ----a-w- c:\windows\system32\ieencode.dll

2010-04-12 21:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll

2009-07-14 00:46:35 115377 ----a-w- c:\program files\VNI-Times.zip

2009-04-12 22:03:49 152743 --sha-w- c:\windows\system32\321321.dat

============= FINISH: 13:45:59.60 ===============

Link to post
Share on other sites

Guest NVMNTTN

Yup i did use the malwarebyte. No infections at all!

It's running fine just now, i don't know, i'll be getting around with the computer for next 2 or 3 days to see. Hopefull it'll be gone! Thanks in advance! ;)

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4201

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

6/16/2010 11:08:50 PM

mbam-log-2010-06-16 (23-08-50).txt

Scan type: Full scan (C:\|)

Objects scanned: 166139

Time elapsed: 44 minute(s), 5 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Great, glad it seems to be okay.

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases

[*]Click on My Computer under Scan.

[*]Once the scan is complete, it will display the results. Click on View Scan Report.

[*]You will see a list of infected items there. Click on Save Report As....

[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

[*]Please post this log in your next reply.

************************

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Link to post
Share on other sites

Guest NVMNTTN

My computer works great now. Thanks for your willingness and assistance! :P

Here you go the log from the Kas.

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Friday, June 18, 2010

Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Friday, June 18, 2010 01:43:32

Records in database: 4291378

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

A:\

C:\

D:\

Scan statistics:

Objects scanned: 46697

Threats found: 0

Infected objects found: 0

Suspicious objects found: 0

Scan duration: 08:09:37

No threats found. Scanned area is clean.

Selected area has been scanned.

Link to post
Share on other sites

I can't edit your post, bu don't worry about the font size, no big deal. Didn't need to put my glasses on to read it anyway... :P

Did you have a chance to run the security check I had asked for in my last post? Please post that.

Uninstall Combofix

  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.

The above procedure will:

  • Delete the following: ComboFix and its associated files and folders.
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.

Link to post
Share on other sites

  • 3 weeks later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.