Jump to content

Thank You


Recommended Posts

Last week I came home and found many blank windows open on my PC. The sound was disabled and the task manager was disabled. I managed to close all of the windows and I went to run Malwarebytes but the icon was missing off of my desktop. I downloaded Malwarebytes but I was unable to update it. I ran it anyway and it found 2 items and cleaned them. I then noticed that the shutdown button was missing from my profile and I could not shutdown or restart through the task manager. I need assistance. I ran the DeFogger but it did not ask to reboot so I pushed the power button for a hard reboot. When restarted I saw the defogger_disable file on my desktop. I did not know if I should continue with the other instructions or post the log so here is the defogger log.

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 08:53 on 15/08/2010 (Willie Rose)

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

Link to post
Share on other sites

Hello mrdrae! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

Yes, please continue with the other instructions.

Link to post
Share on other sites

OK everything is done except GMER. It froze the first time. I am running it now but it seems to be taking forever. I'll send as soon as its finished.

Thanks

Hello mrdrae! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

Yes, please continue with the other instructions.

Link to post
Share on other sites

GMER would not complete without freezing. I ran it in safe mode and included it in the zip file. There is not as much info as when it was runing in regular mode.

DDS

DDS (Ver_10-03-17.01) - NTFSx86

Run by Willie Rose at 6:08:46.06 on Wed 08/18/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3325.2703 [GMT -5:00]

AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\nvraidservice.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Norton SystemWorks Basic Edition\NswUiTray.exe

C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe

C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\Program Files\CASIO\YouTube Uploader for CASIO\YStart.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

svchost.exe

C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe

C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE

C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

C:\WINDOWS\System32\svchost.exe -k vvdsvc

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

C:\WINDOWS\system32\msfeedssync.exe

C:\Documents and Settings\Willie Rose\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/

uWindow Title = Windows Internet Explorer provided by Comcast

mStart Page = hxxp://www.comcast.net/

mWindow Title = Windows Internet Explorer provided by Comcast

uInternet Connection Wizard,ShellNext = iexplore

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.2.0.12\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.2.0.12\IPSBHO.DLL

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll

BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll

TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.2.0.12\coIEPlg.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide

uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"

mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [NSWosCheck] "c:\program files\norton systemworks basic edition\osCheck.exe"

mRun: [NswUiTray] c:\program files\norton systemworks basic edition\NswUiTray.exe

mRun: [samsung PanelMgr] c:\windows\samsung\panelmgr\ssmmgr.exe /autorun

mRun: [<NO NAME>]

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

StartupFolder: c:\docume~1\willie~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\youtub~1.lnk - c:\program files\casio\youtube uploader for casio\YStart.exe

uPolicies-explorer: NoChangeStartMenu = 1 (0x1)

uPolicies-explorer: NoClose = 1 (0x1)

uPolicies-explorer: NoLogOff = 1 (0x1)

IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\program files\norton systemworks basic edition\norton cleanup\WCQuick.lnk

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: %SYSTEMROOT%\system32\nvappfilter.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\willie~1\applic~1\mozilla\firefox\profiles\6tzudq62.default\

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll

FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\mozilla firefox\plugins\np_gp.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0402000.00c\symds.sys [2010-7-4 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0402000.00c\symefa.sys [2010-7-4 173104]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20100719.001\BHDrvx86.sys [2010-7-19 692272]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0402000.00c\cchpx86.sys [2010-7-4 501888]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0402000.00c\ironx86.sys [2010-7-4 116784]

R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]

R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.2.0.12\ccsvchst.exe [2010-7-4 126392]

R2 NProtectService;Norton UnErase Protection;c:\progra~1\norton~3\norton~1\NPROTECT.EXE [2008-9-25 95600]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20100813.004\IDSXpx86.sys [2010-8-14 331640]

S?2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-27 135664]

S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]

S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20100816.016\NAVENG.SYS [2010-8-16 85424]

S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20100816.016\NAVEX15.SYS [2010-8-16 1362608]

S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [2009-8-17 127656]

=============== Created Last 30 ================

2010-08-15 13:52:08 0 ----a-w- c:\documents and settings\willie rose\defogger_reenable

2010-08-15 00:02:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-15 00:02:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-15 00:02:20 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-12 11:36:56 0 d--h--w- c:\windows\system32\GroupPolicy

2010-08-11 21:40:56 0 d-----w- c:\docume~1\willie~1\applic~1\Malwarebytes

2010-08-11 21:40:50 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-07-29 01:58:03 729161 ----a-w- c:\windows\system32\fpimage.dll

2010-07-29 01:58:03 1410704 ----a-w- c:\windows\system32\FPSPR70.ocx

2010-07-29 01:58:02 0 d-----w- c:\program files\Respondus LockDown Browser

==================== Find3M ====================

2010-07-04 19:26:27 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-07-04 19:26:27 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-07-04 19:26:27 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-07-04 19:26:27 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27:11 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll

============= FINISH: 6:11:11.68 ===============

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4430

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

8/14/2010 8:50:35 PM

mbam-log-2010-08-14 (20-50-35).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 236826

Time elapsed: 47 minute(s), 58 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

attachandark.zip

Link to post
Share on other sites

Step 1

Please, uninstall the following applications:

  1. Adobe Reader 9.3.3

You can read, how to do this here:

Step 2

Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

Then run this tool to help cleanup any left over Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it back when you reply
    Then look for the following Java folders and if found delete them.
    C:\Program Files\Java
    C:\Program Files\Common Files\Java
    C:\Windows\Sun
    C:\Documents and Settings\All Users\Application Data\Java
    C:\Documents and Settings\All Users\Application Data\Sun\Java
    C:\Documents and Settings\username\Application Data\Java
    C:\Documents and Settings\username\Application Data\Sun\Java

Step 3

Going over your logs I noticed that you have

Link to post
Share on other sites

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Fri Aug 20 18:13:15 2010

Found and removed: C:\Documents and Settings\Willie Rose\Application Data\Sun\Java\jre1.6.0_17

Found and removed: Software\Classes\JavaPlugin.160_20

------------------------------------

Finished reporting.

ComboFix 10-08-19.02 - Willie Rose 08/20/2010 18:37:30.1.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3325.2513 [GMT -5:00]

Running from: c:\documents and settings\Willie Rose\Desktop\Combo-Fix.exe

AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\Downloaded Program Files\popcaploader.inf

.

((((((((((((((((((((((((( Files Created from 2010-07-20 to 2010-08-20 )))))))))))))))))))))))))))))))

.

2010-08-15 00:36 . 2010-08-15 00:36 -------- d-----w- c:\documents and settings\Willie Rose Jr\Application Data\comcasttb

2010-08-15 00:02 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-15 00:02 . 2010-08-15 00:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-15 00:02 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-14 23:18 . 2010-08-14 23:18 -------- d-----w- c:\documents and settings\Willie Rose Jr\Application Data\Malwarebytes

2010-08-12 11:36 . 2010-08-12 11:36 -------- d--h--w- c:\windows\system32\GroupPolicy

2010-08-11 21:40 . 2010-08-15 00:36 -------- d-----w- c:\documents and settings\Willie Rose\Application Data\Malwarebytes

2010-08-11 21:40 . 2010-08-15 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-29 01:58 . 2006-01-04 18:04 729161 ----a-w- c:\windows\system32\fpimage.dll

2010-07-29 01:58 . 2010-07-29 01:58 -------- d-----w- c:\program files\Respondus LockDown Browser

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-20 23:23 . 2009-08-19 23:22 -------- d-----w- c:\documents and settings\Willie Rose\Application Data\uTorrent

2010-08-13 08:04 . 2009-08-17 04:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-08-09 23:07 . 2009-08-17 14:06 -------- d-----w- c:\program files\Norton SystemWorks Basic Edition

2010-07-31 20:11 . 2010-07-04 18:29 -------- d-----w- c:\documents and settings\Willie Rose\Application Data\CallingID

2010-07-29 01:58 . 2009-08-16 23:42 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-07-24 11:49 . 2010-06-05 11:49 664 ----a-w- c:\documents and settings\Willie Rose Jr\Local Settings\Application Data\d3d9caps.dat

2010-07-09 05:11 . 2010-06-24 01:11 664 ----a-w- c:\documents and settings\Ann Rose\Local Settings\Application Data\d3d9caps.dat

2010-07-05 16:26 . 2009-08-17 02:54 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-07-04 19:46 . 2009-08-16 23:42 -------- d-----w- c:\program files\NVIDIA Corporation

2010-07-04 19:46 . 2010-07-04 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation

2010-07-04 19:26 . 2009-08-17 02:54 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-07-04 19:26 . 2009-08-17 02:54 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-07-04 19:26 . 2009-08-17 02:54 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-07-04 19:26 . 2009-08-17 02:54 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-07-04 19:26 . 2009-08-17 02:54 -------- d-----w- c:\program files\Symantec

2010-07-04 19:26 . 2010-07-04 19:26 -------- d-----w- c:\program files\Norton Security Suite

2010-07-04 19:26 . 2010-07-04 19:26 -------- d-----w- c:\program files\Windows Sidebar

2010-07-04 19:26 . 2009-08-17 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2010-07-04 19:21 . 2010-07-04 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings

2010-07-04 19:21 . 2009-08-17 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

2010-07-04 19:19 . 2010-07-04 18:28 -------- d-----w- c:\documents and settings\Willie Rose\Application Data\comcasttb

2010-07-04 18:29 . 2010-07-04 18:28 -------- d-----w- c:\program files\comcasttb

2010-07-04 18:29 . 2010-07-04 18:29 -------- d-----w- c:\program files\Common Files\scanner

2010-07-04 18:29 . 2010-07-04 18:29 -------- d-----w- c:\program files\CA

2010-07-04 18:27 . 2010-07-04 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft

2010-07-04 18:27 . 2010-07-04 18:01 -------- d-----w- c:\program files\Common Files\SupportSoft

2010-07-04 18:27 . 2010-07-04 18:27 -------- d-----w- c:\program files\Comcast

2010-07-04 18:01 . 2010-07-04 18:01 -------- d-----w- c:\program files\support.com

2010-06-30 12:31 . 2004-08-04 10:00 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:22 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-23 13:44 . 2004-08-04 10:00 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2004-08-04 10:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-17 14:03 . 2004-08-04 10:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 14:31 . 2009-08-16 21:56 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-14 07:41 . 2004-08-04 10:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

2010-06-08 11:33 . 2009-08-27 13:42 256 ----a-w- c:\windows\system32\pool.bin

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]

"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-07-06 160328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2007-10-26 184352]

"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]

"NSWosCheck"="c:\program files\Norton SystemWorks Basic Edition\osCheck.exe" [2008-09-25 160112]

"NswUiTray"="c:\program files\Norton SystemWorks Basic Edition\NswUiTray.exe" [2008-09-25 85360]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2006-02-14 507904]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-06-08 236016]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-26 198160]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]

"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]

c:\documents and settings\Ann Rose\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\Willie Rose Jr\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\Willie Rose\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

YouTube Uploader for CASIO.lnk - c:\program files\CASIO\YouTube Uploader for CASIO\YStart.exe [2008-12-9 79808]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoChangeStartMenu"= 1 (0x1)

"NoLogOff"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2009-08-16 23:45 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\WINDOWS\\system32\\SUPDSvc.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0402000.00C\symds.sys [7/4/2010 4:28 PM 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0402000.00C\symefa.sys [7/4/2010 4:28 PM 173104]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100810.004\BHDrvx86.sys [8/9/2010 8:11 PM 692272]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0402000.00C\cchpx86.sys [7/4/2010 4:28 PM 501888]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0402000.00C\ironx86.sys [7/4/2010 4:28 PM 116784]

R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [6/17/2009 12:49 PM 616408]

R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe [7/4/2010 4:28 PM 126392]

R2 NProtectService;Norton UnErase Protection;c:\progra~1\NORTON~3\NORTON~1\NPROTECT.EXE [9/25/2008 2:53 PM 95600]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/19/2010 5:53 PM 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100818.002\IDSXpx86.sys [8/20/2010 6:13 PM 331640]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/27/2010 9:27 AM 135664]

S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [8/17/2009 12:21 AM 127656]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - APPMGMT

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

vvdsvc REG_MULTI_SZ vvdsvc

.

Contents of the 'Scheduled Tasks' folder

2010-08-13 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 14:27]

2010-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 14:27]

2010-08-09 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job

- c:\program files\Norton SystemWorks Basic Edition\OBC.exe [2008-09-25 19:52]

2010-08-20 c:\windows\Tasks\User_Feed_Synchronization-{4424D975-1D95-418D-B9C1-31C3E992191E}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 10:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.comcast.net/

mStart Page = hxxp://www.comcast.net/

mWindow Title = Windows Internet Explorer provided by Comcast

uInternet Connection Wizard,ShellNext = iexplore

IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

LSP: %SYSTEMROOT%\system32\nvappfilter.dll

FF - ProfilePath - c:\documents and settings\Willie Rose\Application Data\Mozilla\Firefox\Profiles\6tzudq62.default\

FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll

FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll

FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)

AddRemove-Qedoc Quiz Player- Jumanji - c:\windows\system32\javaws.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-20 18:41

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.2.0.12\diMaster.dll\" /prefetch:1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(756)

c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

c:\program files\CA\PPRT\bin\CACheck.dll

c:\program files\CA\PPRT\bin\CAHook.dll

c:\program files\CA\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(812)

c:\windows\system32\nvappfilter.dll

.

Completion time: 2010-08-20 18:44:02

ComboFix-quarantined-files.txt 2010-08-20 23:43

Pre-Run: 452,407,177,216 bytes free

Post-Run: 452,480,344,064 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - C11991DEB8E26645C8BDB1A1F6DD6A21

Link to post
Share on other sites

  1. Download FixPolicies.exe (by Bill Castner) and save it to your desktop.
  2. Double click on FixPolicies.exe to run it.
  3. Click on Install. It will create a folder named FixPolicies on your desktop.
  4. Open the FixPolicies folder.
  5. Double click on Fix_policies.cmd to run it. Command Prompt will open and close quickly; this is normal.

Let me know how are things now.

Link to post
Share on other sites

Things seem to back to normal. I had to restore my bookmarks in Firefox from a backup made 8/11. That seems to be the only issue. I am curious as to what type of malware hit me and if any information stored on my computer was compromised. Do you have any idea?

Link to post
Share on other sites

Yes, you can. ;)

Last steps:

Step 1

* Go to start > run and copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Step 2

To enable CD Emulation programs using DeFogger please perform these steps:

  1. Please download DeFogger to your desktop.
  2. Once downloaded, double-click on the DeFogger icon to start the tool.
  3. The application window will now appear. You should now click on the Enable button to enable your CD Emulation drivers
  4. When it prompts you whether or not you want to continue, please click on the Yes button to continue
  5. When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  6. If CD Emulation programs are present and have been enabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.

Step 3

Please manually delete Defogger, FixPolicies, JavaRa, DDS and GMER.

Step 4

Please download and install the latest version of Adobe Reader from:

www.adobe.com

About Java:

www.java.com/en

Step 5

Some malware preventions:

http://forums.malwarebytes.org/index.php?showtopic=9365

Safe surfing! :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.