Jump to content

epoclick.com and google.adsense redirects


dogonit23
 Share

Recommended Posts

I have gone through most malware, spyware, adware, registry fix, etc, etc and nothing is clearing my computer. I have been getting redirected to various websites, usually to advertising or gossip, yellow pages, Locos and especially when I do searches on Google. Now I am getting hit with this epoclick,com redirect that opens a new window and stalls my computer for an extended period of time while it tries to load.

I went through the process explained for window xp users and ended with my Combofix report.

Here is the results log from Combofix:

ComboFix 10-11-09.01 - rkoblasa 11/09/2010 21:42:03.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.1246 [GMT -8:00]

Running from: c:\documents and settings\rkoblasa\Desktop\Software Downloads\ComboFix.exe

.

((((((((((((((((((((((((( Files Created from 2010-10-10 to 2010-11-10 )))))))))))))))))))))))))))))))

.

2010-11-09 20:40 . 2010-10-27 06:10 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe

2010-11-09 20:40 . 2010-10-27 06:10 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll

2010-11-06 01:36 . 2010-11-06 01:36 -------- d-----w- c:\documents and settings\LocalService\Application Data\iolo

2010-11-06 01:36 . 2010-07-06 22:16 94384 ----a-w- c:\windows\system32\IncContxMenu.dll

2010-11-06 01:36 . 2010-07-06 22:16 2319536 ----a-w- c:\windows\system32\Incinerator.dll

2010-11-06 01:36 . 2010-02-03 17:21 12288 ----a-w- c:\windows\system32\smrgdf.exe

2010-11-06 01:36 . 2010-02-03 17:21 30208 ----a-w- c:\windows\system32\iolobtdfg.exe

2010-11-06 01:36 . 2010-11-06 01:36 -------- d-----w- c:\program files\iolo

2010-11-06 01:33 . 2010-11-06 01:33 74703 ----a-w- c:\windows\system32\mfc45.dll

2010-11-06 01:33 . 2010-11-06 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo

2010-11-06 01:33 . 2010-11-06 01:36 -------- d-----w- c:\documents and settings\rkoblasa\Application Data\iolo

2010-11-05 22:07 . 2010-11-05 22:07 -------- d-----w- C:\SPLICE

2010-11-05 21:40 . 2010-11-05 21:40 -------- d-----w- C:\WILD_GRASS

2010-11-05 09:14 . 2010-11-05 09:14 398744 ----a-r- c:\windows\system32\cpnprt2.cid

2010-11-05 09:14 . 2010-11-05 09:14 -------- d-----w- c:\windows\Cache

2010-11-05 09:14 . 2010-11-05 09:14 -------- d-----w- c:\program files\Coupons

2010-11-02 23:26 . 2010-11-02 23:26 -------- d-----w- C:\Toy Story 3

2010-11-02 23:16 . 2010-11-02 23:16 -------- d-----w- c:\program files\DVDFab 8

2010-11-02 22:41 . 2010-11-02 22:41 -------- d-----w- C:\NIGHTMARE_ON_ELM_STREET_2010

2010-10-30 03:55 . 2010-10-30 03:55 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp

2010-10-17 17:58 . 2010-10-17 18:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp

2010-10-14 05:27 . 2010-10-14 05:27 -------- d-----w- c:\windows\system32\MpEngineStore

2010-10-14 02:47 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2010-10-14 02:47 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2010-10-14 02:47 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2010-10-12 01:32 . 2010-10-13 09:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-10-12 01:32 . 2010-10-12 01:32 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-10-12 00:34 . 2010-11-10 03:46 -------- d-----w- c:\program files\Crawler

2010-10-12 00:29 . 2010-11-09 21:01 -------- d-----w- c:\program files\WinClamAVShield

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-06 17:20 . 2010-08-21 18:33 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-09-30 17:44 . 2010-09-30 17:44 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys

2010-09-18 19:23 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2006-02-28 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2006-02-28 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-15 11:50 . 2010-05-21 17:44 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-15 09:29 . 2010-05-21 17:44 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-09-10 05:58 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:58 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:58 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-09-01 11:51 . 2006-02-28 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:42 . 2006-02-28 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:02 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:57 . 2006-02-28 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 13:39 . 2006-02-28 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-26 12:52 . 2009-11-17 08:33 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-23 16:12 . 2006-02-28 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-17 13:17 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:45 . 2006-02-28 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-08-12 12:15 . 2010-08-19 14:22 15880 ----a-w- c:\windows\system32\lsdelete.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\rkoblasa\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\rkoblasa\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\rkoblasa\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-04-30 5472016]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]

"StrgSync.exe"="c:\program files\StorageSync\StrgSync.exe" [2005-10-08 3032576]

"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-07-03 160328]

"SubVid"="c:\program files\MindMovies\Subliminal\SubVid.exe" [2008-09-16 139264]

"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-09-30 3037696]

"Google Update"="c:\documents and settings\rkoblasa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-08 136176]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2008-04-11 16861184]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-28 13684736]

"nwiz"="nwiz.exe" [2009-03-28 1657376]

"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-09-04 75048]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2009-04-17 62760]

"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-29 202256]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]

"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-09-30 2183680]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-28 86016]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Conversion to PDF with ScanSnap Organizer.lnk - c:\program files\PFU\ScanSnap\Organizer\Ocr\PfuSsOrgOcr.exe [2009-11-20 36864]

ScanSnap Manager.lnk - c:\program files\PFU\ScanSnap\Driver\PfuSsMon.exe [2009-11-20 991232]

Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CardMinder Viewer.lnk]

backup=c:\windows\pss\CardMinder Viewer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^rkoblasa^Start Menu^Programs^Startup^Dropbox.lnk]

backup=c:\windows\pss\Dropbox.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

2008-10-15 05:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]

2003-09-29 20:17 175616 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]

2007-04-04 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]

2007-04-04 01:00 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElbyCheckAnyDVD]

2003-09-20 19:23 45056 ----a-w- c:\program files\SlySoft\AnyDVD\ElbyCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

2005-01-08 01:07 61952 ------w- c:\windows\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantBurn]

2007-06-05 02:24 599600 ----a-w- c:\progra~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jing]

2010-08-19 22:23 3069192 ----a-w- c:\program files\TechSmith\Jing\Jing.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]

2009-12-21 07:27 557056 ----a-w- c:\program files\lg_fwupdate\fwupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]

2005-05-20 03:38 1957888 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 19:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PfuSsSct.exe]

2003-12-22 18:06 110592 ----a-w- c:\program files\PFU\ScanSnap\PfuSsSct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]

2007-07-23 22:46 2499880 ------w- c:\program files\CyberLink\Power2Go\Power2GoExpress.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2009-04-17 03:54 87336 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StrgSync.exe]

2005-10-08 03:01 3032576 ----a-w- c:\program files\StorageSync\StrgSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2010-08-29 08:36 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TwitterSubmitter]

2009-09-25 16:50 2031616 ----a-w- c:\program files\Twitter Traffic Robot\TwitterTrafficRobot.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Documents and Settings\\rkoblasa\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=

"c:\\totalcmd\\TOTALCMD.EXE"=

"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [12/20/2009 11:17 PM 16048]

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [9/30/2010 9:44 AM 142592]

R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [12/20/2009 11:17 PM 162096]

R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [11/5/2010 5:36 PM 711352]

R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [11/5/2010 5:36 PM 711352]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/6/2010 12:35 PM 136176]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 4:15 AM 1375992]

--- Other Services/Drivers In Memory ---

*Deregistered* - Lavasoft Kernexplorer

.

Contents of the 'Scheduled Tasks' folder

2010-11-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 17:19]

2010-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 20:35]

2010-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 20:35]

2010-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1965331169-839522115-1003Core.job

- c:\documents and settings\rkoblasa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-08 16:47]

2010-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1965331169-839522115-1003UA.job

- c:\documents and settings\rkoblasa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-08 16:47]

2010-11-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1123561945-1965331169-839522115-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

2010-11-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1123561945-1965331169-839522115-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

2010-11-09 c:\windows\Tasks\User_Feed_Synchronization-{1316C4A1-C38E-4889-A5C4-FF0E341516D2}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 12:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.pch.com/?src=pch103604&edid=ZSQR8T-SP437-4ZT173-OFQ2AY-C1Z00-v1&email=dogonit23@cox.net

uInternet Settings,ProxyServer = http=127.0.0.1:50370

uInternet Settings,ProxyOverride = <local>

IE: Add to &Evernote - c:\program files\Evernote\Evernote3.5\enbar.dll/2000

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Crawler Search - tbr:iemenu

IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: {{E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\Evernote\Evernote3.5\enbar.dll

LSP: %SYSTEMROOT%\system32\nvLsp.dll

Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll

DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab

FF - ProfilePath - c:\documents and settings\rkoblasa\Application Data\Mozilla\Firefox\Profiles\l7vxv3b9.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com

FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60446&qkw=

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 50370

FF - prefs.js: network.proxy.type - 4

FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

FF - component: c:\program files\Crawler\firefox\components\xcomm.dll

FF - component: c:\program files\Crawler\firefox\components\xshared.dll

FF - component: c:\program files\Crawler\firefox\components\xsupport.dll

FF - component: c:\program files\Crawler\firefox\components\xwsg.dll

FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

.

------- File Associations -------

.

JSEFile=NOTEPAD.EXE %1

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-11-09 21:48

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(792)

c:\windows\system32\nvLsp.dll

- - - - - - - > 'explorer.exe'(3228)

c:\windows\system32\WININET.dll

c:\documents and settings\rkoblasa\Application Data\Dropbox\bin\DropboxExt.13.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-11-09 21:50:25

ComboFix-quarantined-files.txt 2010-11-10 05:50

ComboFix2.txt 2010-11-10 04:56

Pre-Run: 276,543,520,768 bytes free

Post-Run: 276,522,348,544 bytes free

- - End Of File - - 190AFC9400F6276D5AA5AF94785AC58A

PLEASE HELP!!!!!

Thanks!

Link to post
Share on other sites

Hello dogonit23

Welcome to Malwarebytes.

=====================

PLease reset your router to factory in order to remove this infection.

It is because the router is infected.

If you do not know how to do that then I can assist you or refer to this link > http://www.ehow.com/how_2110924_reset-back...t-settings.html

This will remove any wireless settings until it is set back up but it is the only way to remove it.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.