Jump to content

djc

Members
  • Posts

    10
  • Joined

  • Last visited

Reputation

0 Neutral
  1. All seems well: hibernation is still functional, and Google search results are no longer redirecting to random sites.
  2. Hello Borislav - New combofix log is below. Note that when I dragged the .txt file onto the combofix icon to launch the program, it first asked me if I wanted to updated to the newest version of combofix. I said "yes". -------------------------------------------------------------- ComboFix 10-08-07.02 - NP 08/08/2010 10:08:50.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.955 [GMT -4:00] Running from: c:\documents and settings\NP\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\NP\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FILE :: "c:\windows\Cfiluji.bin" "c:\windows\Tyujejonu.dat" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\NetworkService\Local Settings\Application Data\yvuobalpl C:\found.000 c:\found.000\dir0000.chk\sprtcmd.log;1 c:\found.000\dir0000.chk\sprtcmd.log;3 c:\windows\Cfiluji.bin c:\windows\Tyujejonu.dat . ((((((((((((((((((((((((( Files Created from 2010-07-08 to 2010-08-08 ))))))))))))))))))))))))))))))) . 2010-08-07 12:13 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2010-08-07 02:12 . 2010-08-07 02:12 -------- d-----w- C:\found.001 2010-08-06 14:47 . 2010-08-06 14:47 845800 ----a-w- c:\documents and settings\NP\Application Data\MSNInstaller\msnauins.exe 2010-08-06 14:47 . 2010-08-06 14:47 -------- d-----w- c:\documents and settings\NP\Application Data\MSNInstaller 2010-08-05 17:10 . 2010-08-05 17:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Thunderbird 2010-08-05 17:10 . 2010-08-05 17:10 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Thunderbird 2010-07-21 13:18 . 2010-07-21 13:18 921440 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgemc.exe 2010-07-21 13:18 . 2010-07-21 13:18 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll 2010-07-21 13:18 . 2010-07-21 13:18 1373536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll 2010-07-21 13:18 . 2010-07-21 13:18 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll 2010-07-21 07:22 . 2010-07-21 07:22 -------- d-----w- c:\program files\ESET 2010-07-16 17:18 . 2010-07-16 17:18 503808 ----a-w- c:\documents and settings\NP\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-32d48a22-n\msvcp71.dll 2010-07-16 17:18 . 2010-07-16 17:18 499712 ----a-w- c:\documents and settings\NP\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-32d48a22-n\jmc.dll 2010-07-16 17:18 . 2010-07-16 17:18 348160 ----a-w- c:\documents and settings\NP\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-32d48a22-n\msvcr71.dll 2010-07-16 02:53 . 2010-07-16 02:53 -------- d-----w- C:\$AVG 2010-07-16 02:20 . 2010-07-16 02:20 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-07-16 02:20 . 2010-07-16 02:20 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-07-16 02:19 . 2010-07-16 02:19 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-07-16 02:19 . 2010-07-16 02:19 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-07-16 02:19 . 2010-08-08 13:59 -------- d-----w- c:\windows\system32\drivers\Avg 2010-07-16 02:17 . 2010-07-16 02:17 -------- d-----w- c:\program files\AVG 2010-07-16 02:16 . 2010-07-16 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-07-15 14:52 . 2010-07-15 14:52 -------- d-----w- c:\documents and settings\NP\Application Data\Malwarebytes 2010-07-15 14:52 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-15 14:52 . 2010-07-18 15:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-15 14:52 . 2010-07-15 14:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-07-15 14:52 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-14 13:47 . 2010-07-14 13:47 -------- d-----w- c:\program files\MozBackup 2010-07-14 00:01 . 2010-07-14 00:01 552 ----a-w- c:\windows\system32\d3d8caps.dat 2010-07-13 12:39 . 2010-08-03 14:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-07-13 12:39 . 2010-07-14 00:01 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-07-13 11:35 . 2010-07-13 11:35 -------- d-----w- c:\documents and settings\NP\Local Settings\Application Data\{E96B41CA-6FB7-4299-8B3A-F5A56C456238} . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-08 03:39 . 2007-11-01 18:01 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-08-05 20:17 . 2009-09-21 21:56 -------- d-----w- c:\documents and settings\NP\Application Data\FileZilla 2010-08-05 14:56 . 2007-11-13 17:09 -------- d-----w- c:\program files\Trillian 2010-08-05 14:54 . 2010-02-25 20:30 -------- d-----w- c:\documents and settings\NP\Application Data\vlc 2010-07-24 16:02 . 2007-11-01 21:53 -------- d-----w- c:\documents and settings\NP\Application Data\U3 2010-07-20 20:42 . 2006-12-20 17:41 8093927 ----a-w- c:\documents and settings\NP\Application Data\Thunderbird\Profiles\ssoz663s.default\Mail\mail.asminternet.com\6- Ecomodder.com 2010-07-20 18:54 . 2005-04-08 16:30 2107518 ----a-w- c:\documents and settings\NP\Application Data\Thunderbird\Profiles\ssoz663s.default\Mail\mail.asminternet.com\Misc.sbd\Cryslersfarm.com 2010-07-18 12:07 . 2007-10-25 00:06 -------- d-----w- c:\program files\Java 2010-07-18 11:48 . 2007-10-25 00:21 -------- d-----w- c:\program files\Common Files\Adobe 2010-07-18 11:17 . 2007-10-25 00:21 -------- d-----w- c:\program files\Google 2010-07-16 18:26 . 2010-08-03 14:42 153602 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat 2010-07-15 20:02 . 2008-08-04 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\FRISK Software 2010-06-14 14:31 . 2004-08-10 18:02 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "cdloader"="c:\documents and settings\NP\Application Data\mjusbsp\cdloader2.exe" [2009-04-10 50520] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 282624] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184] "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2007-02-20 1191936] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112] "ACU"="c:\program files\WLAN\ACU.exe" [2006-01-05 303104] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-7 113664] CleverKeys.lnk - c:\program files\Lexico\CleverKeys\CK.exe [2007-11-1 561664] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-10-24 24576] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-07-16 02:20 12536 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify] 2001-11-02 15:50 24636 ----a-w- c:\windows\system32\PCANotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\ABC\\abc.exe"= "c:\\Program Files\\Symantec\\pcAnywhere\\WINAW32.EXE"= "c:\\Program Files\\Symantec\\pcAnywhere\\AWHOST32.EXE"= "c:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Trillian\\trillian.exe"= "c:\\WebSite\\httpd32.exe"= "c:\\WINDOWS\\system32\\ftp.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Program Files\\Ipswitch\\WS_FTP Home\\wsftpgui.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Documents and Settings\\NP\\Application Data\\mjusbsp\\magicJack.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [15/07/2010 10:19 PM 216400] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [15/07/2010 10:20 PM 243024] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [21/07/2010 9:16 AM 921952] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [15/07/2010 10:18 PM 308136] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [22/02/2010 9:34 AM 135664] S3 Cold Fusion Application Server;Cold Fusion Application Server;c:\cfusion\BIN\cfserver.exe [16/11/2007 3:48 PM 3659264] S3 Cold Fusion Executive;Cold Fusion Executive;c:\cfusion\BIN\cfexec.exe [16/11/2007 3:48 PM 373760] S3 Cold Fusion RDS;Cold Fusion RDS;c:\cfusion\BIN\cfrdsservice.exe [01/11/2007 8:47 PM 1487360] S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\ICDUSB2.sys [28/11/2002 10:23 PM 39048] S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?] S3 NuVision;Hauppauge WinTV USB (NTSC);c:\windows\system32\drivers\Nuvision.sys [26/01/2008 3:32 PM 260144] S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [27/06/2008 1:39 AM 332928] . Contents of the 'Scheduled Tasks' folder 2010-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 13:34] 2010-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 13:34] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/&s=Ln4ZZK7aTq12apiG6bMsJTw7yHU uInternet Settings,ProxyOverride = *.local DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://bluenosegolf.homeunix.org/VatDec.cab FF - ProfilePath - c:\documents and settings\NP\Application Data\Mozilla\Firefox\Profiles\yoejhdqc.default\ FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF - HiddenExtension: XULRunner: {E96B41CA-6FB7-4299-8B3A-F5A56C456238} - c:\documents and settings\NP\Local Settings\Application Data\{E96B41CA-6FB7-4299-8B3A-F5A56C456238} ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-08 10:15 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(800) c:\windows\system32\awgina.dll c:\windows\system32\Ati2evxx.dll . Completion time: 2010-08-08 10:17:37 ComboFix-quarantined-files.txt 2010-08-08 14:17 ComboFix2.txt 2010-08-07 02:22 Pre-Run: 20,611,031,040 bytes free Post-Run: 20,589,400,064 bytes free - - End Of File - - BF547B51F99EA590AA9FFAE587BB3A06
  3. The hibernation feature of the computer is now working again, and clicking Google search results seems to be back to normal also. But after rebooting the computer again, windows firewall remains off. (Should I turn it back on?)
  4. While running combo-fix, I got a message that my firewall is not turned on. It was enabled prior to running combo-fix. Since rebooting the computer, I'm still getting the message (no firewall - "computer may be at risk").
  5. Here is the combo-fix.txt report: ComboFix 10-08-06.01 - NP 06/08/2010 21:53:34.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1329 [GMT -4:00] Running from: c:\documents and settings\NP\Desktop\Combo-Fix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\NP\Recent\Thumbs.db C:\LOGE7.tmp c:\windows\command c:\windows\command\EXTRACT.PIF c:\windows\system32\drivers\idafymw.sys c:\windows\system32\drivers\tipogsvb.sys c:\windows\system32\PRAGMAerrors.log . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_jdgm -------\Legacy_llna -------\Service_jdgm -------\Service_llna ((((((((((((((((((((((((( Files Created from 2010-07-07 to 2010-08-07 ))))))))))))))))))))))))))))))) . 2010-08-07 02:12 . 2010-08-07 02:12 -------- d-----w- C:\found.001 2010-08-06 14:47 . 2010-08-06 14:47 -------- d-----w- c:\documents and settings\NP\Application Data\MSNInstaller 2010-08-05 17:10 . 2010-08-05 17:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Thunderbird 2010-08-05 17:10 . 2010-08-05 17:10 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Thunderbird 2010-08-05 12:30 . 2010-08-05 12:30 -------- d-----w- C:\found.000 2010-07-21 07:22 . 2010-07-21 07:22 -------- d-----w- c:\program files\ESET 2010-07-16 02:53 . 2010-07-16 02:53 -------- d-----w- C:\$AVG 2010-07-16 02:20 . 2010-07-16 02:20 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-07-16 02:20 . 2010-07-16 02:20 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-07-16 02:19 . 2010-07-16 02:19 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-07-16 02:19 . 2010-07-16 02:19 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-07-16 02:19 . 2010-08-07 01:17 -------- d-----w- c:\windows\system32\drivers\Avg 2010-07-16 02:17 . 2010-07-16 02:17 -------- d-----w- c:\program files\AVG 2010-07-16 02:16 . 2010-07-16 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-07-15 14:52 . 2010-07-15 14:52 -------- d-----w- c:\documents and settings\NP\Application Data\Malwarebytes 2010-07-15 14:52 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-15 14:52 . 2010-07-18 15:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-15 14:52 . 2010-07-15 14:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-07-15 14:52 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-14 13:47 . 2010-07-14 13:47 -------- d-----w- c:\program files\MozBackup 2010-07-14 00:01 . 2010-07-14 01:59 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\yvuobalpl 2010-07-14 00:01 . 2010-07-14 00:01 552 ----a-w- c:\windows\system32\d3d8caps.dat 2010-07-13 12:39 . 2010-08-03 14:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-07-13 12:39 . 2010-07-14 00:01 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-07-13 11:35 . 2010-07-15 17:20 120 ----a-w- c:\windows\Tyujejonu.dat 2010-07-13 11:35 . 2010-07-15 14:15 0 ----a-w- c:\windows\Cfiluji.bin 2010-07-13 11:35 . 2010-07-13 11:35 -------- d-----w- c:\documents and settings\NP\Local Settings\Application Data\{E96B41CA-6FB7-4299-8B3A-F5A56C456238} . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-06 16:58 . 2007-11-01 18:01 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-08-06 14:47 . 2010-08-06 14:47 845800 ----a-w- c:\documents and settings\NP\Application Data\MSNInstaller\msnauins.exe 2010-08-05 20:17 . 2009-09-21 21:56 -------- d-----w- c:\documents and settings\NP\Application Data\FileZilla 2010-08-05 14:56 . 2007-11-13 17:09 -------- d-----w- c:\program files\Trillian 2010-08-05 14:54 . 2010-02-25 20:30 -------- d-----w- c:\documents and settings\NP\Application Data\vlc 2010-07-24 16:02 . 2007-11-01 21:53 -------- d-----w- c:\documents and settings\NP\Application Data\U3 2010-07-21 13:18 . 2010-07-21 13:18 921440 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgemc.exe 2010-07-21 13:18 . 2010-07-21 13:18 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll 2010-07-21 13:18 . 2010-07-21 13:18 1373536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll 2010-07-21 13:18 . 2010-07-21 13:18 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll 2010-07-20 20:42 . 2006-12-20 17:41 8093927 ----a-w- c:\documents and settings\NP\Application Data\Thunderbird\Profiles\ssoz663s.default\Mail\mail.asminternet.com\6- Ecomodder.com 2010-07-20 18:54 . 2005-04-08 16:30 2107518 ----a-w- c:\documents and settings\NP\Application Data\Thunderbird\Profiles\ssoz663s.default\Mail\mail.asminternet.com\Misc.sbd\Cryslersfarm.com 2010-07-18 12:07 . 2007-10-25 00:06 -------- d-----w- c:\program files\Java 2010-07-18 11:48 . 2007-10-25 00:21 -------- d-----w- c:\program files\Common Files\Adobe 2010-07-18 11:17 . 2007-10-25 00:21 -------- d-----w- c:\program files\Google 2010-07-16 18:26 . 2010-08-03 14:42 153602 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat 2010-07-16 17:18 . 2010-07-16 17:18 503808 ----a-w- c:\documents and settings\NP\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-32d48a22-n\msvcp71.dll 2010-07-16 17:18 . 2010-07-16 17:18 499712 ----a-w- c:\documents and settings\NP\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-32d48a22-n\jmc.dll 2010-07-16 17:18 . 2010-07-16 17:18 348160 ----a-w- c:\documents and settings\NP\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-32d48a22-n\msvcr71.dll 2010-07-15 20:02 . 2008-08-04 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\FRISK Software . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "cdloader"="c:\documents and settings\NP\Application Data\mjusbsp\cdloader2.exe" [2009-04-10 50520] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 282624] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184] "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2007-02-20 1191936] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112] "ACU"="c:\program files\WLAN\ACU.exe" [2006-01-05 303104] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-7 113664] CleverKeys.lnk - c:\program files\Lexico\CleverKeys\CK.exe [2007-11-1 561664] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-10-24 24576] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-07-16 02:20 12536 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify] 2001-11-02 15:50 24636 ----a-w- c:\windows\system32\PCANotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\ABC\\abc.exe"= "c:\\Program Files\\Symantec\\pcAnywhere\\WINAW32.EXE"= "c:\\Program Files\\Symantec\\pcAnywhere\\AWHOST32.EXE"= "c:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Trillian\\trillian.exe"= "c:\\WebSite\\httpd32.exe"= "c:\\WINDOWS\\system32\\ftp.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Program Files\\Ipswitch\\WS_FTP Home\\wsftpgui.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Documents and Settings\\NP\\Application Data\\mjusbsp\\magicJack.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [15/07/2010 10:19 PM 216400] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [15/07/2010 10:20 PM 243024] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [21/07/2010 9:16 AM 921952] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [15/07/2010 10:18 PM 308136] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [22/02/2010 9:34 AM 135664] S3 Cold Fusion Application Server;Cold Fusion Application Server;c:\cfusion\BIN\cfserver.exe [16/11/2007 3:48 PM 3659264] S3 Cold Fusion Executive;Cold Fusion Executive;c:\cfusion\BIN\cfexec.exe [16/11/2007 3:48 PM 373760] S3 Cold Fusion RDS;Cold Fusion RDS;c:\cfusion\BIN\cfrdsservice.exe [01/11/2007 8:47 PM 1487360] S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\ICDUSB2.sys [28/11/2002 10:23 PM 39048] S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?] S3 NuVision;Hauppauge WinTV USB (NTSC);c:\windows\system32\drivers\Nuvision.sys [26/01/2008 3:32 PM 260144] S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [27/06/2008 1:39 AM 332928] . Contents of the 'Scheduled Tasks' folder 2010-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 13:34] 2010-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 13:34] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/&s=Ln4ZZK7aTq12apiG6bMsJTw7yHU uInternet Settings,ProxyOverride = *.local DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://bluenosegolf.homeunix.org/VatDec.cab FF - ProfilePath - c:\documents and settings\NP\Application Data\Mozilla\Firefox\Profiles\yoejhdqc.default\ FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF - HiddenExtension: XULRunner: {E96B41CA-6FB7-4299-8B3A-F5A56C456238} - c:\documents and settings\NP\Local Settings\Application Data\{E96B41CA-6FB7-4299-8B3A-F5A56C456238} ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - HKLM-Run-Malwarebytes Anti-Malware (rootkit-scan) - c:\program files\Malwarebytes' Anti-Malware\firefox.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-06 22:15 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(808) c:\windows\system32\awgina.dll c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2976) c:\windows\system32\WININET.dll c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Roxio\Drag-to-Disc\Shellex.dll c:\windows\system32\DLAAPI_W.DLL c:\windows\system32\CDRTC.DLL c:\program files\Roxio\Drag-to-Disc\ShellRes.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\windows\system32\acs.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\windows\stsystra.exe c:\program files\ATI Technologies\ATI.ACE\CLI.EXE c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe c:\windows\system32\wscntfy.exe c:\program files\ATI Technologies\ATI.ACE\cli.exe . ************************************************************************** . Completion time: 2010-08-06 22:22:01 - machine was rebooted ComboFix-quarantined-files.txt 2010-08-07 02:21 Pre-Run: 19,219,169,280 bytes free Post-Run: 20,815,970,304 bytes free - - End Of File - - 4024B8823506123B5DC23BAD5F6856AD
  6. Hello - My computer is getting a clean bill of health from MBAM, F-PROT and AVG following a malware infection, but I'm still experiencing these problems: 1) my system will no longer hibernate. I briefly get the windows "Preparing to hibernate" dialog, but then it closes and I'm returned to whatever I was doing. Hibernation worked fine prior to the infection. 2) Clicking Google search results in Firefox (haven't tested IE) are randomly redirected to unrelated sites. 3) Firefox randomly opens new tabs to unrequested sites (which are sometimes blocked as threats by AVG). --- Copy/Paste the contents of 'DDS.txt' to be posted as text to your post The other two logs ... * attach.txt * ark.txt ... should be zipped/archived before attaching to the post Attach.txt is zipped & attached to this post. However, I could not get the GMER Rootkit Scanner to complete successfully after 2 attempts. It runs for several hours, and when I return to the computer I see a series of pop-up error messages like this: The filename in the error messages varies. I'm not able to save the log file at that point, and the computer is hobbled (applications won't open, etc.) and must be rebooted. Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.