Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page FireFox trouble
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 12-28-2008, 10:08 AM   #1 (permalink)
Registered User
 
Join Date: Dec 2008
Posts: 9
OS: xp


FireFox trouble
I am having the same problem as this person:
http://www.techsupportforum.com/secu...edirected.html

When i am on google searching for something, i click on the link i want to go to and it goes to a different page, different from my result.

If you need more than what i have given, please contact me threw pm or by replying, THANKS!

DDS (Version 1.1.0) - NTFSx86
Run by Administrator at 15:12:29.42 on Sat 12/27/2008
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.317 [GMT -6:00]

AV: avast! antivirus 4.8.1296 [VPS 081227-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\IFXTCS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe -k Cognizance
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\IFXSPMGT.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Novadigm\ManagementAgent\nvdkit.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Documents and Settings\Administrator\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Free Download Manager2\fdm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\EMCO Malware Destroyer\MalwareDestroyer.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.hp.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.yahoo.com/search/ie.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: GigagetIEHelper Class: {111caa23-6f4f-42ac-8555-b48c1d87bbab} - c:\windows\system32\gigagetbho_v10.dll
BHO: {1A2641AE-2C42-4C51-A05F-8ECEC3FDC94D} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: {8170D7DC-BDD6-461e-88EB-F047257898C9} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager2\iefdm2.dll
BHO: HP Credential Manager for ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hpq\iam\bin\ItIeAddIN.dll
BHO: {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [fsm]
uRun: [LxrAutorun] c:\documents and settings\administrator\local settings\application data\lexar media\LxrAutorun.exe
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [360desktop]
uRun: [Free Download Manager] "c:\program files\free download manager2\fdm.exe" -autorun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [PTHOSTTR] c:\program files\hpq\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hpq\iam\bin\AsTsVcc.dll,RegisterModule
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AccelerometerSysTrayApplet] c:\windows\system32\AccelerometerSt.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [FRYMXINS] "c:\program files\ati technologies\fire gl 3d studio max\atiimxgl"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [COMODO SafeSurf] "c:\program files\comodo\safesurf\cssurf.exe" -s
mRun: [AdVantage Setup] c:\program files\daemon tools lite\AdVantageSetup.exe
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [Aluxohiyim] rundll32.exe "c:\windows\Xbisaluline.dll",e
mRun: [Hvibapow] rundll32.exe "c:\windows\uxabekey.dll",e
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe
IE: &Download All by Gigaget - c:\program files\giganology\gigaget\getallurl.htm
IE: &Download by Gigaget - c:\program files\giganology\gigaget\geturl.htm
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download all with Free Download Manager - file://c:\program files\free download manager2\dlall.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager2\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager2\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager2\dllink.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\administrator\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\puresp3.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IfxWlxEN - IfxWlxEN.dll
Notify: OneCard - c:\program files\hpq\iam\bin\AsWlnPkg.dll
AppInit_DLLs: c:\windows\system32\cssdll32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli AsWlnPkg

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\vw3m12gv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1640187&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - component: c:\program files\free download manager2\firefox\extension\components\vmsfdmff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ZangoSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: XUL Cache: {FE78DF3E-8DF9-4016-86C3-DD86778540D4} - c:\documents and settings\administrator\local settings\application data\{FE78DF3E-8DF9-4016-86C3-DD86778540D4}

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("general.useragent.vendorComment", "ax");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("security.xpconnect.activex.global.hosting_flags", 9);
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("security.classID.allowByDefault", false);
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6BF52A52-394A-11D3-B153-00C04F79FAA6", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID22D6F312-B0F6-11D0-94AB-0080C74C7E95", "AllAccess");

============= SERVICES / DRIVERS ===============

R0 phmcd;phmcd;c:\windows\system32\drivers\phmcd.sys [2008-4-8 40960]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-27 111184]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2005-10-25 35488]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2006-2-28 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-27 20560]
R2 avast! Antivirus;avast! Antivirus;"c:\program files\alwil software\avast4\ashServ.exe" [2008-12-27 155160]
R2 LxrSII1d;Secure II Driver;\??\c:\windows\system32\drivers\LxrSII1d.sys [2008-10-27 72672]
R2 rma;Radia Management Agent;C:/Novadigm/ManagementAgent/nvdkit.exe [2005-9-19 1968446]
R3 avast! Mail Scanner;avast! Mail Scanner;"c:\program files\alwil software\avast4\ashMaiSv.exe" /service [2008-12-27 254040]
R3 avast! Web Scanner;avast! Web Scanner;"c:\program files\alwil software\avast4\ashWebSv.exe" /service [2008-12-27 352920]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2008-3-27 87936]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\IFXTPM.SYS [2005-6-10 35968]
S2 Apache2.2;Apache2.2;"c:\documents and settings\administrator\desktop\xampp\apache\bin\apache.exe" -k runservice []
S3 RkHit;RkHit;\??\c:\windows\system32\drivers\RKHit.sys [2008-9-16 28672]

=============== Created Last 30 ================

2008-12-27 15:02 <DIR> --d----- c:\program files\EMCO Malware Destroyer
2008-12-27 13:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avg8
2008-12-26 21:04 <DIR> --d----- c:\program files\Matrix_ks
2008-12-26 21:04 1,917,952 a------- c:\windows\MATRIX_KS.SCR
2008-12-26 20:50 729,686 a------- c:\windows\system32\Alpha Galaxy 1280.scr
2008-12-26 20:50 <DIR> --d----- c:\program files\adni18
2008-12-26 11:21 39 a------- c:\windows\system32\SpywareCease.lie
2008-12-26 10:56 22,528 a------- c:\windows\system32\wsock32.dlb
2008-12-26 10:56 205,560 a------- c:\windows\UNBOC.EXE
2008-12-26 10:56 212,728 a------- c:\windows\CMDLIC.DLL
2008-12-23 08:08 <DIR> --d----- c:\program files\WebSite X5 Evolution
2008-12-22 11:19 29,696 a------- c:\windows\system32\VB5STKIT.DLL
2008-12-22 11:19 6,114 a------- c:\windows\system32\SHELLLNK.TLB
2008-12-22 11:19 185,344 a------- c:\windows\system32\iwpsetup.exe
2008-12-22 08:32 <DIR> --d----- c:\program files\Malware Defender
2008-12-22 07:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PMB Files
2008-12-22 07:32 <DIR> --d----- c:\program files\Pando Networks
2008-12-21 17:40 1,435,272 a------- c:\windows\system32\Flash.ocx
2008-12-21 17:40 131,856 a------- c:\windows\system32\MSADODC.ocx
2008-12-21 17:40 11,012 a------- c:\windows\system32\threadapi.tlb
2008-12-21 17:40 <DIR> --d----- c:\program files\MalwareRemover.com
2008-12-21 17:33 <DIR> --d----- c:\documents and settings\all users\Comodo
2008-12-21 16:58 12,309 a------- c:\windows\scunin.dat
2008-12-21 16:58 68,096 a------- c:\windows\ScUnin.exe
2008-12-21 16:58 967 a------- c:\windows\ScUnin.pif
2008-12-21 16:57 <DIR> --d----- c:\program files\Starcraft
2008-12-20 20:53 132,096 a------- c:\windows\uxabekey.dll
2008-12-20 20:41 41,984 a------- c:\windows\Xbisaluline.dll
2008-12-20 20:40 41,984 a------- c:\windows\system32\~.exe
2008-12-19 20:29 <DIR> --d----- c:\program files\common files\Blizzard Entertainment
2008-12-19 19:21 <DIR> --d----- c:\program files\Saga
2008-12-18 11:14 <DIR> --d----- c:\program files\NCH Swift Sound
2008-12-17 10:46 49,904 a----r-- c:\windows\system32\drivers\BVRPMPR5.SYS
2008-12-17 10:45 <DIR> --d----- C:\Netgear
2008-12-16 19:00 <DIR> --d----- c:\docume~1\admini~1\applic~1\BitTorrent
2008-12-16 19:00 <DIR> --d----- c:\program files\BitTorrent
2008-12-14 17:40 <DIR> --d----- c:\program files\MyLanViewer
2008-12-14 17:13 <DIR> --d----- c:\docume~1\admini~1\applic~1\Mikrotik
2008-12-14 10:34 <DIR> --d----- c:\program files\CBS Software
2008-12-13 15:36 <DIR> --d----- c:\windows\system32\CatRoot_bak
2008-12-13 15:15 25,792 a------- c:\windows\system32\drivers\pnarp.sys
2008-12-13 15:15 26,944 a------- c:\windows\system32\drivers\purendis.sys
2008-12-13 15:15 <DIR> --d----- c:\program files\common files\Pure Networks Shared
2008-12-13 15:15 <DIR> --d----- c:\program files\Pure Networks
2008-12-13 15:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Pure Networks
2008-12-13 15:03 <DIR> --d----- c:\program files\cFosSpeed
2008-12-13 12:57 <DIR> --d----- c:\program files\silkroad
2008-12-11 14:37 42,320 a------- c:\windows\system32\xfcodec.dll
2008-12-10 19:47 <DIR> --d----- c:\docume~1\admini~1\applic~1\avidemux
2008-12-10 19:46 <DIR> --d----- c:\program files\Avidemux 2.4
2008-12-08 20:47 <DIR> --d----- c:\docume~1\admini~1\applic~1\LimeWire
2008-12-08 17:49 <DIR> --d----- c:\docume~1\admini~1\applic~1\Free Download Manager
2008-12-08 17:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\FreeDownloadManager.ORG
2008-12-08 17:49 <DIR> --d----- c:\program files\Free Download Manager2
2008-12-06 18:02 <DIR> --d----- c:\program files\WarRock
2008-12-02 21:01 <DIR> --d----- c:\program files\Phantombility
2008-12-01 20:25 23 a------- c:\windows\DownloadStudio.INI
2008-12-01 19:15 33 a------- c:\windows\DownloadStudioScheduleMonitor.INI
2008-12-01 19:14 <DIR> --d----- c:\program files\WinPcap
2008-12-01 18:59 <DIR> --d----- c:\docume~1\admini~1\applic~1\GetGo Software
2008-12-01 18:59 <DIR> --d----- c:\program files\GetGo Software
2008-11-30 16:14 291 a------- c:\windows\msfsetup.ini
2008-11-30 16:14 <DIR> --d----- C:\MWASPI
2008-11-30 16:14 30,208 -------- c:\windows\system32\WNASPI32.DLL
2008-11-30 16:14 8,096 -------- c:\windows\system32\drivers\MASPINT.SYS
2008-11-30 16:14 4,030 -------- c:\windows\system\WINASPI.DLL
2008-11-30 16:14 2,486 -------- c:\windows\system\AS16POST.BIN
2008-11-30 16:13 <DIR> --d----- c:\program files\PIXELA
2008-11-30 16:11 81,924 -------- c:\windows\system32\drivers\VC4CB104.SYS
2008-11-30 16:11 <DIR> --d----- c:\program files\REGSHAVE
2008-11-30 16:11 65,536 -------- c:\windows\system32\FINFCHECK.dll
2008-11-30 16:11 45,056 -------- c:\windows\system32\FINFCOPY.dll
2008-11-30 16:11 69,632 a------- c:\windows\system32\Fregshex.dll
2008-11-30 16:11 45,056 a------- c:\windows\system32\FCLKBTN.dll
2008-11-27 20:44 <DIR> --d----- c:\program files\360desktop
2008-11-27 20:44 <DIR> --d----- c:\docume~1\admini~1\applic~1\360desktop
2008-11-27 20:44 426 a------- c:\windows\{21D15DED-F125-46C8-8017-CB9F1CEB5B4D}_WiseFW.ini
2008-11-27 20:43 <DIR> --d----- c:\program files\common files\Wise Installation Wizard

==================== Find3M ====================

2008-12-19 20:39 31 a------- c:\documents and settings\administrator\jagex_runescape_preferences.dat
2008-11-06 18:31 215,616 a------- c:\windows\system32\drivers\truecrypt.sys
2008-11-01 13:22 8 a------- c:\docume~1\admini~1\applic~1\usb.dat
2008-10-22 18:00 61,440 a------- c:\windows\xspeech.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-06-11 15:05 30,601 a------- c:\documents and settings\administrator\x.exe
2004-07-22 10:51 3,432,656 a------- c:\program files\ManagedDX.CAB
2004-07-19 22:58 1,156,363 a------- c:\program files\BDANT.cab
2004-07-19 22:53 976,020 a------- c:\program files\BDAXP.cab
2004-07-09 14:17 13,265,040 a------- c:\program files\dxnt.cab
2004-07-09 09:13 15,493,481 a------- c:\program files\DirectX.cab
2004-07-09 09:13 703,080 a------- c:\program files\BDA.cab
2004-07-09 04:08 472,576 a------- c:\program files\dxsetup.exe
2004-07-09 04:08 2,242,560 a------- c:\program files\dsetup32.dll
2004-07-09 03:03 62,976 a------- c:\program files\DSETUP.dll
2008-08-20 14:02 61 ---sh--- c:\windows\cnerolf.dat

============= FINISH: 15:13:11.78 ===============
Attached Files
File Type: zip attach.zip (7.3 KB, 4 views)
traveler9559 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 12-30-2008, 09:21 PM   #2 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
Join Date: Oct 2007
Location: Georgia
Posts: 10,592
OS: XP SP3


Re: FireFox trouble
Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Your hard drive is almost full. Having too little free space on your hard drive can compromise system performance.

Quote:
C: is FIXED (NTFS) - 68 GiB total, 5.388 GiB free.
I suggest you move pictures, music, etc. to an external drive or USB stick if you have one and uninstall any programs that are never or hardly ever used.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

------------------------------------------------------
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-01-2009, 02:43 PM   #3 (permalink)
Registered User
 
Join Date: Dec 2008
Posts: 9
OS: xp


Re: FireFox trouble
I cant get ComboFix to run, keeps giving an error message.
"Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."
I am logged in on the admin account, and have done what it saws on the guide to combofix, still will not start.
traveler9559 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-01-2009, 04:05 PM   #4 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
Join Date: Oct 2007
Location: Georgia
Posts: 10,592
OS: XP SP3


Re: FireFox trouble
Please tell me exactly what you are doing when you get the message.

Did you save it to your desktop? Have you disabled all antivirus, antispyware, and firewall programs? What happens when you double-click ComboFix.exe?
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-02-2009, 06:12 PM   #5 (permalink)
Registered User
 
Join Date: Dec 2008
Posts: 9
OS: xp


Re: FireFox trouble
i disabled everything
and it says exactly what i wrote "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

it acts like it is loading with that little loading screen, but then an error message pops up and says it cant find the specified device or path. and at the top, where the title of the program usually is, it says 32788R22FWJFW\nircmd.com
traveler9559 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-02-2009, 06:27 PM   #6 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
Join Date: Oct 2007
Location: Georgia
Posts: 10,592
OS: XP SP3


Re: FireFox trouble
Hello again, traveler9559. Please do the following:

While Spybot's TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent tools from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • If TeaTimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.
------------------------------------------------------

Download ResetTeaTimer
  • and Save it to your Desktop.
  • Double-click ResetTeaTimer.zip
  • Double-click ResetTeaTimer.bat and click Run to remove all entries set by TeaTimer.
  • A DOS window will open and close again, this is normal.
------------------------------------------------------

If for some reason during these fixes you receive prompts from Spybot about whether to accept or deny any changes, please Accept them all.

------------------------------------------------------

Delete ComboFix.exe from your desktop.

Please download Combo-Fix.exe and Save it to your Desktop.

Go Start > Run and copy/paste the following single-line command into the Run box and click OK:

"%userprofile%\desktop\combo-fix.exe" /killall

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, ComboFix.txt in your next reply.

Note:
Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall.

------------------------------------------------------
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-04-2009, 11:38 AM   #7 (permalink)
Registered User
 
Join Date: Dec 2008
Posts: 9
OS: xp


Re: FireFox trouble
Ok, here is the log. It kept saying that COMODO was enabled, but it wasnt, just to let you know

ComboFix 09-01-02.01 - Administrator 2009-01-04 12:00:49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.680 [GMT -6:00]
Running from: c:\documents and settings\Administrator\desktop\combo-fix.exe
Command switches used :: /killall
AV: COMODO Antivirus *On-access scanning enabled* (Updated)
FW: COMODO Firewall *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://download.linksys.com
.
((((((((((((((((((((((((( Files Created from 2008-12-04 to 2009-01-04 )))))))))))))))))))))))))))))))
.

2009-01-02 19:09 . 2009-01-04 11:55 <DIR> d-------- C:\32788R22FWJFW.5.tmp
2009-01-01 15:40 . 2009-01-02 19:09 <DIR> d-------- C:\32788R22FWJFW.4.tmp
2009-01-01 15:39 . 2009-01-01 15:40 <DIR> d-------- C:\32788R22FWJFW.3.tmp
2009-01-01 15:39 . 2009-01-01 15:39 <DIR> d-------- C:\32788R22FWJFW.2.tmp
2009-01-01 15:34 . 2009-01-01 15:39 <DIR> d-------- C:\32788R22FWJFW.1.tmp
2009-01-01 15:33 . 2009-01-01 15:34 <DIR> d-------- C:\32788R22FWJFW.0.tmp
2008-12-31 18:23 . 2008-09-14 18:40 23,352 --a------ c:\windows\system32\drivers\pnpcap.sys
2008-12-31 18:22 . 2008-12-31 18:22 <DIR> d-------- c:\program files\Common Files\Pure Networks Shared
2008-12-31 18:22 . 2008-09-14 18:36 25,272 --a------ c:\windows\system32\drivers\purendis.sys
2008-12-31 18:22 . 2008-09-14 18:36 23,992 --a------ c:\windows\system32\drivers\pnarp.sys
2008-12-29 14:32 . 2008-12-29 14:33 <DIR> d-------- c:\program files\LimeWire
2008-12-29 11:47 . 2009-01-04 12:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\_comodo_
2008-12-29 11:09 . 2008-12-29 11:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\comodo
2008-12-29 11:09 . 2008-12-29 11:09 147,192 --a------ c:\windows\system32\guard32.dll
2008-12-29 11:09 . 2008-12-29 11:09 101,776 --a------ c:\windows\system32\drivers\cmdguard.sys
2008-12-29 11:09 . 2008-12-29 11:09 31,504 --a------ c:\windows\system32\drivers\cmdhlp.sys
2008-12-29 11:04 . 2008-12-29 11:04 120 --a------ c:\windows\CIS_Setup_3.5.57173.439_XP_Vista_x32.INI
2008-12-28 12:58 . 2008-12-28 12:59 134,656 --a------ c:\windows\efasayikovuviya.dll
2008-12-28 11:57 . 2008-12-30 14:35 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-28 11:57 . 2008-12-28 11:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-28 11:57 . 2008-12-28 11:57 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-12-27 15:19 . 2008-12-27 19:09 <DIR> d-------- c:\program files\Trojan Remover
2008-12-27 15:19 . 2008-12-27 15:40 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Simply Super Software
2008-12-27 15:19 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2008-12-27 15:19 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2008-12-27 15:19 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2008-12-27 15:19 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll
2008-12-27 15:19 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2008-12-27 15:14 . 2008-12-27 15:14 250 --a------ c:\windows\gmer.ini
2008-12-27 13:04 . 2008-12-27 13:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2008-12-26 21:04 . 2008-12-26 21:04 <DIR> d-------- c:\program files\Matrix_ks
2008-12-26 21:04 . 2003-05-19 23:19 1,917,952 --a------ c:\windows\MATRIX_KS.SCR
2008-12-26 20:50 . 2008-12-26 20:50 <DIR> d-------- c:\program files\adni18
2008-12-26 20:50 . 2008-12-26 20:50 729,686 --a------ c:\windows\system32\Alpha Galaxy 1280.scr
2008-12-26 11:21 . 2008-11-19 22:50 39 --a------ c:\windows\system32\SpywareCease.lie
2008-12-26 10:56 . 2008-07-14 05:09 212,728 --a------ c:\windows\CMDLIC.DLL
2008-12-26 10:56 . 2008-07-14 05:09 205,560 --a------ c:\windows\UNBOC.EXE
2008-12-26 10:56 . 2006-02-28 06:00 22,528 --a------ c:\windows\system32\wsock32.dlb
2008-12-23 08:08 . 2008-12-23 08:14 <DIR> d-------- c:\program files\WebSite X5 Evolution
2008-12-22 11:19 . 2007-08-23 15:05 185,344 --a------ c:\windows\system32\iwpsetup.exe
2008-12-22 11:19 . 1997-01-16 00:00 29,696 --a------ c:\windows\system32\VB5STKIT.DLL
2008-12-22 11:19 . 1997-01-16 13:42 6,114 --a------ c:\windows\system32\SHELLLNK.TLB
2008-12-22 08:32 . 2008-12-23 09:49 <DIR> d-------- c:\program files\Malware Defender
2008-12-22 07:34 . 2008-12-23 08:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\PMB Files
2008-12-22 07:32 . 2008-12-22 07:32 <DIR> d-------- c:\program files\Pando Networks
2008-12-21 17:40 . 2008-12-21 17:40 <DIR> d-------- c:\program files\MalwareRemover.com
2008-12-21 17:40 . 2005-08-27 03:38 1,435,272 --a------ c:\windows\system32\Flash.ocx
2008-12-21 17:40 . 2004-03-09 00:00 131,856 --a------ c:\windows\system32\MSADODC.ocx
2008-12-21 17:40 . 1999-01-26 19:36 11,012 --a------ c:\windows\system32\threadapi.tlb
2008-12-21 17:33 . 2008-12-21 17:33 <DIR> d-------- c:\documents and settings\All Users\Comodo
2008-12-21 16:57 . 2009-01-01 15:23 <DIR> d-------- c:\program files\Starcraft
2008-12-20 20:41 . 2008-12-20 20:41 41,984 --a------ c:\windows\Xbisaluline.dll
2008-12-20 20:40 . 2008-12-20 20:40 41,984 --a------ c:\windows\system32\b~.exe
2008-12-19 20:29 . 2008-12-19 20:29 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment
2008-12-19 19:21 . 2008-12-22 07:20 <DIR> d-------- c:\program files\Saga
2008-12-18 11:14 . 2008-12-18 11:14 <DIR> d-------- c:\program files\NCH Swift Sound
2008-12-18 11:14 . 2008-12-18 11:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2008-12-18 11:12 . 2008-12-21 16:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\NCH Software
2008-12-17 17:22 . 2008-12-17 17:22 <DIR> d-------- c:\documents and settings\Administrator\Application Data\InstallShield
2008-12-17 10:46 . 2008-04-03 13:36 49,904 -ra------ c:\windows\system32\drivers\BVRPMPR5.SYS
2008-12-17 10:45 . 2008-12-17 10:48 <DIR> d-------- C:\Netgear
2008-12-16 19:00 . 2008-12-16 19:00 <DIR> d-------- c:\program files\BitTorrent
2008-12-16 19:00 . 2008-12-19 15:32 <DIR> d-------- c:\documents and settings\Administrator\Application Data\BitTorrent
2008-12-14 17:40 . 2008-12-14 17:40 <DIR> d-------- c:\program files\MyLanViewer
2008-12-14 17:13 . 2008-12-14 17:13 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Mikrotik
2008-12-14 10:34 . 2008-12-14 10:34 <DIR> d-------- c:\program files\CBS Software
2008-12-13 15:36 . 2008-12-13 15:48 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-12-13 15:15 . 2008-12-31 18:23 <DIR> d-------- c:\program files\Pure Networks
2008-12-13 15:15 . 2008-12-13 15:15 <DIR> d-------- c:\program files\DIFX
2008-12-13 15:13 . 2008-12-31 18:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Pure Networks
2008-12-13 15:03 . 2008-12-13 15:08 <DIR> d-------- c:\program files\cFosSpeed
2008-12-13 12:57 . 2008-12-13 12:58 <DIR> d-------- c:\program files\silkroad
2008-12-11 14:37 . 2008-12-11 14:37 42,320 --a------ c:\windows\system32\xfcodec.dll
2008-12-10 19:47 . 2008-12-10 19:47 <DIR> d-------- c:\documents and settings\Administrator\Application Data\avidemux
2008-12-10 19:46 . 2008-12-10 19:55 <DIR> d-------- c:\program files\Avidemux 2.4
2008-12-08 20:47 . 2008-12-29 16:01 <DIR> d-------- c:\documents and settings\Administrator\Application Data\LimeWire
2008-12-08 17:49 . 2008-12-08 17:49 <DIR> d-------- c:\program files\Free Download Manager2
2008-12-08 17:49 . 2008-12-08 17:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
2008-12-08 17:49 . 2009-01-03 10:17 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Free Download Manager
2008-12-06 18:02 . 2008-12-17 17:24 <DIR> d-------- c:\program files\WarRock

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-04 18:22 --------- d-----w c:\program files\DNA
2009-01-04 18:22 --------- d-----w c:\documents and settings\Administrator\Application Data\DNA
2009-01-04 17:54 --------- d-----w c:\documents and settings\Administrator\Application Data\Xfire
2009-01-04 17:35 --------- d-----w c:\program files\Steam
2009-01-01 21:23 --------- d-----w c:\documents and settings\Administrator\Application Data\FileZilla
2008-12-30 21:22 --------- d-----w c:\documents and settings\Administrator\Application Data\IMVU
2008-12-29 17:09 --------- d-----w c:\program files\COMODO
2008-12-28 17:57 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-27 21:39 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-26 18:41 --------- d-----w c:\program files\Proxy Switcher Standard
2008-12-24 15:44 --------- d-----w c:\program files\Xfire
2008-12-23 16:19 --------- d-----w c:\documents and settings\Administrator\Application Data\.purple
2008-12-23 01:04 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-21 23:33 --------- d-----w c:\documents and settings\Administrator\Application Data\Comodo
2008-12-21 23:16 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-21 23:10 --------- d-----w c:\program files\phpDesigner 2008
2008-12-20 20:59 --------- d-----w c:\program files\Trillian
2008-12-20 02:39 31 ----a-w c:\documents and settings\Administrator\jagex_runescape_preferences.dat
2008-12-19 23:25 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-18 17:33 --------- d-----w c:\program files\Microsoft Games
2008-12-18 17:22 --------- d-----w c:\program files\Java
2008-12-18 16:59 --------- d-----w c:\documents and settings\Administrator\Application Data\Thinstall
2008-12-18 16:52 --------- d-----w c:\program files\No-IP
2008-12-17 16:55 --------- d-----w c:\documents and settings\Administrator\Application Data\DMCache
2008-12-11 02:01 --------- d-----w c:\documents and settings\Administrator\Application Data\gtk-2.0
2008-12-08 03:06 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-03 03:01 --------- d-----w c:\program files\Phantombility
2008-12-02 02:46 --------- d-----w c:\documents and settings\Administrator\Application Data\IMVUClient
2008-12-02 02:44 --------- d-----w c:\documents and settings\Administrator\Application Data\Move Networks
2008-12-02 01:15 --------- d-----w c:\program files\WinPcap
2008-12-02 00:59 --------- d-----w c:\program files\GetGo Software
2008-12-02 00:59 --------- d-----w c:\documents and settings\Administrator\Application Data\GetGo Software
2008-11-30 22:13 --------- d-----w c:\program files\PIXELA
2008-11-30 22:13 --------- d-----w c:\program files\FinePixViewer
2008-11-30 22:11 --------- d-----w c:\program files\REGSHAVE
2008-11-28 02:44 --------- d-----w c:\program files\360desktop
2008-11-28 02:44 --------- d-----w c:\documents and settings\Administrator\Application Data\360desktop
2008-11-24 00:31 --------- d-----w c:\documents and settings\Administrator\Application Data\U3
2008-11-15 02:41 --------- d-----w c:\program files\RJL Software, Inc
2008-11-12 02:07 --------- d-----w c:\program files\PTAutoRun
2008-11-07 00:38 --------- d-----w c:\documents and settings\Administrator\Application Data\TrueCrypt
2008-11-07 00:31 215,616 ----a-w c:\windows\system32\drivers\truecrypt.sys
2008-11-07 00:31 --------- d-----w c:\program files\TrueCrypt
2008-11-04 23:14 --------- d-----w c:\program files\Common Files\Adobe
2008-11-04 01:50 --------- d-----w c:\program files\Active Data Recovery Software
2008-11-01 19:22 8 ----a-w c:\documents and settings\Administrator\Application Data\usb.dat
2008-10-23 00:00 61,440 ----a-w c:\windows\xspeech.dll
2008-06-11 21:05 30,601 ----a-w c:\documents and settings\Administrator\x.exe
2004-07-22 16:51 3,432,656 ----a-w c:\program files\ManagedDX.CAB
2004-07-20 04:58 1,156,363 ----a-w c:\program files\BDANT.cab
2004-07-20 04:53 976,020 ----a-w c:\program files\BDAXP.cab
2004-07-09 20:17 13,265,040 ----a-w c:\program files\dxnt.cab
2004-07-09 15:13 703,080 ----a-w c:\program files\BDA.cab
2004-07-09 15:13 15,493,481 ----a-w c:\program files\DirectX.cab
2004-07-09 10:08 472,576 ----a-w c:\program files\dxsetup.exe
2004-07-09 10:08 2,242,560 ----a-w c:\program files\dsetup32.dll
2004-07-09 09:03 62,976 ----a-w c:\program files\DSETUP.dll
2008-08-20 20:02 61 --sh--w c:\windows\cnerolf.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
"LxrAutorun"="c:\documents and settings\Administrator\Local Settings\Application Data\Lexar Media\LxrAutorun.exe" [2007-03-07 24576]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-20 133104]
"Free Download Manager"="c:\program files\Free Download Manager2\fdm.exe" [2008-05-20 2474031]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FRYMXINS"="c:\program files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" [X]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 184320]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 122880]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-31 122940]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2006-01-16 53248]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608]
"COMODO SafeSurf"="c:\program files\COMODO\SafeSurf\cssurf.exe" [2008-09-17 278264]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"Aluxohiyim"="c:\windows\Xbisaluline.dll" [2008-12-20 41984]
"Hvibapow"="c:\windows\efasayikovuviya.dll" [2008-12-28 134656]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2008-12-29 1797880]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-09-14 648488]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 c:\windows\AGRSMMSG.exe]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-03-27 184320]
Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2002-01-09 200704]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 12:41 40960 c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= c:\program files\t@b\0.947\686\tabdec.dll
"vidc.iyuv"= c:\program files\t@b\0.947\686\tabdec.dll
"vidc.yvu9"= c:\program files\t@b\0.947\686\tabdec.dll
"VIDC.XFR1"= xfcodec.dll
"vidc.mpng"= c:\program files\t@b\0.947\686\tabdec.dll
"vidc.mjpg"= c:\program files\t@b\0.947\686\tabdec.dll
"vidc.mvjp"= c:\program files\t@b\0.947\686\tabdec.dll
"vidc.yv12"= c:\program files\t@b\0.947\686\tabdec.dll
"vidc.444p"= c:\program files\t@b\0.947\686\tabdec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli AsWlnPkg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StarWindServiceAE"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe"=
"c:\\Program Files\\Armagetron Advanced Dedicated\\armagetronad_dedicated.exe"=
"c:\\Program Files\\Armagetron Advanced\\armagetronad.exe"=
"c:\\Program Files\\phpDesigner 2008\\phpDesigner2008.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Firaxis Games\\Civilization III Complete\\Conquests\\Civ3Conquests.exe"=
"c:\\Program Files\\Cobian Backup 9\\Cobian.exe"=
"c:\\Program Files\\Cobian Backup 9\\cbInterface.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Java\\jre1.6.0_06\\bin\\javaw.exe"=
"c:\\Program Files\\Steam\\SteamApps\\mjmfighter\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\mjmfighter\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\DiskTrix\\UltimateDefrag2008\\UDefrag.exe"=
"c:\\Program Files\\Steam\\SteamApps\\mjmfighter\\source dedicated server\\srcds.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ATC Radar Screen v5\\ATC Radar Screen v50.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\MultiProxy\\mproxy.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Thinstall\\GrabPro - Toolbar\\4000005e00002i\\orbitnet.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\PROJECT FOR MY ROOM\\halo.exe"=
"c:\\Program Files\\360desktop\\360desktop.exe"=
"c:\\Program Files\\360desktop\\360manager.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\fshost\\FSHost32.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\fshostclient\\FSHostClient.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\SRO_New_Full-Client_Downloader.exe"=
"c:\\Program Files\\Proxy Switcher Standard\\ProxySwitcher.exe"=
"c:\\Program Files\\Free Download Manager2\\fdm.exe"=
"c:\\Documents and Settings\\Administrator\\My Documents\\Downloads\\winbox.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"64575:TCP"= 64575:TCP:*:Disabled:SolidNetworkManager
"64575:UDP"= 64575:UDP:*:Disabled:SolidNetworkManager
"5585:TCP"= 5585:TCP:5585
"8080:TCP"= 8080:TCP:8080
"86:TCP"= 86:TCP:BroadCam Web Server
"67:UDP"= 67:UDP:DHCP Discovery Service
"56875:TCP"= 56875:TCP:Pando Media Booster
"56875:UDP"= 56875:UDP:Pando Media Booster

R0 phmcd;phmcd;c:\windows\system32\drivers\phmcd.sys [2008-04-08 40960]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-12-29 101776]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-12-29 31504]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2005-10-25 35488]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-04 55024]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2008-03-27 87936]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-06-10 35968]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
R4 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2006-02-28 14336]
R4 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2008-10-27 72672]
R4 pnpcap;Pure Networks Packet Capture Driver;c:\windows\system32\drivers\pnpcap.sys [2008-12-31 23352]
R4 rma;Radia Management Agent;c:\novadigm\ManagementAgent\nvdkit.exe [2005-09-19 1968446]
S3 RkHit;RkHit;c:\windows\system32\drivers\RKHit.sys [2008-09-16 28672]
S4 Apache2.2;Apache2.2;"c:\documents and settings\Administrator\Desktop\xampp\apache\bin\apache.exe" -k runservice --> c:\documents and settings\Administrator\Desktop\xampp\apache\bin\apache.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel
.
Contents of the 'Scheduled Tasks' folder

2008-12-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2009-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1897051121-725345543-500.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-20 19:25]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
HKCU-Run-fsm - (no file)
HKCU-Run-360desktop - (no file)
HKLM-Run-AdVantage Setup - c:\program files\DAEMON Tools Lite\AdVantageSetup.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hp.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download All by Gigaget - c:\program files\Giganology\Gigaget\getallurl.htm
IE: &Download by Gigaget - c:\program files\Giganology\Gigaget\geturl.htm
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager2\dlall.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager2\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager2\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager2\dllink.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk

O16 -: {E62A8B6B-D91C-457C-B1FB-20CC2D96B4EC} - hxxp://www.personalfirewall.comodo.com/scan/ComodoAVScanner.cab
c:\windows\Downloaded Program Files\ComodoAVScanner.osd

- c:\windows\Downloaded Program Files\ComodoAVScanner.inf
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vw3m12gv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1640187&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-04 12:23:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????W??????(?@???????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rma]
"ImagePath"="C:/Novadigm/ManagementAgent/nvdkit.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rma]
"ImagePath"="C:/Novadigm/ManagementAgent/nvdkit.exe"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):f5,12,28,fc,b4,ab,b7,e0,07,f3,2e,c1,d8,05,19,5c,3c,92,6e,3c,83,\
b9,c4,df,ab,66,02,40,1e,8f,f8,fe,fd,e0,8f,59,38,22,cf,ab,00,00,00,00,00,00,\
00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{a198f70c-1994-429f-bc39-fb03695e0226}]
@Denied: (Full) (Everyone)
"Model"=dword:0000010b
"Therad"=dword:00000022
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,\
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
3f,ce,a2,4b,39,29,d8,6e,56,96,ef,f2,b6,76,c0,e7,86,05,46,8f,3c,f2,5c,68,ee,\
21,8c,c2,bc,f9,ea,af,0b,0d,1a,60,fd,e7,c1,34,ef,30,a6,f8,aa,81,66,db,ea,f7,\
63,45,22,6c,e5,8c,ee,b7,76,2a,41,45,50,7d,ba,db,ae,ee,c1,69,67,fa,56,94,e7,\
38,2e,98,d8,aa,db,af,5e,9d,bb,44,89,f4,77,8b,4c,c9,d4,be,aa,b0,65,1d,c8,89,\
6f,df,09,4b,37,14,0e,bc,74,f6,85,73,b0,3a,0e,4e,04,47,d2,d3,80,76,b9,f0,43,\
56,ff,e4,48,eb,25,4d,90,ab,1b,0c,d4,9f,d1,ab,80,50,12,ed,44,08,f5,44,8c,05,\
9b,4d,33,75,cb,f5,2e,74,78,3c,f7,95,2c,fd,f1,78,d9,1d,5a,42,49,8c,bf,1a,9d,\
fe,41,71,cb,3f,46,a4,7c,ab,3f,ce,e7,96,fd,08,04,4f,7c,02,f3,cb,e4,78,10,69,\
ec,58,b8,eb,e4,7b,2e,a8,de,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1052)
c:\windows\system32\Ati2evxx.dll
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

- - - - - - - > 'lsass.exe'(1112)
c:\program files\HPQ\IAM\bin\AsWlnPkg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\IFXTCS.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\scardsvr.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\IFXSPMGT.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\LxrSII1s.exe
c:\program files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\HPQ\IAM\Bin\asghost.exe
c:\windows\system32\rundll32.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2009-01-04 12:26:33 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-04 18:25:38

Pre-Run: 13,111,730,176 bytes free
Post-Run: 13,180,559,360 bytes free

434 --- E O F --- 2008-12-08 0355
traveler9559 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-04-2009, 01:18 PM   #8 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
Join Date: Oct 2007
Location: Georgia
Posts: 10,592
OS: XP SP3


Re: FireFox trouble
Hello again, traveler9559.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

It appears you didn't install the Recovery Console. Please choose to do so.

------------------------------------------------------

I see you have P2P software ( BitTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here, here, and here.

I would strongly recommend that you uninstall it, however that choice is up to you. If you choose to remove this program, you can do so via Control Panel >> Add or Remove Programs.

If you decide to uninstall BitTorrent, also delete these Folders if they still exist:

C:\Documents and Settings\Administrator\Application Data\BitTorrent
C:\Program Files\BitTorrent

------------------------------------------------------

Close any open browsers.

Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix.

Open Notepad and copy/paste all the text in the quotebox below into Notepad:

Quote:
http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/328686-firefox-trouble.html#post1895084

Collect::
c:\windows\efasayikovuviya.dll
c:\windows\Xbisaluline.dll
c:\windows\system32\b~.exe
Save this Notepad file as CFScript.txt to your Desktop and then close the file.





Referring to the picture above, drag CFScript onto ComboFix

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, ComboFix.txt in your next reply.

Note:
Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall.

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed.

With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK. A browser will open.

Simply follow the instructions to copy/paste/send the requested file.

Please let your helper know you successfully submitted the file.

------------------------------------------------------
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-04-2009, 02:26 PM   #9 (permalink)
Registered User
 
Join Date: Dec 2008
Posts: 9
OS: xp


Re: FireFox trouble
ok, no pop-up box came up, but the scan is completed. idk if the files were submitted but here is the report


ComboFix 09-01-02.01 - Administrator 2009-01-04 15:11:39.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.522 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: COMODO Antivirus *On-access scanning disabled* (Updated)
FW: COMODO Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\efasayikovuviya.dll
c:\windows\system32\b~.exe
c:\windows\Xbisaluline.dll

.
((((((((((((((((((((((((( Files Created from 2008-12-04 to 2009-01-04 )))))))))))))))))))))))))))))))
.

2009-01-02 19:09 . 2009-01-04 11:55 <DIR> d-------- C:\32788R22FWJFW.5.tmp
2009-01-01 15:40 . 2009-01-02 19:09 <DIR> d-------- C:\32788R22FWJFW.4.tmp
2009-01-01 15:39 . 2009-01-01 15:40 <DIR> d-------- C:\32788R22FWJFW.3.tmp
2009-01-01 15:39 . 2009-01-01 15:39 <DIR> d-------- C:\32788R22FWJFW.2.tmp
2009-01-01 15:34 . 2009-01-01 15:39 <DIR> d-------- C:\32788R22FWJFW.1.tmp
2009-01-01 15:33 . 2009-01-01 15:34 <DIR> d-------- C:\32788R22FWJFW.0.tmp
2008-12-31 18:23 . 2008-09-14 18:40 23,352 --a------ c:\windows\system32\drivers\pnpcap.sys
2008-12-31 18:22 . 2008-12-31 18:22 <DIR> d-------- c:\program files\Common Files\Pure Networks Shared
2008-12-31 18:22 . 2008-09-14 18:36 25,272 --a------ c:\windows\system32\drivers\purendis.sys
2008-12-31 18:22 . 2008-09-14 18:36 23,992 --a------ c:\windows\system32\drivers\pnarp.sys
2008-12-29 14:32 . 2008-12-29 14:33 <DIR> d-------- c:\program files\LimeWire
2008-12-29 11:47 . 2009-01-04 12:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\_comodo_
2008-12-29 11:09 . 2008-12-29 11:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\comodo
2008-12-29 11:09 . 2008-12-29 11:09 147,192 --a------ c:\windows\system32\guard32.dll
2008-12-29 11:09 . 2008-12-29 11:09 101,776 --a------ c:\windows\system32\drivers\cmdguard.sys
2008-12-29 11:09 . 2008-12-29 11:09 31,504 --a------ c:\windows\system32\drivers\cmdhlp.sys
2008-12-29 11:04 . 2008-12-29 11:04 120 --a------ c:\windows\CIS_Setup_3.5.57173.439_XP_Vista_x32.INI
2008-12-28 11:57 . 2008-12-30 14:35 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-28 11:57 . 2008-12-28 11:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-28 11:57 . 2008-12-28 11:57 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-12-27 15:19 . 2008-12-27 19:09 <DIR> d-------- c:\program files\Trojan Remover
2008-12-27 15:19 . 2008-12-27 15:40 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Simply Super Software
2008-12-27 15:19 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2008-12-27 15:19 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2008-12-27 15:19 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2008-12-27 15:19 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll
2008-12-27 15:19 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2008-12-27 15:14 . 2008-12-27 15:14 250 --a------ c:\windows\gmer.ini
2008-12-27 13:04 . 2008-12-27 13:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2008-12-26 21:04 . 2008-12-26 21:04 <DIR> d-------- c:\program files\Matrix_ks
2008-12-26 21:04 . 2003-05-19 23:19 1,917,952 --a------ c:\windows\MATRIX_KS.SCR
2008-12-26 20:50 . 2008-12-26 20:50 <DIR> d-------- c:\program files\adni18
2008-12-26 20:50 . 2008-12-26 20:50 729,686 --a------ c:\windows\system32\Alpha Galaxy 1280.scr
2008-12-26 11:21 . 2008-11-19 22:50 39 --a------ c:\windows\system32\SpywareCease.lie
2008-12-26 10:56 . 2008-07-14 05:09 212,728 --a------ c:\windows\CMDLIC.DLL
2008-12-26 10:56 . 2008-07-14 05:09 205,560 --a------ c:\windows\UNBOC.EXE
2008-12-26 10:56 . 2006-02-28 06:00 22,528 --a------ c:\windows\system32\wsock32.dlb
2008-12-23 08:08 . 2008-12-23 08:14 <DIR> d-------- c:\program files\WebSite X5 Evolution
2008-12-22 11:19 . 2007-08-23 15:05 185,344 --a------ c:\windows\system32\iwpsetup.exe
2008-12-22 11:19 . 1997-01-16 00:00 29,696 --a------ c:\windows\system32\VB5STKIT.DLL
2008-12-22 11:19 . 1997-01-16 13:42 6,114 --a------ c:\windows\system32\SHELLLNK.TLB
2008-12-22 08:32 . 2008-12-23 09:49 <DIR> d-------- c:\program files\Malware Defender
2008-12-22 07:34 . 2008-12-23 08:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\PMB Files
2008-12-22 07:32 . 2008-12-22 07:32 <DIR> d-------- c:\program files\Pando Networks
2008-12-21 17:40 . 2008-12-21 17:40 <DIR> d-------- c:\program files\MalwareRemover.com
2008-12-21 17:40 . 2005-08-27 03:38 1,435,272 --a------ c:\windows\system32\Flash.ocx
2008-12-21 17:40 . 2004-03-09 00:00 131,856 --a------ c:\windows\system32\MSADODC.ocx
2008-12-21 17:40 . 1999-01-26 19:36 11,012 --a------ c:\windows\system32\threadapi.tlb
2008-12-21 17:33 . 2008-12-21 17:33 <DIR> d-------- c:\documents and settings\All Users\Comodo
2008-12-21 16:57 . 2009-01-01 15:23 <DIR> d-------- c:\program files\Starcraft
2008-12-19 20:29 . 2008-12-19 20:29 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment
2008-12-19 19:21 . 2008-12-22 07:20 <DIR> d-------- c:\program files\Saga
2008-12-18 11:14 . 2008-12-18 11:14 <DIR> d-------- c:\program files\NCH Swift Sound
2008-12-18 11:14 . 2008-12-18 11:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2008-12-18 11:12 . 2008-12-21 16:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\NCH Software
2008-12-17 17:22 . 2008-12-17 17:22 <DIR> d-------- c:\documents and settings\Administrator\Application Data\InstallShield
2008-12-17 10:46 . 2008-04-03 13:36 49,904 -ra------ c:\windows\system32\drivers\BVRPMPR5.SYS
2008-12-17 10:45 . 2008-12-17 10:48 <DIR> d-------- C:\Netgear
2008-12-16 19:00 . 2008-12-16 19:00 <DIR> d-------- c:\program files\BitTorrent
2008-12-16 19:00 . 2008-12-19 15:32 <DIR> d-------- c:\documents and settings\Administrator\Application Data\BitTorrent
2008-12-14 17:40 . 2008-12-14 17:40 <DIR> d-------- c:\program files\MyLanViewer
2008-12-14 17:13 . 2008-12-14 17:13 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Mikrotik
2008-12-14 10:34 . 2008-12-14 10:34 <DIR> d-------- c:\program files\CBS Software
2008-12-13 15:36 . 2008-12-13 15:48 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-12-13 15:15 . 2008-12-31 18:23 <DIR> d-------- c:\program files\Pure Networks
2008-12-13 15:15 . 2008-12-13 15:15 <DIR> d-------- c:\program files\DIFX
2008-12-13 15:13 . 2008-12-31 18:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Pure Networks
2008-12-13 15:03 . 2008-12-13 15:08 <DIR> d-------- c:\program files\cFosSpeed
2008-12-13 12:57 . 2008-12-13 12:58 <DIR> d-------- c:\program files\silkroad
2008-12-11 14:37 . 2008-12-11 14:37 42,320 --a------ c:\windows\system32\xfcodec.dll
2008-12-10 19:47 . 2008-12-10 19:47 <DIR> d-------- c:\documents and settings\Administrator\Application Data\avidemux
2008-12-10 19:46 . 2008-12-10 19:55 <DIR> d-------- c:\program files\Avidemux 2.4
2008-12-08 20:47 . 2008-12-29 16:01 <DIR> d-------- c:\documents and settings\Administrator\Application Data\LimeWire
2008-12-08 17:49 . 2008-12-08 17:49 <DIR> d-------- c:\program files\Free Download Manager2
2008-12-08 17:49 . 2008-12-08 17:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
2008-12-08 17:49 . 2009-01-04 15:14 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Free Download Manager
2008-12-06 18:02 . 2008-12-17 17:24 <DIR> d-------- c:\program files\WarRock

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-04 21:17 --------- d-----w c:\program files\DNA
2009-01-04 21:17 --------- d-----w c:\documents and settings\Administrator\Application Data\DNA
2009-01-04 21:10 --------- d-----w c:\documents and settings\Administrator\Application Data\Xfire
2009-01-04 18:41 --------- d-----w c:\program files\Steam
2009-01-01 21:23 --------- d-----w c:\documents and settings\Administrator\Application Data\FileZilla
2008-12-30 21:22 --------- d-----w c:\documents and settings\Administrator\Application Data\IMVU
2008-12-29 17:09 --------- d-----w c:\program files\COMODO
2008-12-28 17:57 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-27 21:39 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-26 18:41 --------- d-----w c:\program files\Proxy Switcher Standard
2008-12-24 15:44 --------- d-----w c:\program files\Xfire
2008-12-23 16:19 --------- d-----w c:\documents and settings\Administrator\Application Data\.purple
2008-12-23 01:04 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-21 23:33 --------- d-----w c:\documents and settings\Administrator\Application Data\Comodo
2008-12-21 23:16 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-21 23:10 --------- d-----w c:\program files\phpDesigner 2008
2008-12-20 20:59 --------- d-----w c:\program files\Trillian
2008-12-20 02:39 31 ----a-w c:\documents and settings\Administrator\jagex_runescape_preferences.dat
2008-12-19 23:25 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-18 17:33 --------- d-----w c:\program files\Microsoft Games
2008-12-18 17:22 --------- d-----w c:\program files\Java
2008-12-18 16:59 --------- d-----w c:\documents and settings\Administrator\Application Data\Thinstall
2008-12-18 16:52 --------- d-----w c:\program files\No-IP
2008-12-17 16:55 --------- d-----w c:\documents and settings\Administrator\Application Data\DMCache
2008-12-11 02:01 --------- d-----w c:\documents and settings\Administrator\Application Data\gtk-2.0
2008-12-08 03:06 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-03 03:01 --------- d-----w c:\program files\Phantombility
2008-12-02 02:46 --------- d-----w c:\documents and settings\Administrator\Application Data\IMVUClient
2008-12-02 02:44 --------- d-----w c:\documents and settings\Administrator\Application Data\Move Networks
2008-12-02 01:15 --------- d-----w c:\program files\WinPcap
2008-12-02 00:59 --------- d-----w c:\program files\GetGo Software
2008-12-02 00:59 --------- d-----w c:\documents and settings\Administrator\Application Data\GetGo Software
2008-11-30 22:13 --------- d-----w c:\program files\PIXELA
2008-11-30 22:13 --------- d-----w c:\program files\FinePixViewer
2008-11-30 22:11 --------- d-----w c:\program files\REGSHAVE
2008-11-28 02:44 --------- d-----w c:\program files\360desktop
2008-11-28 02:44 --------- d-----w c:\documents and settings\Administrator\Application Data\360desktop
2008-11-24 00:31 --------- d-----w c:\documents and settings\Administrator\Application Data\U3
2008-11-15 02:41 --------- d-----w c:\program files\RJL Software, Inc
2008-11-12 02:07 --------- d-----w c:\program files\PTAutoRun
2008-11-07 00:38 --------- d-----w c:\documents and settings\Administrator\Application Data\TrueCrypt
2008-11-07 00:31 215,616 ----a-w c:\windows\system32\drivers\truecrypt.sys
2008-11-07 00:31 --------- d-----w c:\program files\TrueCrypt
2008-11-04 23:14 --------- d-----w c:\program files\Common Files\Adobe
2008-11-04 01:50 --------- d-----w c:\program files\Active Data Recovery Software
2008-11-01 19:22 8 ----a-w c:\documents and settings\Administrator\Application Data\usb.dat
2008-10-23 00:00 61,440 ----a-w c:\windows\xspeech.dll
2008-06-11 21:05 30,601 ----a-w c:\documents and settings\Administrator\x.exe
2004-07-22 16:51 3,432,656 ----a-w c:\program files\ManagedDX.CAB
2004-07-20 04:58 1,156,363 ----a-w c:\program files\BDANT.cab
2004-07-20 04:53 976,020 ----a-w c:\program files\BDAXP.cab
2004-07-09 20:17 13,265,040 ----a-w c:\program files\dxnt.cab
2004-07-09 15:13 703,080 ----a-w c:\program files\BDA.cab
2004-07-09 15:13 15,493,481 ----a-w c:\program files\DirectX.cab
2004-07-09 10:08 472,576 ----a-w c:\program files\dxsetup.exe
2004-07-09 10:08 2,242,560 ----a-w c:\program files\dsetup32.dll
2004-07-09 09:03 62,976 ----a-w c:\program files\DSETUP.dll
2008-08-20 20:02 61 --sh--w c:\windows\cnerolf.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
"LxrAutorun"="c:\documents and settings\Administrator\Local Settings\Application Data\Lexar Media\LxrAutorun.exe" [2007-03-07 24576]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-20 133104]
"Free Download Manager"="c:\program files\Free Download Manager2\fdm.exe" [2008-05-20 2474031]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FRYMXINS"="c:\program files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" [X]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 184320]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 122880]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-31 122940]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2006-01-16 53248]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608]
"COMODO SafeSurf"="c:\program files\COMODO\SafeSurf\cssurf.exe" [2008-09-17 278264]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2008-12-29 1797880]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-09-14 648488]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 c:\windows\AGRSMMSG.exe]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-03-27 184320]
Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2002-01-09 200704]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 12:41 40960 c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= c:\program files\t@b\0.947\686\tabdec.dll
"vidc.iyuv"= c:\program files\t@b\0.947\686\tabdec.dll
"vidc.yvu9"= c:\program files\t@b\0.947\686\tabdec.dll
"VIDC.XFR1"= xfcodec.dll
"vidc.mpng"= c:\program files\t@b\0.947\686\tabdec.dll
"vidc.mjpg"= c:\program files\t@b\0.947\686\tabdec.dll
"vidc.mvjp"= c:\program files\t@b\0.947\686\tabdec.dll
"vidc.yv12"= c:\program files\t@b\0.947\686\tabdec.dll
"vidc.444p"= c:\program files\t@b\0.947\686\tabdec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli AsWlnPkg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StarWindServiceAE"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe"=
"c:\\Program Files\\Armagetron Advanced Dedicated\\armagetronad_dedicated.exe"=
"c:\\Program Files\\Armagetron Advanced\\armagetronad.exe"=
"c:\\Program Files\\phpDesigner 2008\\phpDesigner2008.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Firaxis Games\\Civilization III Complete\\Conquests\\Civ3Conquests.exe"=
"c:\\Program Files\\Cobian Backup 9\\Cobian.exe"=
"c:\\Program Files\\Cobian Backup 9\\cbInterface.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Java\\jre1.6.0_06\\bin\\javaw.exe"=
"c:\\Program Files\\Steam\\SteamApps\\mjmfighter\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\mjmfighter\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\DiskTrix\\UltimateDefrag2008\\UDefrag.exe"=
"c:\\Program Files\\Steam\\SteamApps\\mjmfighter\\source dedicated server\\srcds.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ATC Radar Screen v5\\ATC Radar Screen v50.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\MultiProxy\\mproxy.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Thinstall\\GrabPro - Toolbar\\4000005e00002i\\orbitnet.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\PROJECT FOR MY ROOM\\halo.exe"=
"c:\\Program Files\\360desktop\\360desktop.exe"=
"c:\\Program Files\\360desktop\\360manager.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\fshost\\FSHost32.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\fshostclient\\FSHostClient.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\SRO_New_Full-Client_Downloader.exe"=
"c:\\Program Files\\Proxy Switcher Standard\\ProxySwitcher.exe"=
"c:\\Program Files\\Free Download Manager2\\fdm.exe"=
"c:\\Documents and Settings\\Administrator\\My Documents\\Downloads\\winbox.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"64575:TCP"= 64575:TCP:*:Disabled:SolidNetworkManager
"64575:UDP"= 64575:UDP:*:Disabled:SolidNetworkManager
"5585:TCP"= 5585:TCP:5585
"8080:TCP"= 8080:TCP:8080
"86:TCP"= 86:TCP:BroadCam Web Server
"67:UDP"= 67:UDP:DHCP Discovery Service
"56875:TCP"= 56875:TCP:Pando Media Booster
"56875:UDP"= 56875:UDP:Pando Media Booster

R0 phmcd;phmcd;c:\windows\system32\drivers\phmcd.sys [2008-04-08 40960]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-12-29 101776]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-12-29 31504]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2005-10-25 35488]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-04 55024]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2008-03-27 87936]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-06-10 35968]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
R4 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2006-02-28 14336]
R4 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2008-10-27 72672]
R4 pnpcap;Pure Networks Packet Capture Driver;c:\windows\system32\drivers\pnpcap.sys [2008-12-31 23352]
R4 rma;Radia Management Agent;c:\novadigm\ManagementAgent\nvdkit.exe [2005-09-19 1968446]
S3 RkHit;RkHit;c:\windows\system32\drivers\RKHit.sys [2008-09-16 28672]
S4 Apache2.2;Apache2.2;"c:\documents and settings\Administrator\Desktop\xampp\apache\bin\apache.exe" -k runservice --> c:\documents and settings\Administrator\Desktop\xampp\apache\bin\apache.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel
.
Contents of the 'Scheduled Tasks' folder

2008-12-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2009-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1897051121-725345543-500.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-20 19:25]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Aluxohiyim - c:\windows\Xbisaluline.dll
HKLM-Run-Hvibapow - c:\windows\efasayikovuviya.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hp.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download All by Gigaget - c:\program files\Giganology\Gigaget\getallurl.htm
IE: &Download by Gigaget - c:\program files\Giganology\Gigaget\geturl.htm
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager2\dlall.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager2\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager2\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager2\dllink.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk

O16 -: {E62A8B6B-D91C-457C-B1FB-20CC2D96B4EC} - hxxp://www.personalfirewall.comodo.com/scan/ComodoAVScanner.cab
c:\windows\Downloaded Program Files\ComodoAVScanner.osd

- c:\windows\Downloaded Program Files\ComodoAVScanner.inf
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vw3m12gv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1640187&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-04 15:16:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????W??????(?@???????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rma]
"ImagePath"="C:/Novadigm/ManagementAgent/nvdkit.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rma]
"ImagePath"="C:/Novadigm/ManagementAgent/nvdkit.exe"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):f5,12,28,fc,b4,ab,b7,e0,07,f3,2e,c1,d8,05,19,5c,3c,92,6e,3c,83,\
b9,c4,df,ab,66,02,40,1e,8f,f8,fe,fd,e0,8f,59,38,22,cf,ab,00,00,00,00,00,00,\
00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{a198f70c-1994-429f-bc39-fb03695e0226}]
@Denied: (Full) (Everyone)
"Model"=dword:0000010b
"Therad"=dword:00000022
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,\
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
3f,ce,a2,4b,39,29,d8,6e,56,96,ef,f2,b6,76,c0,e7,86,05,46,8f,3c,f2,5c,68,ee,\
21,8c,c2,bc,f9,ea,af,0b,0d,1a,60,fd,e7,c1,34,ef,30,a6,f8,aa,81,66,db,ea,f7,\
63,45,22,6c,e5,8c,ee,b7,76,2a,41,45,50,7d,ba,db,ae,ee,c1,69,67,fa,56,94,e7,\
38,2e,98,d8,aa,db,af,5e,9d,bb,44,89,f4,77,8b,4c,c9,d4,be,aa,b0,65,1d,c8,89,\
6f,df,09,4b,37,14,0e,bc,74,f6,85,73,b0,3a,0e,4e,04,47,d2,d3,80,76,b9,f0,43,\
56,ff,e4,48,eb,25,4d,90,ab,1b,0c,d4,9f,d1,ab,80,50,12,ed,44,08,f5,44,8c,05,\
9b,4d,33,75,cb,f5,2e,74,78,3c,f7,95,2c,fd,f1,78,d9,1d,5a,42,49,8c,bf,1a,9d,\
fe,41,71,cb,3f,46,a4,7c,ab,3f,ce,e7,96,fd,08,04,4f,7c,02,f3,cb,e4,78,10,69,\
ec,58,b8,eb,e4,7b,2e,a8,de,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1064)
c:\windows\system32\Ati2evxx.dll
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

- - - - - - - > 'lsass.exe'(1124)
c:\program files\HPQ\IAM\bin\AsWlnPkg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\IFXTCS.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\scardsvr.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\IFXSPMGT.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\LxrSII1s.exe
c:\program files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\HPQ\IAM\Bin\asghost.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2009-01-04 15:21:26 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2009-01-04 21:20:26
ComboFix2.txt 2009-01-04 18:26:35

Pre-Run: 13,044,310,016 bytes free
Post-Run: 13,029,019,648 bytes free

425 --- E O F --- 2008-12-08 0355
traveler9559 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-04-2009, 02:51 PM   #10 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
Join Date: Oct 2007
Location: Georgia
Posts: 10,592
OS: XP SP3


Re: FireFox trouble
Hello again, traveler9559. Please tell us how your system is behaving.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Quote:
no pop-up box came up, but the scan is completed. idk if the files were submitted
That's OK. We can submit the file another way:

There should be a file named [4]-Submit_date@time.zip located here:

C:\QooBox\Quarantine\[4]-Submit_Date@Time.zip

Please submit it to this site ==> http://www.bleepingcomputer.com/subm....php?channel=4

and include this link in the message:

http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/328686-firefox-trouble.html#post1895084

Please let me know if you successfully submitted the file. Thanks.

------------------------------------------------------

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 and Save it to your Desktop.
  • Scroll down to where it says Java Runtime Environment (JRE) 6 Update 11 The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
  • Click the Download button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement
  • Click Continue The page will refresh.
  • Click on the link to download Windows Offline Installation and Save the file to your Desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start(or My Computer) > Control Panel and double-click on Add or Remove Programs and remove all older versions of Java.
  • Click (highlight) any item with Java Runtime Environment (JRE, J2SE, Java(TM) SE or Java(TM) 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.
  • After the install is complete, go back to your Control Panel(using Classic View) and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
    • Delete jre-6u11-windows-i586-p.exe from your desktop.
------------------------------------------------------

Please run this online scan to help look for remnants.

Establish an internet connection & perform an online scan at Kaspersky Online Scanner

Ensure your external and/or USB drives are inserted during the scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at any Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected.
  • It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.


**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

------------------------------------------------------

Please post the following in your next reply:

Kaspersky report
report on system behavior
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-07-2009, 06:28 AM   #11 (permalink)
Registered User
 
Join Date: Dec 2008
Posts: 9
OS: xp


Re: FireFox trouble
ok i submitted the file for review, and i will do the java update and the scan when i get home this afternoon
traveler9559 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-08-2009, 06:03 PM   #12 (permalink)
Registered User
 
Join Date: Dec 2008
Posts: 9
OS: xp


Re: FireFox trouble
Sorry for the wait, been kinda busy, but here is my report on the scan and how my system has been running.

My System has been running smoothly for the most part, its only when i'm in Firefox that i have problems. Every time i use Firefox Comodo safeserf would block it from doing a buffer overload, or if i could run Firefox, Google searches would be redirected to a different web page. I don't know if it is doing it now, because i haven't tried lately, but if it does it again, ill let you know immediately.

here is the scan report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, January 8, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, January 08, 2009 11:07:03
Records in database: 1586582
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 203952
Threat name: 3
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 03:08:18


File name / Threat name / Threats count
C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\adultleashed.mpg Infected: Trojan-Downloader.WMA.GetCodec.s 1
C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\pregnant.mpg Infected: Trojan-Downloader.WMA.GetCodec.e 1
C:\Program Files\Steam\SteamApps\mjmfighter\counter-strike source\cstrike\pony\pony.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c 1

The selected area was scanned.


Should i delete the files that are infected? (not the steam file, thats not a virus as it says)
traveler9559 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-08-2009, 06:55 PM   #13 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
Join Date: Oct 2007
Location: Georgia
Posts: 10,592
OS: XP SP3


Re: FireFox trouble
Hello again, traveler9559. Thanks for submitting the file.

------------------------------------------------------

Go to Start > Run and copy/paste the following into the Run box and click OK:

cmd /c del /a/f/q "C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\adultleashed.mpg"

A DOS window will open and close again, this is normal.

Repeat:

cmd /c del /a/f/q "C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\pregnant.mpg"

------------------------------------------------------

Quote:
I don't know if it is doing it now, because i haven't tried lately
Please try FF again and let me know if you get redirected. Your logs appear clean.

------------------------------------------------------
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-10-2009, 08:35 AM   #14 (permalink)
Registered User
 
Join Date: Dec 2008
Posts: 9
OS: xp


Re: FireFox trouble
FF is working fine now, thanks for all your help. Just wondering, the files that i submitted, what ever happened to them?
traveler9559 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-10-2009, 08:44 AM   #15 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
Join Date: Oct 2007
Location: Georgia
Posts: 10,592
OS: XP SP3


Re: FireFox trouble
Hello again, traveler9559.

Quote:
Just wondering, the files that i submitted, what ever happened to them?
You submitted them to the author of ComboFix so he could update the tool.

------------------------------------------------------

Congratulations. Well done! Your logs appear clean. You should be good to go.

Go to Start >> Run and Copy/Paste the following single-line command into the Run box and click OK:

combofix /u

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

Please re-enable TeaTimer:
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Check the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • If TeaTimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.
------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

SPYWARE PREVENTION
This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites in Internet Explorer. See tutorial here
  • IE-Spyad is another excellent program that places over 5000 dubious websites and domains in the IE Restricted list, which will help prevent attempts to infect your system. It basically prevents any downloads from the sites listed, although you will still be able to connect to the site. See tutorial here
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-13-2009, 07:38 AM   #16 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
Join Date: Oct 2007
Location: Georgia
Posts: 10,592
OS: XP SP3


Re: FireFox trouble
Still with us, traveler9559? Any trouble with those last instructions?
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-14-2009, 05:23 PM   #17 (permalink)
Registered User
 
Join Date: Dec 2008
Posts: 9
OS: xp


Re: FireFox trouble
yea, sorry, im still with you, and i unistalled combofix like u told me and i enabled teatimer again. Thanks for all your help! i am currently updating everything else of mine to keep it up to date. Thanks again!
traveler9559 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 09:37 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85