Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: VORACLE Attack Can Recover HTTP Data From VPN Connections

Featured Deal: Get 91% off a SitePoint Premium Courses: Lifetime Subscription Deal

Clicking links redirects me to other sites

Started by yummytyson , Nov 27 2009 04:55 AM

This topic is locked

2 replies to this topic

#1 yummytyson

Members
6 posts
OFFLINE

Local time:03:43 PM

Posted 27 November 2009 - 04:55 AM

Hello. When I google something and click a link, it redirects me to another site and sometimes a site that tells me I have malware blah blah blah install this. I am using Firefox, tried using Spyware Doctor, Malwarebytes, RemoveIT Pro and ComboFix. Here's my log from combo fix.

ComboFix 09-11-26.02 - Tyson 11/27/2009 1:17.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1575 [GMT -8:00]
Running from: c:\documents and settings\Tyson\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 091126-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Tyson\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
C:\LOG78A.tmp
c:\program files\Common
c:\program files\Common\VsoVprev.ax
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\install.log
c:\program files\WinPCap\NetMonInstaller.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\system32\drivers\npf.sys
c:\windows\system32\New Text Document.txt
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ILVMONEYDRIVER53
-------\Legacy_NPF
-------\Legacy_SSHNAS
-------\Service_IlvMoneyDRIVER53
-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2009-10-27 to 2009-11-27 )))))))))))))))))))))))))))))))
.

2009-11-27 08:57 . 2009-11-27 08:57 -------- d-----w- c:\program files\InCode Solutions
2009-11-27 04:27 . 2009-09-10 22:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-27 04:27 . 2009-11-27 04:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-27 04:27 . 2009-09-10 22:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-26 23:43 . 2009-10-08 19:31 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-11-26 23:43 . 2009-10-08 19:31 767952 ----a-w- c:\windows\BDTSupport.dll
2009-11-26 23:43 . 2008-11-26 20:08 131 ----a-w- c:\windows\IDB.zip
2009-11-26 23:43 . 2009-10-08 19:31 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-11-26 23:43 . 2009-10-08 19:31 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-11-26 23:43 . 2009-10-02 22:19 1152470 ----a-w- c:\windows\UDB.zip
2009-11-26 23:37 . 2009-09-24 16:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-26 23:36 . 2009-10-07 00:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-26 23:36 . 2009-09-24 00:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-26 23:36 . 2009-09-03 17:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-11-26 23:36 . 2009-11-27 09:11 -------- d-----w- c:\program files\Spyware Doctor
2009-11-26 23:36 . 2009-11-26 23:44 -------- d-----w- c:\program files\Common Files\PC Tools
2009-11-26 23:36 . 2009-11-26 23:36 -------- d-----w- c:\documents and settings\Tyson\Application Data\PC Tools
2009-11-26 20:27 . 2009-11-26 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-11-26 20:03 . 2009-11-26 20:03 -------- d-----w- c:\documents and settings\Tyson\Application Data\Malwarebytes
2009-11-26 20:02 . 2009-11-26 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-26 06:00 . 2009-11-26 06:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\TuneUp Software
2009-11-26 05:41 . 2009-11-17 09:17 29512 ----a-w- c:\windows\system32\TURegOpt.exe
2009-11-26 05:40 . 2009-11-26 05:44 -------- d-----w- c:\program files\TuneUp Utilities 2010
2009-11-26 05:24 . 2009-11-26 05:24 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2009-11-22 18:15 . 2001-08-18 06:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-11-22 18:15 . 2001-08-18 06:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-11-22 18:15 . 2001-08-18 06:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-11-22 18:15 . 2001-08-18 06:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-11-22 18:15 . 2001-08-17 22:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-11-22 18:15 . 2001-08-17 22:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-11-22 18:15 . 2001-08-17 22:55 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-11-22 18:15 . 2001-08-17 22:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-11-22 18:15 . 2001-08-17 22:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2009-11-22 18:15 . 2001-08-17 22:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-11-22 18:15 . 2001-08-17 22:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-11-22 18:15 . 2001-08-17 22:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-11-22 18:10 . 2009-11-22 18:10 29926 ----a-r- c:\documents and settings\Tyson\Application Data\Microsoft\Installer\{394BE3D9-7F57-4638-A8D1-1D88671913B7}\_18be6784.exe
2009-11-22 18:10 . 2009-11-22 18:10 29422 ----a-r- c:\documents and settings\Tyson\Application Data\Microsoft\Installer\{394BE3D9-7F57-4638-A8D1-1D88671913B7}\_294823.exe
2009-11-19 21:08 . 2009-11-19 21:08 -------- d-----w- c:\documents and settings\Tyson\Application Data\VBA-M
2009-11-12 23:13 . 2009-11-13 01:11 -------- d-----w- c:\program files\XBC
2009-11-01 19:42 . 2009-11-01 19:42 39916560 ----a-w- c:\documents and settings\Tyson\Application Data\setupengpro.exe
2009-10-31 00:03 . 2009-10-31 00:03 -------- d-----w- c:\program files\AutoHotkey
2009-10-30 21:40 . 2009-10-30 05:56 613888 ----a-w- c:\documents and settings\Tyson\Application Data\Mozilla\Firefox\Profiles\2zr477ir.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2009-10-29 22:53 . 2009-10-29 22:53 -------- d-----w- c:\program files\iPod
2009-10-29 22:42 . 2009-10-29 22:42 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 00:32 . 2009-10-29 00:32 -------- d-----w- c:\documents and settings\Tyson\Application Data\StreamTorrent
2009-10-29 00:28 . 2009-10-29 00:28 -------- d-----w- c:\documents and settings\Tyson\Application Data\PPMate
2009-10-29 00:28 . 2009-10-29 00:28 -------- d-----w- c:\program files\Common Files\Synacast

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-27 09:38 . 2008-06-19 18:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-27 09:36 . 2008-03-03 02:52 -------- d-----w- c:\documents and settings\Tyson\Application Data\Skype
2009-11-27 07:58 . 2007-08-23 03:55 -------- d-----w- c:\program files\Warcraft III
2009-11-26 23:35 . 2007-08-31 06:24 -------- d-----w- c:\documents and settings\Tyson\Application Data\uTorrent
2009-11-26 21:29 . 2004-08-04 12:00 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-26 06:22 . 2008-12-23 07:06 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-11-26 05:54 . 2007-08-16 03:05 -------- d-----w- c:\program files\Common Files\Real
2009-11-26 05:40 . 2007-08-15 09:09 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-11-26 05:39 . 2009-05-23 18:21 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2009-11-26 05:39 . 2007-08-14 17:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-26 05:17 . 2009-03-19 21:36 -------- d-----w- c:\program files\Perfect World Entertainment
2009-11-17 20:16 . 2009-03-18 01:07 -------- d-----r- c:\program files\Skype
2009-11-17 20:16 . 2008-03-03 02:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-11-17 20:10 . 2007-08-30 20:35 -------- d-----w- c:\program files\WC3Banlist
2009-10-31 17:36 . 2007-09-28 00:43 -------- d-----w- c:\documents and settings\Tyson\Application Data\Vso
2009-10-29 22:54 . 2007-08-30 05:23 -------- d-----w- c:\program files\iTunes
2009-10-29 22:53 . 2007-08-30 05:21 -------- d-----w- c:\program files\Common Files\Apple
2009-10-22 21:20 . 2007-11-28 06:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-13 20:05 . 2007-09-23 15:51 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-09 05:12 . 2009-10-09 05:12 60836 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-15 11:59 . 2008-12-23 08:03 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 11:56 . 2008-12-23 08:03 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-15 11:56 . 2008-12-23 08:03 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-15 11:55 . 2008-12-23 08:03 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 11:55 . 2008-12-23 08:03 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 11:54 . 2008-12-23 08:03 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 11:54 . 2008-12-23 08:03 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 11:53 . 2008-12-23 08:03 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-15 11:53 . 2008-12-23 08:03 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-15 05:19 . 2007-08-15 07:18 77184 ----a-w- c:\documents and settings\Tyson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-31 00:05 . 2009-08-31 00:05 71 ----a-w- c:\documents and settings\Tyson\Application DatadMb.dat
2009-08-30 20:47 . 2009-08-30 20:47 861000 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[7] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 7159508EEBB8E80DE73A0A48D581ED50 . 1423360 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[7] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\system32\VITrans\explorer.exe
[-] 2007-06-13 . A4D7137B5804532B75BD9DD8D7C17566 . 1246208 . . [6.00.2900.3156] . . c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-21 131072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-29 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-29 81920]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912]
"DrvIcon"="c:\program files\Vista Drive Icon\DrvIcon.exe" [2008-04-14 49152]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-06-29 1626112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" -autorun
"uTorrent"="c:\program files\uTorrent\uTorrent.exe"
"Videohost"=c:\docume~1\Tyson\LOCALS~1\Temp\b.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"igfxpers"=c:\windows\system32\igfxpers.exe
"igfxtray"=c:\windows\system32\igfxtray.exe
"igfxhkcmd"=c:\windows\system32\hkcmd.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"PromoReg"=c:\windows\Temp\_ex-08.exe
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\ijji\\ENGLISH\\u_gbound.exe"=
"c:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.exe"=
"c:\\Documents and Settings\\Tyson\\Desktop\\Games\\WC3\\LC\\pickup.listchecker.exe"=
"c:\\Program Files\\Warcraft III\\pickup.listchecker.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1900:UDP"= 1900:UDP:@xpsp2res.dll,-22007
"2869:TCP"= 2869:TCP:@xpsp2res.dll,-22008
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"10243:TCP"= 10243:TCP:Windows Media Player Network Sharing Service
"10280:UDP"= 10280:UDP:Windows Media Player Network Sharing Service
"10281:UDP"= 10281:UDP:Windows Media Player Network Sharing Service
"10282:UDP"= 10282:UDP:Windows Media Player Network Sharing Service
"10283:UDP"= 10283:UDP:Windows Media Player Network Sharing Service
"10284:UDP"= 10284:UDP:Windows Media Player Network Sharing Service

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/26/2009 3:36 PM 207280]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/23/2008 12:03 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/23/2008 12:03 AM 20560]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [11/26/2009 3:43 PM 112592]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [11/17/2009 1:15 AM 1021256]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [10/14/2009 7:24 AM 10064]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PsSdk30;PsSdk30;\??\c:\windows\system32\Drivers\PsSdk30.drv --> c:\windows\system32\Drivers\PsSdk30.drv [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/26/2009 3:36 PM 358600]
S3 SoRa_DRIVER53;SoRa_DRIVER53;\??\c:\docume~1\Tyson\LOCALS~1\Temp\SoRa_.sys --> c:\docume~1\Tyson\LOCALS~1\Temp\SoRa_.sys [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

2009-11-27 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-11-17 09:20]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Tyson\Application Data\Mozilla\Firefox\Profiles\2zr477ir.default\
FF - prefs.js: browser.search.selectedEngine - Surf Canyon
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - component: c:\documents and settings\Tyson\Application Data\Mozilla\Firefox\Profiles\2zr477ir.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Tyson\Application Data\Mozilla\Firefox\Profiles\2zr477ir.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07074039.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-NVIDIA Drivers - c:\windows\system32\nvudisp.exe UninstallGUI

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-27 01:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys >>UNKNOWN [0x8A52F369]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bfc3
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8
\Driver\atapi -> atapi.sys @ 0xf74807b4
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0094
ParseProcedure -> ntoskrnl.exe @ 0x8056f08e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0094
ParseProcedure -> ntoskrnl.exe @ 0x8056f08e
NDIS: Intel® PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf786cba0
PacketIndicateHandler -> NDIS.sys @ 0xf7879b21
SendHandler -> NDIS.sys @ 0xf785787b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk30]
"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk30.drv"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\cscui.dll

- - - - - - - > 'explorer.exe'(3528)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\NETSHELL.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Skype\Phone\Skype.exe
.
**************************************************************************
.
Completion time: 2009-11-27 01:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-27 09:46

Pre-Run: 23,656,628,224 bytes free
Post-Run: 25,244,815,360 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=VEXOST

- - End Of File - - B0BE236084A57C006A288DE7210EA183

Back to top

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 petewills

Members
1,377 posts
OFFLINE

Gender:Male
Location:Birmingham, UK
Local time:12:43 AM

Posted 27 November 2009 - 08:13 AM

Read this topic:

http://www.bleepingcomputer.com/forums/ind...amp;hl=combofix

Then post your problem here:

Security Am I infected? What do I do?

http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/

Back to top

#3 Orange Blossom

OBleepin Investigator

Moderator
36,958 posts
OFFLINE

Gender:Not Telling
Location:Bloomington, IN
Local time:07:43 PM

Posted 27 November 2009 - 08:38 AM

Yes, please do read that topic and create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.

Orange Blossom ~ forum moderator

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript