Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/Patched.fl virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 oneqckta

oneqckta

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 25 August 2010 - 08:33 PM

Hello,
I have the win32.patched.fl virus. I ran combo fix. Below is the log file. This is my first post. If I posted this in the wrong spot, I apologize. Please let me know what I can do to get rid of this virus. Thank you

ComboFix 10-08-24.0C - Christinal 08/25/2010 20:09:49.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1102 [GMT -5:00]
Running from: c:\documents and settings\Christinal\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-07-26 to 2010-08-26 )))))))))))))))))))))))))))))))
.

2010-10-04 02:16 . 2010-08-25 03:30 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-25 07:58 . 2010-08-25 07:58 -------- d-----w- c:\windows\LastGood
2010-08-17 03:08 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-17 03:08 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-17 03:08 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-17 03:08 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-17 03:08 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-08-17 03:08 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-08-17 03:08 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-17 03:08 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-17 03:08 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-17 03:08 . 2010-08-17 03:08 -------- d-----w- c:\program files\Alwil Software
2010-08-17 03:08 . 2010-08-17 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-08-17 00:28 . 2010-08-25 03:04 -------- d-----w- c:\windows\system32\NtmsData
2010-08-16 23:56 . 2010-08-16 23:56 0 ----a-w- c:\windows\nsreg.dat
2010-08-16 23:56 . 2010-08-16 23:56 -------- d-----w- c:\documents and settings\Christinal\Local Settings\Application Data\Mozilla
2010-08-16 15:39 . 2010-07-12 08:55 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-16 14:32 . 2010-07-12 08:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-16 14:32 . 2010-08-16 14:32 -------- d-----w- c:\documents and settings\Christinal\Local Settings\Application Data\Sunbelt Software
2010-08-16 14:26 . 2010-08-16 14:26 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-16 14:26 . 2010-07-12 08:56 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-08-16 14:26 . 2010-08-16 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-08-16 14:26 . 2010-08-16 14:26 -------- d-----w- c:\program files\Lavasoft
2010-08-15 00:16 . 2010-08-15 00:16 -------- d-----w- C:\$AVG
2010-08-15 00:15 . 2010-08-15 00:15 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-15 00:15 . 2010-08-15 00:15 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-15 00:14 . 2010-08-15 00:14 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-15 00:14 . 2010-08-15 00:14 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-08-15 00:14 . 2010-08-25 22:11 -------- d-----w- c:\windows\system32\drivers\Avg
2010-08-15 00:12 . 2010-08-15 00:12 -------- d-----w- c:\program files\AVG
2010-08-15 00:12 . 2010-08-25 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-08-14 22:39 . 2010-08-14 22:39 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-08-13 01:08 . 2010-08-13 01:08 -------- d-sh--w- c:\documents and settings\kodak\IETldCache
2010-08-09 02:36 . 2008-04-14 05:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-08-09 02:36 . 2008-04-14 05:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-08-09 02:35 . 2009-08-19 19:06 81920 ----a-w- c:\windows\system32\lxdxcaps.dll
2010-08-09 02:35 . 2009-08-19 19:06 782336 ----a-w- c:\windows\system32\lxdxdrs.dll
2010-08-09 02:35 . 2009-08-19 19:00 77906 ----a-w- c:\windows\system32\lxdxcfg.dll
2010-08-09 02:35 . 2009-08-19 19:00 69632 ----a-w- c:\windows\system32\lxdxcnv4.dll
2010-08-09 02:35 . 2001-08-18 03:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2010-08-09 02:35 . 2001-08-18 03:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-02 22:29 . 2010-07-09 14:43 452104 ----a-w- c:\documents and settings\Christinal\Application Data\Real\Update\setup3.12\setup.exe
2010-08-25 03:30 . 2009-03-02 01:42 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-08-17 00:09 . 2009-06-01 12:57 -------- d-----w- c:\program files\Yahoo!
2010-08-16 22:00 . 2009-01-07 20:54 -------- d-----w- c:\program files\Google
2010-08-15 00:26 . 2009-03-02 01:46 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-08-12 13:36 . 2009-03-05 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-16 04:53 . 2010-07-16 04:53 79368 ----a-w- c:\documents and settings\Christinal\Application Data\Real\Update\setup3.12\RUP\vista.exe
2010-07-16 04:53 . 2010-07-16 04:53 73344 ----a-w- c:\documents and settings\Christinal\Application Data\Real\Update\setup3.12\RUP\inst_config\gtapi_v6.dll
2010-07-16 04:53 . 2010-07-16 04:53 64000 ----a-w- c:\documents and settings\Christinal\Application Data\Real\Update\setup3.12\RUP\inst_config\gcapi_dll.dll
2010-07-16 04:53 . 2010-07-16 04:53 52288 ----a-w- c:\documents and settings\Christinal\Application Data\Real\Update\setup3.12\RUP\inst_config\gtapi.dll
2010-07-16 04:53 . 2010-07-16 04:53 122880 ----a-w- c:\documents and settings\Christinal\Application Data\Real\Update\setup3.12\RUP\inst_config\compat.dll
2010-07-09 22:44 . 2010-07-09 22:44 26641904 ----a-w- c:\documents and settings\Christinal\Application Data\Real\Update\setup3.12\rp\RealPlayerSPGold.exe
2010-07-09 22:44 . 2010-07-09 22:44 220272 ----a-w- c:\documents and settings\Christinal\Application Data\Real\Update\setup3.12\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-07-09 22:44 . 2010-07-09 22:44 149000 ----a-w- c:\documents and settings\Christinal\Application Data\Real\Update\setup3.12\chr_helper\LaunchHelper.exe
2010-07-09 22:44 . 2010-07-09 22:44 13407072 ----a-w- c:\documents and settings\Christinal\Application Data\Real\Update\setup3.12\chr\ChromeInstaller.exe
2010-06-30 12:31 . 2008-04-25 16:16 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-27 14:36 . 2010-06-08 15:43 439816 ----a-w- c:\documents and settings\Christinal\Application Data\Real\Update\setup3.10\setup.exe
2010-06-24 12:10 . 2010-06-24 12:10 667136 ----a-w- c:\windows\system32\SETB0.tmp
2010-06-24 12:10 . 2010-06-24 12:10 627712 ----a-w- c:\windows\system32\SETB1.tmp
2010-06-24 12:10 . 2010-06-24 12:10 3073024 ----a-w- c:\windows\system32\SETB4.tmp
2010-06-24 12:10 . 2010-06-24 12:10 1509888 ----a-w- c:\windows\system32\SETB3.tmp
2010-06-24 12:10 . 2010-06-24 12:10 1025024 ----a-w- c:\windows\system32\SETB6.tmp
2010-06-23 13:44 . 2008-04-25 16:16 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2008-04-25 16:16 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2008-04-25 16:16 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-04-25 21:27 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2008-04-25 16:16 1172480 ----a-w- c:\windows\system32\msxml3.dll
.

------- Sigcheck -------

[-] 2008-04-14 . 0882EBD60F28E62B7C9C6789C72FC35D . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . 304FAC4C34753C15E4946BA1B5216389 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-08-25_03.19.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-25 03:30 . 2010-08-25 03:30 16384 c:\windows\Temp\Perflib_Perfdata_cc4.dat
+ 2010-06-24 12:10 . 2010-06-24 12:10 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2008-04-25 16:16 . 2010-03-09 11:09 430080 c:\windows\system32\vbscript.dll
- 2008-04-25 16:16 . 2008-05-09 10:53 430080 c:\windows\system32\vbscript.dll
+ 2008-04-25 16:16 . 2010-06-24 12:10 251904 c:\windows\system32\iepeers.dll
- 2008-04-25 16:16 . 2008-04-14 12:00 251904 c:\windows\system32\iepeers.dll
+ 2009-01-07 20:50 . 2010-06-24 12:10 667136 c:\windows\system32\dllcache\wininet.dll
+ 2009-01-07 20:51 . 2010-03-09 11:09 430080 c:\windows\system32\dllcache\vbscript.dll
- 2009-01-07 20:51 . 2008-05-09 10:53 430080 c:\windows\system32\dllcache\vbscript.dll
+ 2009-01-07 20:50 . 2010-06-24 12:10 627712 c:\windows\system32\dllcache\urlmon.dll
+ 2010-06-24 12:10 . 2010-06-24 12:10 251904 c:\windows\system32\dllcache\iepeers.dll
+ 2009-01-07 20:50 . 2010-06-24 12:10 1509888 c:\windows\system32\dllcache\shdocvw.dll
+ 2009-01-07 20:50 . 2010-06-24 12:10 3073024 c:\windows\system32\dllcache\mshtml.dll
+ 2010-06-24 12:10 . 2010-06-24 12:10 1025024 c:\windows\system32\dllcache\browseui.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-02-21 159744]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-21 16855552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-22 137752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-01 136600]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-30 2220032]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-07 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-14 185896]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-15 2065760]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-08-15 00:15 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\lxdxcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxtime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxjswx.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/16/2010 9:32 AM 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/16/2010 10:08 PM 165456]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/14/2010 7:14 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/14/2010 7:15 PM 243024]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [9/18/2009 5:54 AM 169312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/16/2010 10:08 PM 17744]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [8/14/2010 7:13 PM 308136]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [1/7/2009 5:42 PM 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [1/7/2009 5:42 PM 43608]
S2 KodakDigitalDisplayService;KodakDigitalDisplayService;c:\program files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe [8/14/2008 2:10 PM 98304]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/12/2010 3:55 AM 1352832]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/7/2009 3:54 PM 30192]
.
Contents of the 'Scheduled Tasks' folder

2010-08-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 08:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3090107
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Christinal\Application Data\Mozilla\Firefox\Profiles\0u7y8dlw.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-25 20:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\CHRIST~1\LOCALS~1\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(972)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2010-08-25 20:14:16
ComboFix-quarantined-files.txt 2010-08-26 01:13
ComboFix2.txt 2010-08-25 03:46
ComboFix3.txt 2010-08-25 03:25

Pre-Run: 218,073,677,824 bytes free
Post-Run: 218,056,265,728 bytes free


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:50 PM

Posted 28 August 2010 - 03:39 PM

Good evening. smile.gif

Pay a visit to the ESET Online Scanner.
  • Click the ESET Online Scanner button, read the info in the new window, check the appropriate box and click Start.
  • Accept the ActiveX download, and allow it to install.
  • Once this has been completed, you will see the Computer Scan settings page - ensure that you uncheck the "Remove found threats" box and then click Start.
  • The virus signature database will now need to be downloaded, so don't forget to instruct your firewall to permit it if it asks.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download BootCheck.exe and save it to your Desktop.
  • Double click BootCheck.exe to run the tool.
  • A Command Window will open and close a few seconds later and a Notepad window will then appear, as if by magic, with some text in it
  • Assuming you can contain your excitement, please post the contents in your next reply

So long, and thanks for all the fish.

 

 


#3 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:50 PM

Posted 02 September 2010 - 02:36 PM

As there has been no response for five days this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users