Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My search results are being redirected by admarketplace


  • This topic is locked This topic is locked
20 replies to this topic

#1 sherry_d

sherry_d

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 16 September 2010 - 04:41 AM

I hope you can help me with this as its been going on and off for over a week. My google search results getting redirected to some random site but I notice the admarketplace before it redirects.Superantispyware only reports some tracking cookies which stops the problems temporarily and come back again the morning.

This is the log of the last scan

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/16/2010 at 08:56 AM

Application Version : 4.43.1000

Core Rules Database Version : 5516
Trace Rules Database Version: 3328

Scan type : Quick Scan
Total Scan Time : 00:43:27

Memory items scanned : 710
Memory threats detected : 0
Registry items scanned : 2611
Registry threats detected : 0
File items scanned : 11779
File threats detected : 104

Adware.Tracking Cookie
.elevenplusexams.co.uk [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.elevenplusexams.co.uk [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.elevenplusexams.co.uk [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.elevenplusexams.co.uk [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.elevenplusexams.co.uk [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.doubleclick.net [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
statse.webtrendslive.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.avgtechnologies.112.2o7.net [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.liveperson.net [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.liveperson.net [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.dmtracker.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.adtech.de [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.revsci.net [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.apmebf.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
www.googleadservices.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
uk.sitestat.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
ads1.mumsnet.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.weborama.fr [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.vdwp.solution.weborama.fr [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.vdwp.solution.weborama.fr [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.vdwp.solution.weborama.fr [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.vdwp.solution.weborama.fr [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.revsci.net [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
uk.sitestat.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.revsci.net [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.revsci.net [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.advertising.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.advertising.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.advertising.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.advertising.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
track.adform.net [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
track.adform.net [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.revsci.net [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.bestspeedfind.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
clicks.bestspeedfind.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.kontera.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\cookies.sqlite ]

Can you please help me. I still have the same problem of my search results being redirected to random site. I use superantispyware which only stops it from redirecting for a few hours to a day and then problem is back again. I know I shouldnt have done this but in desperation I ran Combofix last week and the log results are below


((((((((((((((((((((((((( Files Created from 2010-08-17 to 2010-09-17 )))))))))))))))))))))))))))))))
.

2010-09-17 11:38 . 2010-09-17 11:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-17 11:38 . 2010-09-17 11:38 -------- d-----w- c:\users\Nicole\AppData\Local\temp
2010-09-17 11:38 . 2010-09-17 11:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-16 08:53 . 2010-07-17 04:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 09:24 . 2010-09-17 07:10 63488 ----a-w- c:\users\Sharon\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-15 08:39 . 2010-04-16 16:10 501760 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 08:39 . 2010-08-17 13:32 126464 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 08:39 . 2010-04-05 16:08 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 08:38 . 2010-05-27 19:16 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-08 07:33 . 2010-09-08 07:33 -------- d-----w- c:\windows\system32\EventProviders
2010-09-08 07:33 . 2010-09-08 07:33 -------- d-----w- C:\16a39bb633013ebe82566fcf4f138f
2010-09-07 19:36 . 2010-06-02 09:28 865792 ----a-w- c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
2010-09-05 01:02 . 2010-09-05 01:02 92672 --sha-r- c:\users\Sharon\AppData\Roaming\icm32Y.dll
2010-09-05 01:01 . 2010-09-05 19:05 -------- d-----w- c:\users\Sharon\AppData\Local\bbtbfwryl
2010-09-05 01:01 . 2010-09-05 19:05 -------- d-----w- c:\users\Sharon\AppData\Local\mnsbfneou
2010-09-05 01:01 . 2010-09-05 19:05 -------- d-----w- c:\users\Sharon\AppData\Local\dabcftpvc
2010-09-04 08:26 . 2010-08-30 13:33 43008 ----a-w- c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-09-04 08:26 . 2010-08-30 13:33 338944 ----a-w- c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-09-04 08:26 . 2010-08-30 13:33 346112 ----a-w- c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-09-04 08:26 . 2010-08-30 13:34 1496064 ----a-w- c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-08-22 18:49 . 2010-08-22 18:49 -------- d-----w- C:\found.000

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-17 11:39 . 2009-04-07 23:04 -------- d-----w- c:\users\Sharon\AppData\Roaming\Skype
2010-09-17 11:30 . 2010-06-09 13:31 -------- d-----w- c:\program files\Common Files\Akamai
2010-09-17 07:10 . 2009-05-27 16:18 117760 ----a-w- c:\users\Sharon\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-16 08:53 . 2008-10-27 11:23 -------- d-----w- c:\program files\Common Files\Java
2010-09-16 08:53 . 2008-10-27 11:24 -------- d-----w- c:\program files\Java
2010-09-15 11:54 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-15 09:24 . 2009-05-27 16:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-12 17:37 . 2010-07-12 15:56 452104 ----a-w- c:\users\Sharon\AppData\Roaming\Real\Update\setup3.12\setup.exe
2010-09-10 09:59 . 2010-06-16 19:47 6728 ----a-w- c:\users\Sharon\AppData\Local\d3d9caps.dat
2010-08-09 21:51 . 2010-08-09 21:51 26694 ----a-r- c:\users\Sharon\AppData\Roaming\Microsoft\Installer\{F6249ABF-F16D-4AF3-8755-4D62F799C238}\_FCF4B120D6A8BD6C385184.exe
2010-08-09 21:51 . 2010-08-09 21:51 26694 ----a-r- c:\users\Sharon\AppData\Roaming\Microsoft\Installer\{F6249ABF-F16D-4AF3-8755-4D62F799C238}\_6FEFF9B68218417F98F549.exe
2010-08-09 21:51 . 2009-06-22 20:59 -------- d-----w- c:\program files\Google
2010-07-22 11:07 . 2010-07-22 11:07 -------- d-----w- c:\program files\ElevenPlusExams
2010-07-20 07:11 . 2010-07-20 07:11 -------- d-----w- c:\users\Sharon\AppData\Roaming\Malwarebytes
2010-07-20 07:11 . 2010-07-20 07:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-20 07:11 . 2010-07-20 07:11 -------- d-----w- c:\programdata\Malwarebytes
2010-07-20 06:58 . 2010-07-16 22:55 -------- d-----w- c:\users\Sharon\AppData\Roaming\JAM Software
2010-07-16 09:51 . 2010-04-23 13:07 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 09:51 . 2010-07-16 09:51 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 09:51 . 2010-04-23 13:07 25168 ----a-w- c:\windows\system32\drivers\AVGIDSvx.sys
2010-07-16 09:49 . 2010-04-23 13:07 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-30 15:55 . 2010-03-11 22:57 439816 ----a-w- c:\users\Sharon\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-06-26 06:05 . 2010-08-12 12:31 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 12:31 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-12 12:31 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-12 12:31 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-24 09:59 . 2010-06-24 09:59 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb772.tmp.exe
2010-06-22 08:53 . 2010-06-22 08:53 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-21 13:18 . 2010-08-12 12:31 2036736 ----a-w- c:\windows\system32\win32k.sys
2008-10-27 10:38 . 2008-10-27 10:27 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2010-09-14_17.33.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-15 08:38 . 2010-05-27 18:21 84480 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6002.22413_none_7c1975736ed5f037\INETRES.dll
+ 2006-11-02 07:28 . 2006-11-02 08:48 84480 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6002.18263_none_7b59c72655e0defb\INETRES.dll
+ 2010-09-15 08:38 . 2010-05-27 17:39 84480 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.22702_none_7a3cd32d71a865cb\INETRES.dll
+ 2006-11-02 07:28 . 2006-11-02 08:48 84480 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.18483_none_795db38058cac492\INETRES.dll
+ 2008-01-21 01:58 . 2010-09-16 22:35 70448 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-09-17 10:32 89092 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-24 16:33 . 2010-09-17 10:32 16366 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-239778508-3025369645-3176658431-1000_UserData.bin
- 2009-01-10 01:24 . 2010-09-14 16:47 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-10 01:24 . 2010-09-17 10:30 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-10 01:24 . 2010-09-14 16:47 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-10 01:24 . 2010-09-17 10:30 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-10 01:24 . 2010-09-14 16:47 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-10 01:24 . 2010-09-17 10:30 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-14 09:43 . 2010-09-14 16:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-09-16 22:32 . 2010-09-17 10:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-09-16 22:32 . 2010-09-17 10:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-09-14 09:43 . 2010-09-14 16:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-15 08:39 . 2010-04-16 17:20 502784 c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6002.22384_none_af1813076efd8bc3\usp10.dll
+ 2010-09-15 08:39 . 2010-04-16 16:46 502272 c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6002.18244_none_aeb9b5ec55bf7c35\usp10.dll
+ 2010-09-15 08:39 . 2010-04-16 16:11 502272 c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6001.22672_none_ad3a707771d0e800\usp10.dll
+ 2010-09-15 08:39 . 2010-04-16 16:10 501760 c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6001.18461_none_acbaa16858ac15c7\usp10.dll
+ 2010-09-15 08:39 . 2010-08-17 14:20 128000 c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.22468_none_d882e000d7f61b4c\spoolsv.exe
+ 2010-09-15 08:39 . 2010-08-17 14:11 128000 c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18294_none_d7d4d063bef46cd2\spoolsv.exe
+ 2010-09-15 08:39 . 2010-08-17 13:27 128000 c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.22743_none_d6ad0c7edac40f93\spoolsv.exe
+ 2010-09-15 08:39 . 2010-08-17 13:32 126464 c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18511_none_d641dcfdc18fec21\spoolsv.exe
+ 2010-09-15 08:39 . 2010-04-05 17:16 317952 c:\windows\winsxs\x86_microsoft-windows-mp4sdecd_31bf3856ad364e35_6.0.6002.22377_none_1113d357839f8d5f\MP4SDECD.DLL
+ 2010-09-15 08:39 . 2010-04-05 17:02 317952 c:\windows\winsxs\x86_microsoft-windows-mp4sdecd_31bf3856ad364e35_6.0.6002.18236_none_10b475f26a62647a\MP4SDECD.DLL
+ 2010-09-15 08:39 . 2010-04-05 16:30 317952 c:\windows\winsxs\x86_microsoft-windows-mp4sdecd_31bf3856ad364e35_6.0.6001.22665_none_0f3630c78672e99c\MP4SDECD.DLL
+ 2010-09-15 08:39 . 2010-04-05 16:08 317952 c:\windows\winsxs\x86_microsoft-windows-mp4sdecd_31bf3856ad364e35_6.0.6001.18454_none_0eb661b86d4e1763\MP4SDECD.DLL
+ 2010-09-15 08:38 . 2010-05-27 20:27 739328 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6002.22413_none_7c1975736ed5f037\inetcomm.dll
+ 2010-09-15 08:38 . 2010-05-27 20:08 739328 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6002.18263_none_7b59c72655e0defb\inetcomm.dll
+ 2010-09-15 08:38 . 2010-05-27 19:11 738816 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.22702_none_7a3cd32d71a865cb\inetcomm.dll
+ 2010-09-15 08:38 . 2010-05-27 19:16 738816 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.18483_none_795db38058cac492\inetcomm.dll
+ 2009-02-24 20:33 . 2010-09-17 10:44 250068 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2010-09-16 08:53 . 2010-07-17 04:00 153376 c:\windows\System32\javaws.exe
+ 2010-09-16 08:53 . 2010-07-17 04:00 145184 c:\windows\System32\javaw.exe
- 2009-10-21 23:46 . 2009-07-25 04:23 145184 c:\windows\System32\javaw.exe
+ 2010-09-16 08:53 . 2010-07-17 04:00 145184 c:\windows\System32\java.exe
- 2009-10-21 23:46 . 2009-07-25 04:23 145184 c:\windows\System32\java.exe
+ 2010-09-16 08:53 . 2010-09-16 08:53 180224 c:\windows\Installer\6729a0.msi
+ 2010-09-15 08:38 . 2010-08-17 10:52 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22468_none_f4bf570381e7a95d\OESpamFilter.dat
+ 2010-09-15 08:38 . 2010-08-17 10:52 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18294_none_f411476668e5fae3\OESpamFilter.dat
+ 2010-09-15 08:38 . 2010-08-17 10:53 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22743_none_f2e9838184b59da4\OESpamFilter.dat
+ 2010-09-15 08:38 . 2010-08-17 10:52 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18511_none_f27e54006b817a32\OESpamFilter.dat
+ 2006-11-02 10:22 . 2010-09-15 12:13 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2010-08-14 02:01 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:24 . 2010-09-15 11:55 35552200 c:\windows\System32\mrt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 09:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-16 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"zrzoqtmlja"="c:\users\Sharon\AppData\Roaming\icm32Y.dll" [2010-09-05 92672]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-10 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-12 198160]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-08-16 122368]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-18 2065760]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2010-02-17 177472]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 169496]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-5 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-04-19 430152]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
S0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSvx.sys [2010-07-16 25168]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-04-23 52872]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-04-23 24856]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-07-16 216400]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-07-16 243024]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2010-07-16 2331032]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys [2010-07-16 122448]
S3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys [2010-07-16 30288]
S3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys [2010-07-16 27216]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-15 127488]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 16:49]

2010-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 16:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6092
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-GB\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\windows\system32\wpclsp.dll
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_uk&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Sharon\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----


FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-17 12:38
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-239778508-3025369645-3176658431-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):66,0c,36,17,c2,ce,31,5c,a9,93,ee,0a,e5,f5,b8,41,2a,fe,05,b0,17,
57,66,2d,54,85,d2,b7,88,7b,d1,ed,58,08,f6,83,0c,af,62,7a,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-239778508-3025369645-3176658431-1000_Classes\CLSID\{620f75ea-7cdb-478b-9f11-1f1b0c2365a1}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000bc
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,4b,c9,96,64,e2,60,5f,2d,2e,4d,91,eb,9e,ca,8f,8d,98,fc,8e,ab,29,fb,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-09-17 12:43:18
ComboFix-quarantined-files.txt 2010-09-17 11:43
ComboFix2.txt 2010-09-15 11:18
ComboFix3.txt 2010-09-14 17:38

Pre-Run: 183,715,758,080 bytes free
Post-Run: 183,971,930,112 bytes free

- - End Of File - - 8CA949D3E19EF7FF345058747DE854D2

EDIT: Posts merged ~BP

Edited by Budapest, 23 September 2010 - 04:25 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:49 PM

Posted 23 September 2010 - 06:29 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 sherry_d

sherry_d
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 24 September 2010 - 03:04 AM

The problems hasnt gone away so I still need you help please. Many Thanks.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:49 PM

Posted 24 September 2010 - 02:12 PM

Hi,

The Combofix log you posted isn't complete.

You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.

Please go to Start >Run > and copy/paste the following, then press Enter

C:\QooBox\ComboFix-quarantined-files.txt

A log file should open. Please post that in your next reply.
Posted Image
m0le is a proud member of UNITE

#5 sherry_d

sherry_d
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 24 September 2010 - 03:56 PM

This is what I have

2010-09-14 17:37:01 . 2010-09-14 17:37:01 164 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-msnmsgr.reg.dat
2010-09-14 17:27:46 . 2010-09-18 11:48:28 4,630 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-09-14 17:07:32 . 2010-09-18 11:39:50 583 ----a-w- C:\Qoobox\Quarantine\catchme.log
2010-05-20 22:32:54 . 2010-05-20 22:32:54 34 ----a-w- C:\Qoobox\Quarantine\C\Users\Sharon\AppData\Roaming\EurekaLog\EurekaLog.ini.vir
2010-04-29 08:38:44 . 2010-04-29 08:38:44 20 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\SYSTEM.vir
2010-02-17 15:14:28 . 2010-02-17 15:14:28 3 ----a-w- C:\Qoobox\Quarantine\C\Users\Sharon\AppData\Roaming\ubotcompile6260257\affno.txt.vir
2010-02-17 15:14:28 . 2010-02-17 15:14:28 287,192 ----a-w- C:\Qoobox\Quarantine\C\Users\Sharon\AppData\Roaming\ubotcompile6260257\bot.ubot.vir
2010-02-17 15:14:28 . 2010-02-17 15:14:28 3,208,126 ----a-w- C:\Qoobox\Quarantine\C\Users\Sharon\AppData\Roaming\ubotcompile6260257\bot.exe.vir
2010-02-15 23:33:37 . 2010-02-15 23:33:37 3 ----a-w- C:\Qoobox\Quarantine\C\Users\Sharon\AppData\Roaming\ubotcompile1517915\affno.txt.vir
2010-02-15 23:33:37 . 2010-02-15 23:33:37 57,472 ----a-w- C:\Qoobox\Quarantine\C\Users\Sharon\AppData\Roaming\ubotcompile1517915\bot.ubot.vir
2010-02-15 23:33:37 . 2010-02-15 23:33:37 3,208,126 ----a-w- C:\Qoobox\Quarantine\C\Users\Sharon\AppData\Roaming\ubotcompile1517915\bot.exe.vir
2009-02-26 19:57:40 . 2009-02-26 19:57:42 60,744 ----a-w- C:\Qoobox\Quarantine\C\Users\Sharon\g2mdlhlpx.exe.vir

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:49 PM

Posted 24 September 2010 - 05:12 PM

Please can you run Combofix again - allowing any updates - and post the log. I can see the problem but I need an up-to-date log before I can start to remove anything.
Posted Image
m0le is a proud member of UNITE

#7 sherry_d

sherry_d
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 24 September 2010 - 06:03 PM

Here is the report


((((((((((((((((((((((((( Files Created from 2010-08-24 to 2010-09-24 )))))))))))))))))))))))))))))))
.

2010-09-24 22:42 . 2010-09-24 22:42 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-24 22:42 . 2010-09-24 22:42 -------- d-----w- c:\users\Nicole\AppData\Local\temp
2010-09-24 22:42 . 2010-09-24 22:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-24 11:47 . 2010-09-24 11:47 -------- d-----w- c:\program files\Internet Download Manager
2010-09-24 07:45 . 2010-09-24 07:45 3951968 ----a-w- c:\programdata\avg9\update\backup\avguires.dll
2010-09-24 07:45 . 2010-09-24 07:45 2448224 ----a-w- c:\programdata\avg9\update\backup\avguiadv.dll
2010-09-24 07:45 . 2010-09-24 07:45 4100960 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
2010-09-24 07:45 . 2010-09-24 07:45 2065760 ----a-w- c:\programdata\avg9\update\backup\avgtray.exe
2010-09-24 07:45 . 2010-09-24 07:45 1278304 ----a-w- c:\programdata\avg9\update\backup\avgfrw.exe
2010-09-24 07:45 . 2010-09-24 07:45 1247584 ----a-w- c:\programdata\avg9\update\backup\avgabout.dll
2010-09-23 23:30 . 2010-09-23 23:30 108320 ----a-w- c:\programdata\Adobe\CS5\jre\bin\wsdetect.dll
2010-09-23 09:11 . 2010-09-23 09:11 -------- d-----w- c:\users\Sharon\AppData\Roaming\kompozer.net
2010-09-23 09:11 . 2010-09-23 09:11 -------- d-----w- c:\users\Sharon\AppData\Local\kompozer.net
2010-09-23 09:11 . 2010-09-23 09:11 -------- d-----w- c:\program files\KompoZer
2010-09-23 08:22 . 2010-09-23 08:22 1377632 ----a-w- c:\programdata\avg9\update\backup\avgssff.dll
2010-09-23 08:22 . 2010-09-23 08:22 942432 ----a-w- c:\programdata\avg9\update\backup\avgcfgx.dll
2010-09-23 08:22 . 2010-09-23 08:22 598368 ----a-w- c:\programdata\avg9\update\backup\avgsrmx.dll
2010-09-23 08:22 . 2010-09-23 08:22 4371296 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-09-23 08:22 . 2010-09-23 08:22 300896 ----a-w- c:\programdata\avg9\update\backup\avgchclx.dll
2010-09-23 08:22 . 2010-09-23 08:22 2331032 ----a-w- c:\programdata\avg9\update\backup\avgfws9.exe
2010-09-23 08:22 . 2010-09-23 08:22 5649320 ----a-w- c:\programdata\avg9\update\backup\winspamcatcher.dll
2010-09-23 08:16 . 2010-09-23 08:16 1690952 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-09-16 08:53 . 2010-07-17 04:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 09:24 . 2010-09-23 09:01 63488 ----a-w- c:\users\Sharon\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-15 08:39 . 2010-04-16 16:10 501760 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 08:39 . 2010-08-17 13:32 126464 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 08:39 . 2010-04-05 16:08 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 08:38 . 2010-05-27 19:16 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-08 07:33 . 2010-09-08 07:33 -------- d-----w- c:\windows\system32\EventProviders
2010-09-08 07:33 . 2010-09-08 07:33 -------- d-----w- C:\16a39bb633013ebe82566fcf4f138f
2010-09-07 19:36 . 2010-06-02 09:28 865792 ----a-w- c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
2010-09-05 01:02 . 2010-09-05 01:02 92672 --sha-r- c:\users\Sharon\AppData\Roaming\icm32Y.dll
2010-09-05 01:01 . 2010-09-05 19:05 -------- d-----w- c:\users\Sharon\AppData\Local\bbtbfwryl
2010-09-05 01:01 . 2010-09-05 19:05 -------- d-----w- c:\users\Sharon\AppData\Local\mnsbfneou
2010-09-05 01:01 . 2010-09-05 19:05 -------- d-----w- c:\users\Sharon\AppData\Local\dabcftpvc
2010-09-04 08:26 . 2010-08-30 13:33 43008 ----a-w- c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-09-04 08:26 . 2010-08-30 13:33 338944 ----a-w- c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-09-04 08:26 . 2010-08-30 13:33 346112 ----a-w- c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-09-04 08:26 . 2010-08-30 13:34 1496064 ----a-w- c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-24 22:43 . 2009-04-07 23:04 -------- d-----w- c:\users\Sharon\AppData\Roaming\Skype
2010-09-24 22:17 . 2010-06-09 13:31 -------- d-----w- c:\program files\Common Files\Akamai
2010-09-24 16:19 . 2010-06-09 09:53 -------- d-----w- c:\users\Sharon\AppData\Roaming\DMCache
2010-09-23 23:37 . 2008-10-27 11:13 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-23 09:01 . 2009-05-27 16:18 117760 ----a-w- c:\users\Sharon\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-21 17:51 . 2010-07-12 15:56 452104 ----a-w- c:\users\Sharon\AppData\Roaming\Real\Update\setup3.12\setup.exe
2010-09-16 08:53 . 2008-10-27 11:23 -------- d-----w- c:\program files\Common Files\Java
2010-09-16 08:53 . 2008-10-27 11:24 -------- d-----w- c:\program files\Java
2010-09-15 11:54 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-15 09:24 . 2009-05-27 16:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-10 09:59 . 2010-06-16 19:47 6728 ----a-w- c:\users\Sharon\AppData\Local\d3d9caps.dat
2010-08-09 21:51 . 2010-08-09 21:51 26694 ----a-r- c:\users\Sharon\AppData\Roaming\Microsoft\Installer\{F6249ABF-F16D-4AF3-8755-4D62F799C238}\_FCF4B120D6A8BD6C385184.exe
2010-08-09 21:51 . 2010-08-09 21:51 26694 ----a-r- c:\users\Sharon\AppData\Roaming\Microsoft\Installer\{F6249ABF-F16D-4AF3-8755-4D62F799C238}\_6FEFF9B68218417F98F549.exe
2010-08-09 21:51 . 2009-06-22 20:59 -------- d-----w- c:\program files\Google
2010-07-16 09:51 . 2010-04-23 13:07 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 09:51 . 2010-07-16 09:51 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 09:51 . 2010-04-23 13:07 25168 ----a-w- c:\windows\system32\drivers\AVGIDSvx.sys
2010-07-16 09:49 . 2010-04-23 13:07 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-30 15:55 . 2010-03-11 22:57 439816 ----a-w- c:\users\Sharon\AppData\Roaming\Real\Update\setup3.10\setup.exe
2008-10-27 10:38 . 2008-10-27 10:27 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2010-09-14_17.33.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-15 08:38 . 2010-05-27 18:21 84480 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6002.22413_none_7c1975736ed5f037\INETRES.dll
+ 2006-11-02 07:28 . 2006-11-02 08:48 84480 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6002.18263_none_7b59c72655e0defb\INETRES.dll
+ 2010-09-15 08:38 . 2010-05-27 17:39 84480 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.22702_none_7a3cd32d71a865cb\INETRES.dll
+ 2006-11-02 07:28 . 2006-11-02 08:48 84480 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.18483_none_795db38058cac492\INETRES.dll
+ 2008-01-21 01:58 . 2010-09-23 23:12 70756 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-09-24 11:25 89108 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-24 16:33 . 2010-09-24 11:25 16406 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-239778508-3025369645-3176658431-1000_UserData.bin
- 2009-01-10 01:24 . 2010-09-14 16:47 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-10 01:24 . 2010-09-24 11:23 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-10 01:24 . 2010-09-14 16:47 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-10 01:24 . 2010-09-24 11:23 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-10 01:24 . 2010-09-24 11:23 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-10 01:24 . 2010-09-14 16:47 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-06-15 12:14 . 2010-06-15 12:14 10134 c:\windows\Installer\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}\ARPPRODUCTICON.exe
+ 2010-09-23 23:30 . 2010-09-23 23:30 10134 c:\windows\Installer\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}\ARPPRODUCTICON.exe
- 2010-06-15 12:13 . 2010-06-15 12:13 10134 c:\windows\Installer\{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}\ARPPRODUCTICON.exe
+ 2010-09-23 23:29 . 2010-09-23 23:29 10134 c:\windows\Installer\{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}\ARPPRODUCTICON.exe
- 2010-06-15 12:14 . 2010-06-15 12:14 10134 c:\windows\Installer\{D1A19B02-817E-4296-A45B-07853FD74D57}\ARPPRODUCTICON.exe
+ 2010-09-23 23:30 . 2010-09-23 23:30 10134 c:\windows\Installer\{D1A19B02-817E-4296-A45B-07853FD74D57}\ARPPRODUCTICON.exe
- 2010-06-15 12:14 . 2010-06-15 12:14 10134 c:\windows\Installer\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}\ARPPRODUCTICON.exe
+ 2010-09-23 23:30 . 2010-09-23 23:30 10134 c:\windows\Installer\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}\ARPPRODUCTICON.exe
- 2010-06-15 12:12 . 2010-06-15 12:12 10134 c:\windows\Installer\{08D2E121-7F6A-43EB-97FD-629B44903403}\ARPPRODUCTICON.exe
+ 2010-09-23 23:29 . 2010-09-23 23:29 10134 c:\windows\Installer\{08D2E121-7F6A-43EB-97FD-629B44903403}\ARPPRODUCTICON.exe
- 2010-06-15 12:15 . 2010-06-15 12:15 10134 c:\windows\Installer\{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}\ARPPRODUCTICON.exe
+ 2010-09-23 23:30 . 2010-09-23 23:30 10134 c:\windows\Installer\{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}\ARPPRODUCTICON.exe
+ 2010-09-23 23:09 . 2010-09-24 11:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-09-14 09:43 . 2010-09-14 16:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-09-14 09:43 . 2010-09-14 16:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-23 23:09 . 2010-09-24 11:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-15 08:39 . 2010-04-16 17:20 502784 c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6002.22384_none_af1813076efd8bc3\usp10.dll
+ 2010-09-15 08:39 . 2010-04-16 16:46 502272 c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6002.18244_none_aeb9b5ec55bf7c35\usp10.dll
+ 2010-09-15 08:39 . 2010-04-16 16:11 502272 c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6001.22672_none_ad3a707771d0e800\usp10.dll
+ 2010-09-15 08:39 . 2010-04-16 16:10 501760 c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6001.18461_none_acbaa16858ac15c7\usp10.dll
+ 2010-09-15 08:39 . 2010-08-17 14:20 128000 c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.22468_none_d882e000d7f61b4c\spoolsv.exe
+ 2010-09-15 08:39 . 2010-08-17 14:11 128000 c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18294_none_d7d4d063bef46cd2\spoolsv.exe
+ 2010-09-15 08:39 . 2010-08-17 13:27 128000 c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.22743_none_d6ad0c7edac40f93\spoolsv.exe
+ 2010-09-15 08:39 . 2010-08-17 13:32 126464 c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18511_none_d641dcfdc18fec21\spoolsv.exe
+ 2010-09-15 08:39 . 2010-04-05 17:16 317952 c:\windows\winsxs\x86_microsoft-windows-mp4sdecd_31bf3856ad364e35_6.0.6002.22377_none_1113d357839f8d5f\MP4SDECD.DLL
+ 2010-09-15 08:39 . 2010-04-05 17:02 317952 c:\windows\winsxs\x86_microsoft-windows-mp4sdecd_31bf3856ad364e35_6.0.6002.18236_none_10b475f26a62647a\MP4SDECD.DLL
+ 2010-09-15 08:39 . 2010-04-05 16:30 317952 c:\windows\winsxs\x86_microsoft-windows-mp4sdecd_31bf3856ad364e35_6.0.6001.22665_none_0f3630c78672e99c\MP4SDECD.DLL
+ 2010-09-15 08:39 . 2010-04-05 16:08 317952 c:\windows\winsxs\x86_microsoft-windows-mp4sdecd_31bf3856ad364e35_6.0.6001.18454_none_0eb661b86d4e1763\MP4SDECD.DLL
+ 2010-09-15 08:38 . 2010-05-27 20:27 739328 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6002.22413_none_7c1975736ed5f037\inetcomm.dll
+ 2010-09-15 08:38 . 2010-05-27 20:08 739328 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6002.18263_none_7b59c72655e0defb\inetcomm.dll
+ 2010-09-15 08:38 . 2010-05-27 19:11 738816 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.22702_none_7a3cd32d71a865cb\inetcomm.dll
+ 2010-09-15 08:38 . 2010-05-27 19:16 738816 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.18483_none_795db38058cac492\inetcomm.dll
+ 2009-02-24 20:33 . 2010-09-24 16:17 251834 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2010-03-05 09:13 . 2010-03-05 09:13 947472 c:\windows\System32\msjava.dll
- 2008-07-31 10:16 . 2010-03-05 09:13 947472 c:\windows\System32\msjava.dll
+ 2010-09-16 08:53 . 2010-07-17 04:00 153376 c:\windows\System32\javaws.exe
+ 2010-09-16 08:53 . 2010-07-17 04:00 145184 c:\windows\System32\javaw.exe
- 2009-10-21 23:46 . 2009-07-25 04:23 145184 c:\windows\System32\javaw.exe
+ 2010-09-16 08:53 . 2010-07-17 04:00 145184 c:\windows\System32\java.exe
- 2009-10-21 23:46 . 2009-07-25 04:23 145184 c:\windows\System32\java.exe
+ 2010-05-26 12:57 . 2009-09-09 08:43 210352 c:\windows\System32\idmmbc.dll
+ 2010-09-16 08:53 . 2010-09-16 08:53 180224 c:\windows\Installer\6729a0.msi
+ 2010-09-23 23:30 . 2010-09-23 23:30 315392 c:\windows\Installer\1295f1.msi
+ 2010-09-23 23:30 . 2010-09-23 23:30 316928 c:\windows\Installer\1295ea.msi
+ 2010-09-23 23:30 . 2010-09-23 23:30 356864 c:\windows\Installer\1295e3.msi
+ 2010-09-23 23:30 . 2010-09-23 23:30 359424 c:\windows\Installer\1295dc.msi
+ 2010-09-23 23:29 . 2010-09-23 23:29 339456 c:\windows\Installer\1295d5.msi
+ 2010-09-23 23:29 . 2010-09-23 23:29 316416 c:\windows\Installer\1295ce.msi
+ 2010-09-15 08:38 . 2010-08-17 10:52 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22468_none_f4bf570381e7a95d\OESpamFilter.dat
+ 2010-09-15 08:38 . 2010-08-17 10:52 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18294_none_f411476668e5fae3\OESpamFilter.dat
+ 2010-09-15 08:38 . 2010-08-17 10:53 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22743_none_f2e9838184b59da4\OESpamFilter.dat
+ 2010-09-15 08:38 . 2010-08-17 10:52 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18511_none_f27e54006b817a32\OESpamFilter.dat
+ 2006-11-02 10:22 . 2010-09-15 12:13 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2010-08-14 02:01 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:24 . 2010-09-15 11:55 35552200 c:\windows\System32\mrt.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 09:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-16 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"zrzoqtmlja"="c:\users\Sharon\AppData\Roaming\icm32Y.dll" [2010-09-05 92672]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-10 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-12 198160]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-08-16 122368]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-09-24 2065760]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2010-02-17 177472]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 169496]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-5 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-04-19 430152]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
S0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSvx.sys [2010-07-16 25168]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-04-23 52872]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-04-23 24856]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-07-16 216400]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-07-16 243024]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2010-09-23 2331544]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys [2010-07-16 122448]
S3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys [2010-07-16 30288]
S3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys [2010-07-16 27216]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-15 127488]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 16:49]

2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 16:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6092
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-GB\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\windows\system32\wpclsp.dll
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_uk&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Sharon\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----


FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-24 23:42
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-239778508-3025369645-3176658431-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):66,0c,36,17,c2,ce,31,5c,a9,93,ee,0a,e5,f5,b8,41,2a,fe,05,b0,17,
57,66,2d,54,85,d2,b7,88,7b,d1,ed,58,08,f6,83,0c,af,62,7a,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-239778508-3025369645-3176658431-1000_Classes\CLSID\{620f75ea-7cdb-478b-9f11-1f1b0c2365a1}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000bc
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,4b,c9,96,64,e2,60,5f,2d,2e,4d,91,eb,9e,ca,8f,8d,98,fc,8e,ab,29,fb,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-09-24 23:55:18
ComboFix-quarantined-files.txt 2010-09-24 22:55
ComboFix2.txt 2010-09-18 12:11
ComboFix3.txt 2010-09-17 11:43
ComboFix4.txt 2010-09-15 11:18
ComboFix5.txt 2010-09-24 22:20

Pre-Run: 167,626,964,992 bytes free
Post-Run: 167,696,306,176 bytes free

- - End Of File - - 59B80D32594877D7313457F468EB48D4


#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:49 PM

Posted 24 September 2010 - 06:42 PM

There is the first part of the log missing. It begins something like
QUOTE
ComboFix 09-07-08.09 - "Administrator" 09/07/09 22:51:02.3. 2 - NTFS x86 Minimal
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.247 [GMT 8:00]


Posted Image
m0le is a proud member of UNITE

#9 sherry_d

sherry_d
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 25 September 2010 - 03:50 AM

ComboFix 10-09-24.03 - Sharon 24/09/2010 23:24:51.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3002.990 [GMT 1:00]
Running from: c:\users\Sharon\Downloads\ComboFix.exe
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:49 PM

Posted 28 September 2010 - 07:29 PM

Sorry for the wait but I am checking out some of the entries.

Please rerun Combofix as follows (make sure the entire log is pasted)

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

QUOTE
File::
c:\users\Sharon\AppData\Roaming\icm32Y.dll

Folder::
c:\users\Sharon\AppData\Local\bbtbfwryl
c:\users\Sharon\AppData\Local\mnsbfneou
c:\users\Sharon\AppData\Local\dabcftpvc

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zrzoqtmlja"=-

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:6092

RegLock::
[HKEY_USERS\S-1-5-21-239778508-3025369645-3176658431-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
[HKEY_USERS\S-1-5-21-239778508-3025369645-3176658431-1000_Classes\CLSID\{620f75ea-7cdb-478b-9f11-1f1b0c2365a1}]


Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)




Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Posted Image
m0le is a proud member of UNITE

#11 sherry_d

sherry_d
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 29 September 2010 - 06:20 PM

I was having problems trying to drag and drop. I think it may have worked in the end but I am not too sure. Here is the log after your instructions. If I havent done it properly how do I drag, for some reason I am not sure if its working as I cannot see the CFScript.text thing flying off into combofix. I have been holding my cursor down its but it doesnt look like it worked. Many Thanks.

ComboFix 10-09-29.01 - Sharon 29/09/2010 23:57:42.7.2 - x86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.44.1033.18.3002.1666 [GMT 1:00]
Running from: c:\users\Sharon\Downloads\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-29 )))))))))))))))))))))))))))))))
.

2010-09-29 23:09 . 2010-09-29 23:09 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-29 23:09 . 2010-09-29 23:09 -------- d-----w- c:\users\Nicole\AppData\Local\temp
2010-09-29 23:09 . 2010-09-29 23:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-24 11:47 . 2010-09-24 11:47 -------- d-----w- c:\program files\Internet Download Manager
2010-09-24 07:45 . 2010-09-24 07:45 3951968 ----a-w- c:\programdata\avg9\update\backup\avguires.dll
2010-09-24 07:45 . 2010-09-24 07:45 2448224 ----a-w- c:\programdata\avg9\update\backup\avguiadv.dll
2010-09-24 07:45 . 2010-09-24 07:45 4100960 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
2010-09-24 07:45 . 2010-09-24 07:45 2065760 ----a-w- c:\programdata\avg9\update\backup\avgtray.exe
2010-09-24 07:45 . 2010-09-24 07:45 1278304 ----a-w- c:\programdata\avg9\update\backup\avgfrw.exe
2010-09-24 07:45 . 2010-09-24 07:45 1247584 ----a-w- c:\programdata\avg9\update\backup\avgabout.dll
2010-09-23 23:30 . 2010-09-23 23:30 108320 ----a-w- c:\programdata\Adobe\CS5\jre\bin\wsdetect.dll
2010-09-23 09:11 . 2010-09-23 09:11 -------- d-----w- c:\users\Sharon\AppData\Roaming\kompozer.net
2010-09-23 09:11 . 2010-09-23 09:11 -------- d-----w- c:\users\Sharon\AppData\Local\kompozer.net
2010-09-23 09:11 . 2010-09-23 09:11 -------- d-----w- c:\program files\KompoZer
2010-09-23 08:22 . 2010-09-23 08:22 1377632 ----a-w- c:\programdata\avg9\update\backup\avgssff.dll
2010-09-23 08:22 . 2010-09-23 08:22 942432 ----a-w- c:\programdata\avg9\update\backup\avgcfgx.dll
2010-09-23 08:22 . 2010-09-23 08:22 598368 ----a-w- c:\programdata\avg9\update\backup\avgsrmx.dll
2010-09-23 08:22 . 2010-09-23 08:22 4371296 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-09-23 08:22 . 2010-09-23 08:22 300896 ----a-w- c:\programdata\avg9\update\backup\avgchclx.dll
2010-09-23 08:22 . 2010-09-23 08:22 2331032 ----a-w- c:\programdata\avg9\update\backup\avgfws9.exe
2010-09-23 08:22 . 2010-09-23 08:22 5649320 ----a-w- c:\programdata\avg9\update\backup\winspamcatcher.dll
2010-09-23 08:16 . 2010-09-23 08:16 1690952 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-09-16 08:53 . 2010-07-17 04:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 08:39 . 2010-04-16 16:10 501760 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 08:39 . 2010-08-17 13:32 126464 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 08:39 . 2010-04-05 16:08 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 08:38 . 2010-05-27 19:16 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-08 07:33 . 2010-09-08 07:33 -------- d-----w- c:\windows\system32\EventProviders
2010-09-08 07:33 . 2010-09-08 07:33 -------- d-----w- C:\16a39bb633013ebe82566fcf4f138f
2010-09-07 19:36 . 2010-06-02 09:28 865792 ----a-w- c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
2010-09-05 01:02 . 2010-09-05 01:02 92672 --sha-r- c:\users\Sharon\AppData\Roaming\icm32Y.dll
2010-09-05 01:01 . 2010-09-05 19:05 -------- d-----w- c:\users\Sharon\AppData\Local\bbtbfwryl
2010-09-05 01:01 . 2010-09-05 19:05 -------- d-----w- c:\users\Sharon\AppData\Local\mnsbfneou
2010-09-05 01:01 . 2010-09-05 19:05 -------- d-----w- c:\users\Sharon\AppData\Local\dabcftpvc
2010-09-04 08:26 . 2010-08-30 13:33 43008 ----a-w- c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-09-04 08:26 . 2010-08-30 13:33 338944 ----a-w- c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-09-04 08:26 . 2010-08-30 13:33 346112 ----a-w- c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-09-04 08:26 . 2010-08-30 13:34 1496064 ----a-w- c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-29 23:00 . 2010-06-09 13:31 -------- d-----w- c:\program files\Common Files\Akamai
2010-09-29 22:56 . 2009-04-07 23:04 -------- d-----w- c:\users\Sharon\AppData\Roaming\Skype
2010-09-29 21:16 . 2009-05-27 16:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-24 16:19 . 2010-06-09 09:53 -------- d-----w- c:\users\Sharon\AppData\Roaming\DMCache
2010-09-23 23:37 . 2008-10-27 11:13 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-21 17:51 . 2010-07-12 15:56 452104 ----a-w- c:\users\Sharon\AppData\Roaming\Real\Update\setup3.12\setup.exe
2010-09-16 08:53 . 2008-10-27 11:23 -------- d-----w- c:\program files\Common Files\Java
2010-09-16 08:53 . 2008-10-27 11:24 -------- d-----w- c:\program files\Java
2010-09-15 11:54 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-10 09:59 . 2010-06-16 19:47 6728 ----a-w- c:\users\Sharon\AppData\Local\d3d9caps.dat
2010-08-09 21:51 . 2010-08-09 21:51 26694 ----a-r- c:\users\Sharon\AppData\Roaming\Microsoft\Installer\{F6249ABF-F16D-4AF3-8755-4D62F799C238}\_FCF4B120D6A8BD6C385184.exe
2010-08-09 21:51 . 2010-08-09 21:51 26694 ----a-r- c:\users\Sharon\AppData\Roaming\Microsoft\Installer\{F6249ABF-F16D-4AF3-8755-4D62F799C238}\_6FEFF9B68218417F98F549.exe
2010-08-09 21:51 . 2009-06-22 20:59 -------- d-----w- c:\program files\Google
2010-07-16 09:51 . 2010-04-23 13:07 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 09:51 . 2010-07-16 09:51 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 09:51 . 2010-04-23 13:07 25168 ----a-w- c:\windows\system32\drivers\AVGIDSvx.sys
2010-07-16 09:49 . 2010-04-23 13:07 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-09 22:39 . 2006-11-02 10:25 86016 ----a-w- c:\windows\Inf\infstor.dat
2010-07-09 22:39 . 2006-11-02 10:25 51200 ----a-w- c:\windows\Inf\infpub.dat
2010-07-09 22:39 . 2006-11-02 10:25 143360 ----a-w- c:\windows\Inf\infstrng.dat
2008-10-27 10:38 . 2008-10-27 10:27 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 09:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-16 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-12 198160]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-08-16 122368]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-09-24 2065760]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2010-02-17 177472]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 169496]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-5 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-04-19 430152]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
S0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSvx.sys [2010-07-16 25168]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-04-23 52872]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-04-23 24856]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-07-16 216400]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-07-16 243024]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2010-09-23 2331544]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys [2010-07-16 122448]
S3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys [2010-07-16 30288]
S3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys [2010-07-16 27216]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-15 127488]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 16:49]

2010-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 16:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = <local>
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-GB\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\windows\system32\wpclsp.dll
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_uk&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Sharon\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----


FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-30 00:09
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-09-30 00:12:12
ComboFix-quarantined-files.txt 2010-09-29 23:12
ComboFix2.txt 2010-09-29 21:55
ComboFix3.txt 2010-09-24 22:55
ComboFix4.txt 2010-09-18 12:11
ComboFix5.txt 2010-09-29 22:07

Pre-Run: 160,859,856,896 bytes free
Post-Run: 160,833,961,984 bytes free

- - End Of File - - A1E4F216B314E50FE10D52E762864CEC

Edited by sherry_d, 29 September 2010 - 06:29 PM.


#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:49 PM

Posted 29 September 2010 - 06:36 PM

It didn't work, sherry_d.

Hover over the Combofix file with the mouse

Click and hold down the left mouse button

Move the mouse (still holding down the left button) until it's over the Combofix icon

Let go of the left button on the mouse.
Posted Image
m0le is a proud member of UNITE

#13 sherry_d

sherry_d
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 30 September 2010 - 04:47 AM

I may have gotten it to work. Here is the latest report.

ComboFix 10-09-29.03 - Sharon 30/09/2010 10:14:21.8.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3002.1705 [GMT 1:00]
Running from: c:\users\Sharon\Downloads\ComboFix.exe
Command switches used :: c:\users\Sharon\Downloads\CFScript.txt

FILE ::
"c:\users\Sharon\AppData\Roaming\icm32Y.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Sharon\AppData\Local\bbtbfwryl
c:\users\Sharon\AppData\Local\dabcftpvc
c:\users\Sharon\AppData\Local\mnsbfneou
c:\users\Sharon\AppData\Roaming\icm32Y.dll

.
((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-30 )))))))))))))))))))))))))))))))
.

2010-09-30 09:31 . 2010-09-30 09:31 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-30 09:31 . 2010-09-30 09:31 -------- d-----w- c:\users\Nicole\AppData\Local\temp
2010-09-30 09:31 . 2010-09-30 09:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-30 09:08 . 2010-09-30 09:09 -------- d-----w- C:\32788R22FWJFW
2010-09-29 08:49 . 2010-06-22 12:57 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-24 11:47 . 2010-09-24 11:47 -------- d-----w- c:\program files\Internet Download Manager
2010-09-24 07:45 . 2010-09-24 07:45 3951968 ----a-w- c:\programdata\avg9\update\backup\avguires.dll
2010-09-24 07:45 . 2010-09-24 07:45 2448224 ----a-w- c:\programdata\avg9\update\backup\avguiadv.dll
2010-09-24 07:45 . 2010-09-24 07:45 4100960 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
2010-09-24 07:45 . 2010-09-24 07:45 2065760 ----a-w- c:\programdata\avg9\update\backup\avgtray.exe
2010-09-24 07:45 . 2010-09-24 07:45 1278304 ----a-w- c:\programdata\avg9\update\backup\avgfrw.exe
2010-09-24 07:45 . 2010-09-24 07:45 1247584 ----a-w- c:\programdata\avg9\update\backup\avgabout.dll
2010-09-23 23:30 . 2010-09-23 23:30 108320 ----a-w- c:\programdata\Adobe\CS5\jre\bin\wsdetect.dll
2010-09-23 09:11 . 2010-09-23 09:11 -------- d-----w- c:\users\Sharon\AppData\Roaming\kompozer.net
2010-09-23 09:11 . 2010-09-23 09:11 -------- d-----w- c:\users\Sharon\AppData\Local\kompozer.net
2010-09-23 09:11 . 2010-09-23 09:11 -------- d-----w- c:\program files\KompoZer
2010-09-23 08:22 . 2010-09-23 08:22 1377632 ----a-w- c:\programdata\avg9\update\backup\avgssff.dll
2010-09-23 08:22 . 2010-09-23 08:22 942432 ----a-w- c:\programdata\avg9\update\backup\avgcfgx.dll
2010-09-23 08:22 . 2010-09-23 08:22 598368 ----a-w- c:\programdata\avg9\update\backup\avgsrmx.dll
2010-09-23 08:22 . 2010-09-23 08:22 4371296 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-09-23 08:22 . 2010-09-23 08:22 300896 ----a-w- c:\programdata\avg9\update\backup\avgchclx.dll
2010-09-23 08:22 . 2010-09-23 08:22 2331032 ----a-w- c:\programdata\avg9\update\backup\avgfws9.exe
2010-09-23 08:22 . 2010-09-23 08:22 5649320 ----a-w- c:\programdata\avg9\update\backup\winspamcatcher.dll
2010-09-23 08:16 . 2010-09-23 08:16 1690952 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-09-16 08:53 . 2010-07-17 04:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 08:39 . 2010-04-16 16:10 501760 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 08:39 . 2010-08-17 13:32 126464 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 08:39 . 2010-04-05 16:08 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 08:38 . 2010-05-27 19:16 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-08 07:33 . 2010-09-08 07:33 -------- d-----w- c:\windows\system32\EventProviders
2010-09-08 07:33 . 2010-09-08 07:33 -------- d-----w- C:\16a39bb633013ebe82566fcf4f138f
2010-09-07 19:36 . 2010-06-02 09:28 865792 ----a-w- c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
2010-09-04 08:26 . 2010-08-30 13:33 43008 ----a-w- c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-09-04 08:26 . 2010-08-30 13:33 338944 ----a-w- c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-09-04 08:26 . 2010-08-30 13:33 346112 ----a-w- c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-09-04 08:26 . 2010-08-30 13:34 1496064 ----a-w- c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-30 09:32 . 2009-04-07 23:04 -------- d-----w- c:\users\Sharon\AppData\Roaming\Skype
2010-09-30 08:57 . 2010-06-09 13:31 -------- d-----w- c:\program files\Common Files\Akamai
2010-09-29 21:16 . 2009-05-27 16:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-24 16:19 . 2010-06-09 09:53 -------- d-----w- c:\users\Sharon\AppData\Roaming\DMCache
2010-09-23 23:37 . 2008-10-27 11:13 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-21 17:51 . 2010-07-12 15:56 452104 ----a-w- c:\users\Sharon\AppData\Roaming\Real\Update\setup3.12\setup.exe
2010-09-16 08:53 . 2008-10-27 11:23 -------- d-----w- c:\program files\Common Files\Java
2010-09-16 08:53 . 2008-10-27 11:24 -------- d-----w- c:\program files\Java
2010-09-15 11:54 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-10 09:59 . 2010-06-16 19:47 6728 ----a-w- c:\users\Sharon\AppData\Local\d3d9caps.dat
2010-08-09 21:51 . 2010-08-09 21:51 26694 ----a-r- c:\users\Sharon\AppData\Roaming\Microsoft\Installer\{F6249ABF-F16D-4AF3-8755-4D62F799C238}\_FCF4B120D6A8BD6C385184.exe
2010-08-09 21:51 . 2010-08-09 21:51 26694 ----a-r- c:\users\Sharon\AppData\Roaming\Microsoft\Installer\{F6249ABF-F16D-4AF3-8755-4D62F799C238}\_6FEFF9B68218417F98F549.exe
2010-08-09 21:51 . 2009-06-22 20:59 -------- d-----w- c:\program files\Google
2010-07-16 09:51 . 2010-04-23 13:07 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 09:51 . 2010-07-16 09:51 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 09:51 . 2010-04-23 13:07 25168 ----a-w- c:\windows\system32\drivers\AVGIDSvx.sys
2010-07-16 09:49 . 2010-04-23 13:07 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-09 22:39 . 2006-11-02 10:25 86016 ----a-w- c:\windows\Inf\infstor.dat
2010-07-09 22:39 . 2006-11-02 10:25 51200 ----a-w- c:\windows\Inf\infpub.dat
2010-07-09 22:39 . 2006-11-02 10:25 143360 ----a-w- c:\windows\Inf\infstrng.dat
2008-10-27 10:38 . 2008-10-27 10:27 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 09:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-16 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-12 198160]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-08-16 122368]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-09-24 2065760]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2010-02-17 177472]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 169496]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-5 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-04-19 430152]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
S0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSvx.sys [2010-07-16 25168]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-04-23 52872]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-04-23 24856]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-07-16 216400]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-07-16 243024]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2010-09-23 2331544]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys [2010-07-16 122448]
S3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys [2010-07-16 30288]
S3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys [2010-07-16 27216]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-15 127488]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 16:49]

2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 16:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = <local>
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-GB\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\windows\system32\wpclsp.dll
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_uk&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\xbd54rir.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Sharon\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----


FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-30 10:32
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\Sharon\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-09-30 10:45:07
ComboFix-quarantined-files.txt 2010-09-30 09:44
ComboFix2.txt 2010-09-29 23:12
ComboFix3.txt 2010-09-29 21:55
ComboFix4.txt 2010-09-24 22:55
ComboFix5.txt 2010-09-30 09:09

Pre-Run: 160,800,223,232 bytes free
Post-Run: 160,804,200,448 bytes free

- - End Of File - - 638A42404972BD125AA18D9DF9021296


#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:49 PM

Posted 30 September 2010 - 06:15 PM

clapping.gif That did work.

One of the entries shows a program called ezSharedSvc. This is an Easybits program. Do you know this company or heard of or use Magic Desktop or Skype Games?

Can you also tell me what browser or browsers you are using?
Posted Image
m0le is a proud member of UNITE

#15 sherry_d

sherry_d
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 01 October 2010 - 03:36 AM

I have never heard of that company and I have not downloaded any games. My little girl occasionally uses it so perhaps she may have innocently downloaded it.

I use firefox and on very rare occassions internet explorer. Since your instruction I have had a redirection and it looks like its solved. I am really thankful for your help but I am just curious how I got the virus and how to prevent it. I usefree AVG and is it really any good for protection?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users