WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Infected computer

2 posters

descriptionInfected computer EmptyInfected computer29th October 2009, 5:34 pm

more_horiz
Earlier this morning I woke up and booted up the computer and found that with each hyperlink I clicked, I was being redirected to some search site. I ran Spybot and was able to eliminate the apparent virus, but was then left with some sort of "bad image" error and unable to open any sort of .exe. I visited some other boards and sites that recommended trying to input the filepath into the Run box, to no avail. Out of ideas, I decided to reboot. After my desktop and all of its icons loaded, I got a message that read

"Error loading C:\Users\Paul\ntuser.dll

C:\Users\Paul\ntuser.dll is not a valid Win32 application"

However, all the .exe files that were previously unable to be opened - I'll use iTunes as an example - opened fine without the previous "bad image" error. Any sort of help is GREATLY appreciated, as I'm at my wits end here. Goofy

descriptionInfected computer EmptyRe: Infected computer30th October 2009, 2:17 am

more_horiz
Hi. If you cannot download, then please try to download this on another computer and transfer it to the infected computer.

Please download ComboFix Infected computer Combofix from BleepingComputer.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

descriptionInfected computer EmptyRe: Infected computer2nd November 2009, 5:29 pm

more_horiz
ComboFix 09-11-01.04 - paul 11/02/2009 11:14.1.4 - NTFSx86
Microsoft®️ Windows Vista™️ Home Premium 6.0.6002.2.1252.1.1033.18.2036.1110 [GMT -6:00]
Running from: c:\users\paul\Desktop\commy.exe
Command switches used :: /stepdel
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2880161724-2229223639-655617677-500
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\oem3.inf
c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500\desktop.ini
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500\desktop.ini
c:\$recycle.bin\S-1-5-21-2880161724-2229223639-655617677-500\desktop.ini
c:\users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.dll
c:\users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
c:\users\paul\ntuser.dll

----- BITS: Possible infected sites -----

hxxp://resources.zune.net
.
((((((((((((((((((((((((( Files Created from 2009-10-02 to 2009-11-02 )))))))))))))))))))))))))))))))
.

2009-11-02 17:22 . 2009-11-02 17:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-30 14:32 . 2009-10-30 14:32 -------- d-----w- c:\users\paul\AppData\Roaming\Uniblue
2009-10-30 14:32 . 2009-10-30 14:32 -------- d-----w- c:\program files\Uniblue
2009-10-22 16:13 . 2009-08-27 05:17 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-10-15 23:12 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-15 23:12 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-15 23:12 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-15 23:12 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-15 23:12 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-15 23:11 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-14 18:19 . 2009-05-18 19:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-14 18:19 . 2008-04-17 18:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-14 18:18 . 2009-10-14 18:18 -------- d-----w- c:\program files\iPod
2009-10-14 18:18 . 2009-10-14 18:19 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-14 15:23 . 2009-10-14 15:24 -------- d-----w- c:\program files\QuickTime
2009-10-12 13:06 . 2009-10-12 13:06 -------- d-sh--w- c:\windows\system32\%APPDATA%
2009-10-08 10:59 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-10-08 10:59 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-10-08 10:59 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-10-08 10:59 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-10-08 10:59 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-10-08 10:59 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-10-08 10:59 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-10-07 14:35 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-07 14:35 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-07 14:35 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-07 14:35 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-07 14:35 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-07 14:35 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-07 14:35 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-07 14:35 . 2009-08-07 00:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-07 14:35 . 2009-08-06 23:44 33792 ----a-w- c:\windows\system32\wuapp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-02 12:24 . 2009-01-24 16:06 -------- d-----w- c:\programdata\Google Updater
2009-10-30 22:03 . 2008-03-08 03:23 680 ----a-w- c:\users\paul\AppData\Local\d3d9caps.dat
2009-10-29 13:36 . 2008-03-08 13:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-27 02:52 . 2009-03-31 16:18 -------- d-----w- c:\programdata\Soulseek
2009-10-26 22:22 . 2008-03-07 02:35 4538 ----a-w- c:\users\paul\AppData\Roaming\wklnhst.dat
2009-10-14 19:26 . 2009-03-11 15:17 -------- d-----w- c:\users\paul\AppData\Roaming\Apple Computer
2009-10-14 18:19 . 2009-03-11 15:16 -------- d-----w- c:\program files\iTunes
2009-10-14 18:18 . 2009-03-11 15:11 -------- d-----w- c:\program files\Common Files\Apple
2009-10-11 12:55 . 2008-04-17 00:15 -------- d-----w- c:\programdata\Yahoo! Companion
2009-10-03 20:20 . 2008-03-05 00:19 -------- d-----w- c:\programdata\Roxio
2009-10-01 15:29 . 2009-10-03 11:32 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-30 02:09 . 2009-09-30 02:09 -------- d-----w- c:\programdata\McAfee Security Scan
2009-09-30 02:09 . 2009-09-30 02:09 -------- d-----w- c:\program files\McAfee Security Scan
2009-09-26 21:25 . 2009-05-24 20:10 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\SACore
2009-09-16 21:15 . 2009-09-16 21:12 -------- d-----w- c:\users\paul\AppData\Roaming\U3
2009-09-16 15:22 . 2009-05-24 20:05 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 15:22 . 2009-05-24 20:05 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 15:22 . 2009-05-24 20:05 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 15:22 . 2009-03-25 16:06 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 15:22 . 2009-05-24 20:00 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-15 23:31 . 2009-09-15 23:31 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2009-09-15 23:25 . 2009-09-15 23:25 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf
2009-09-15 23:25 . 2009-09-15 23:25 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2009-09-15 21:28 . 2008-12-20 22:04 -------- d-----w- c:\program files\Zune
2009-09-04 21:38 . 2008-03-08 13:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-04 18:17 . 2009-09-04 18:17 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
2009-09-02 05:29 . 2009-09-02 05:29 74240 ----a-w- c:\windows\system32\ZuneUsbTransport.dll
2009-09-02 05:29 . 2009-09-02 05:29 57344 ----a-w- c:\windows\system32\ZuneRegUtil.dll
2009-09-02 05:29 . 2009-09-02 05:29 18944 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll
2009-09-02 05:29 . 2009-09-02 05:29 12800 ----a-w- c:\windows\system32\ZunePTDNS.dll
2009-09-02 05:29 . 2009-09-02 05:29 310784 ----a-w- c:\windows\system32\ZuneNetProxy.dll
2009-09-02 05:29 . 2009-09-02 05:29 147456 ----a-w- c:\windows\system32\ZuneMTPZ.dll
2009-08-29 00:42 . 2009-08-29 00:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 00:42 . 2009-08-29 00:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-27 05:22 . 2009-10-22 16:14 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-22 16:14 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-22 16:14 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-17 17:37 . 2009-08-17 17:37 1837296 ----a-w- c:\windows\system32\WUDFUpdate_01009.dll
2009-08-17 17:37 . 2009-08-17 17:37 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2009-08-14 16:27 . 2009-09-09 23:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 23:01 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 23:01 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 23:01 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 23:01 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 23:01 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 23:01 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 23:01 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 23:01 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 23:01 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 23:01 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-10-20 03:27 . 2008-08-08 17:43 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-03-05 08:00 . 2008-03-05 07:48 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2007-03-05 1103480]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-05 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Google Update"="c:\users\paul\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-09-26 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-20 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-14 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2009-09-04 158448]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-05-11 4452352]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):1f,3b,8e,0e,91,21,ca,01

R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [5/24/2009 2:06 PM 203280]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [3/8/2008 7:24 AM 1153368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/29/2008 8:02 PM 24652]
S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3/4/2008 6:23 PM 30192]
S3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\System32\drivers\ymidusbw.sys [3/31/2009 12:14 PM 32720]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-11-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-05 14:36]

2009-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2880161724-2229223639-655617677-1000Core.job
- c:\users\paul\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-26 00:07]

2009-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2880161724-2229223639-655617677-1000UA.job
- c:\users\paul\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-26 00:07]

2009-09-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 17:22]

2009-07-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 17:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080305
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
FF - ProfilePath - c:\users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\xnub6zpc.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\xnub6zpc.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\paul\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\xnub6zpc.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\xnub6zpc.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\users\paul\AppData\Roaming\Mozilla\plugins\npcoolirisplugin.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Winamp Toolbar for Firefox - c:\users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\xnub6zpc.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-02 11:23
Windows 6.0.6002 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2880161724-2229223639-655617677-1000\Software\SecuROM\License information*]
"datasecu"=hex:3e,9f,7f,67,f3,be,18,79,f6,70,7f,2f,6d,9e,04,fa,f8,8f,77,46,9e,
87,01,fb,9b,5b,75,77,20,f1,dc,cf,eb,c9,5b,c7,9e,50,d4,fd,43,a7,b7,fe,81,b0,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-11-02 11:25
ComboFix-quarantined-files.txt 2009-11-02 17:25

Pre-Run: 154,469,445,632 bytes free
Post-Run: 154,347,118,592 bytes free

- - End Of File - - 1341BCCD76D3F4D135062B94BF5DC7E5

descriptionInfected computer EmptyRe: Infected computer2nd November 2009, 7:27 pm

more_horiz
Infected computer Mbamicontw5 Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

descriptionInfected computer EmptyRe: Infected computer

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum