WiredWX Hobby Weather ToolsLog in

 


descriptionComputer Safety. EmptyComputer Safety.

more_horiz
I just got my computer out of the shop. Now it is saying I have several viruses. Not sure what the deal with that is. I use Avast! and it just done a boot scan and found 5. Some were in windows folders. It wouldnt repair them. And deleted them before letting me change the option. Here is some that I was able to write down before it was removed from screen.

C:\Documents & Settings\Cattie\Local Settings\Temp\n.exn was infected with Win32:Vundo-HN (trojan)

C:\Windows\System32\trz22.tmp
C:\Windows\System32\trz23.tmp


Dont know what the last two were infected with. IS Avast! a good antivirus?? Should I get a different one? Any way that maybe Avast! over looks stuff? Cause I did a full scan last night and nothing showed up. I just kinda wonder if maybe it was there and just didnt get found. Any help you may provide will be greatly appreciated.

Thanks,
Cattielbullard

descriptionComputer Safety. EmptyRe: Computer Safety.

more_horiz
Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

descriptionComputer Safety. EmptyRe: Computer Safety.

more_horiz
ComboFix 10-02-16.03 - Cattie 02/18/2010 3:51.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1560 [GMT -6:00]
Running from: c:\documents and settings\Cattie\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100218-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\jJ4j5yXbb.jpg
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\k0O4l6.jpg
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\k0P27.jpg
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\mbMkA7ya.jpg
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\41.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\helpers32.dll
c:\windows\system32\smss32.exe
c:\windows\system32\warnings.html
c:\windows\system32\winlogon32.exe
c:\windows\Tasks\mejlqfiv.job

----- BITS: Possible infected sites -----

hxxp://77.74.48.111
hxxp://82.98.235.29
.
((((((((((((((((((((((((( Files Created from 2010-01-18 to 2010-02-18 )))))))))))))))))))))))))))))))
.

2010-02-18 09:43 . 2010-02-18 09:43 1496576 ----a-w- c:\windows\system32\ES15.exe
2010-02-14 08:00 . 2010-02-14 08:00 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-02-14 08:00 . 2010-02-14 08:00 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-02-11 06:20 . 2010-02-11 06:20 -------- d-----w- c:\documents and settings\Cattie\Local Settings\Application Data\Mozilla
2010-02-05 18:15 . 2010-02-05 18:15 -------- d-----w- c:\documents and settings\Cattie\Local Settings\Application Data\Blizzard Entertainment
2010-02-05 18:11 . 2010-02-05 18:11 -------- d-----w- c:\program files\Common Files\Stardock
2010-02-05 18:11 . 2010-02-05 18:11 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{41E8B74B-0559-4DF7-9B4B-5A5D5058F042}
2010-02-05 18:11 . 2009-10-22 19:37 3195360 -c--a-w- c:\documents and settings\All Users\Application Data\{41E8B74B-0559-4DF7-9B4B-5A5D5058F042}\MyColors.exe
2010-02-05 18:11 . 2010-02-05 18:11 -------- d-----w- c:\program files\Stardock
2010-02-05 18:11 . 2010-02-05 18:11 -------- d-----w- c:\documents and settings\Cattie\Local Settings\Application Data\PackageAware
2010-02-05 18:02 . 2010-02-05 18:02 -------- d-sh--w- c:\documents and settings\Cattie\IECompatCache
2010-02-05 18:01 . 2010-02-05 18:01 -------- d-sh--w- c:\documents and settings\Cattie\PrivacIE
2010-02-05 17:59 . 2010-02-18 09:56 -------- d-----w- c:\documents and settings\Cattie\Local Settings\Application Data\Deployment
2010-02-02 07:44 . 2010-02-02 07:45 -------- d-----w- c:\windows\system32\NtmsData
2010-01-29 16:19 . 2010-01-29 16:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Fugazo
2010-01-27 05:36 . 2010-01-27 05:36 -------- d-----w- c:\documents and settings\Cattie\Saved Games
2010-01-27 05:36 . 2010-01-27 05:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Flood Light Games
2010-01-27 05:36 . 2010-02-16 17:51 -------- d-----w- c:\program files\att games
2010-01-27 05:36 . 2010-01-27 05:36 -------- d-----w- c:\program files\Common Files\Oberon Media
2010-01-26 21:17 . 2010-01-26 21:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2010-01-25 12:14 . 2010-01-25 12:14 -------- d-----w- c:\program files\Turbo Tax Audit Support Center
2010-01-25 12:02 . 2010-01-25 12:02 -------- d-----w- c:\documents and settings\All Users\Application Data\HPSSUPPLY
2010-01-25 12:01 . 2010-01-25 12:01 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2010-01-25 12:00 . 2010-01-25 12:03 137397 ----a-w- c:\windows\HPHins15.dat
2010-01-25 12:00 . 2007-08-28 21:16 2828 ------w- c:\windows\hphmdl15.dat
2010-01-25 11:55 . 2010-01-25 12:35 -------- d-----w- c:\temp\FixEngine
2010-01-25 11:55 . 2010-01-25 11:55 -------- d-----w- C:\temp
2010-01-23 07:49 . 2010-01-23 22:04 -------- d-----w- c:\program files\World of Warcraft Public Test

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-18 09:27 . 2010-01-16 05:59 384384 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-17 14:14 . 2009-07-01 05:40 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-16 18:52 . 2009-03-28 08:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-14 07:20 . 2010-02-14 07:20 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-02-14 07:20 . 2010-02-11 06:24 -------- d-----w- c:\program files\McAfee Security Scan
2010-02-13 19:17 . 2009-10-11 05:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-11 06:24 . 2010-02-11 06:24 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-02-11 06:24 . 2010-02-11 06:24 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-02-05 22:22 . 2010-01-16 00:28 -------- d-----w- c:\program files\World of Warcraft
2010-02-05 17:59 . 2010-02-04 16:03 61152 ----a-w- c:\documents and settings\Cattie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-04 16:03 . 2010-02-04 16:03 -------- d-----w- c:\documents and settings\Cattie\Application Data\Malwarebytes
2010-02-01 00:49 . 2009-09-28 09:08 61152 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-25 12:02 . 2008-07-12 19:23 -------- d-----w- c:\program files\HP
2010-01-25 12:01 . 2008-07-12 19:26 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-01-23 08:05 . 2010-01-15 17:55 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-01-19 01:09 . 2010-01-19 01:09 -------- d-----w- c:\program files\Ventrilo
2010-01-19 01:08 . 2010-01-19 01:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-16 06:00 . 2010-01-16 05:57 -------- d-----w- c:\program files\Google
2010-01-16 02:45 . 2010-01-16 02:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-01-15 22:00 . 2009-03-27 10:26 -------- d-----w- c:\program files\Electronic Arts
2010-01-15 17:50 . 2010-01-15 17:50 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-15 17:32 . 2010-01-15 17:32 -------- d-----w- c:\program files\Alwil Software
2010-01-15 17:27 . 2010-01-15 17:23 -------- d-----w- c:\program files\2Wire
2010-01-15 17:25 . 2008-04-23 21:27 -------- d-----w- c:\program files\Yahoo!
2010-01-15 17:25 . 2008-04-23 21:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-15 00:53 . 2010-01-12 05:49 -------- d-----w- c:\program files\Crystalize
2010-01-15 00:53 . 2009-10-21 19:08 -------- d-----w- c:\program files\Selectsoft
2010-01-12 05:16 . 2010-01-12 05:16 -------- d-----w- c:\program files\Common Files\Nova Development
2010-01-12 05:15 . 2010-01-12 05:15 -------- d-----w- c:\program files\Nova Development
2010-01-09 05:49 . 2008-06-19 16:16 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment.temp
2010-01-09 04:52 . 2009-08-18 18:32 -------- d-----w- c:\program files\BFG
2010-01-09 04:23 . 2009-09-28 13:59 -------- d-----w- c:\program files\Perfect World Entertainment
2010-01-09 04:07 . 2009-07-11 20:31 815648 -csha-w- c:\windows\system32\drivers\fidbox2.dat
2010-01-09 04:07 . 2009-07-11 20:31 53468 -csha-w- c:\windows\system32\drivers\fidbox2.idx
2010-01-09 04:07 . 2009-07-11 20:31 45312544 -csha-w- c:\windows\system32\drivers\fidbox.dat
2010-01-09 04:07 . 2009-07-11 20:31 389228 -csha-w- c:\windows\system32\drivers\fidbox.idx
2010-01-09 04:07 . 2009-09-28 09:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Verizon
2010-01-07 22:07 . 2009-10-11 05:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2009-10-11 05:24 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2010-01-02 23:23 . 2009-10-27 23:40 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-31 16:50 . 2004-08-10 17:51 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2004-08-10 18:01 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-10 17:50 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2004-08-10 17:51 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-04 03:59 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-10 17:51 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2004-08-10 17:51 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-04 05:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2004-08-10 17:51 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-18 03:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-08-10 17:51 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2004-08-10 17:50 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-04 05:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-24 23:54 . 2010-01-15 17:32 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2010-01-15 17:32 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2010-01-15 17:32 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2010-01-15 17:32 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2010-01-15 17:32 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2010-01-15 17:32 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2010-01-15 17:32 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2010-01-15 17:32 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2010-01-15 17:32 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 15:51 . 2004-08-10 17:50 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
1601-01-01 00:03 . 1601-01-01 00:03 62464 --sha-w- c:\windows\system32\fiwolega.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-07 8466432]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-04-23 98304]
"ReminderApp"="c:\program files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe" [2006-11-02 156160]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

c:\documents and settings\Cattie\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-2-5 0]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2009-06-09 15:55 30000 ----a-w- c:\program files\Stardock\MyColors\fastload.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 03:16 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-04-07 02:25 69632 -c--a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 17:44 16384 -c--a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2008-02-28 18:18 17920 -c--a-w- c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-04-07 02:41 8466432 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-04-07 02:42 81920 -c--a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-04-07 02:42 1626112 -c--a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2007-09-17 16:56 124200 -c----w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-04-23 21:35 98304 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-04-07 02:25 16859648 -c--a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-05-21 16:34 148888 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft Public Test\\WoW-0.3.0.10522-enUS-ptr-downloader.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:blizzard downloader
"3724:TCP"= 3724:TCP:blizzard downloader
"57991:TCP"= 57991:TCP:Pando Media Booster
"57991:UDP"= 57991:UDP:Pando Media Booster

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1/15/2010 11:32 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/15/2010 11:32 AM 20560]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 6:49 AM 227232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-02-18 c:\windows\Tasks\User_Feed_Synchronization-{34CD53BE-07A6-4108-B6CE-D8E418EA34BA}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]

2010-02-18 c:\windows\Tasks\User_Feed_Synchronization-{96B2581F-E1FF-4224-B9F2-AB3E31D00B96}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]

2010-02-14 c:\windows\Tasks\WebReg Deskjet D1400 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-12 03:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
mStart Page = hxxp://www.google.com
Trusted Zone: buy-security-essentials.com
Trusted Zone: download-soft-package.com
Trusted Zone: download-software-package.com
Trusted Zone: get-key-se10.com
Trusted Zone: is-software-download.com
Trusted Zone: buy-security-essentials.com
Trusted Zone: get-key-se10.com
TCP: {44EFEC5D-1C0D-466E-AD76-C26DAC4AB301} = 83.149.115.157,4.2.2.1,192.168.1.254
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\documents and settings\Cattie\Application Data\Mozilla\Firefox\Profiles\3hnzx6be.default\
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-smss32.exe - c:\windows\system32\smss32.exe
HKCU-Run-Security essentials 2010 - c:\program files\Securityessentials2010\SE2010.exe
HKLM-Run-Turbine Download Manager Tray Icon - c:\program files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe
HKLM-Run-PRISMSVR.EXE - c:\windows\system32\PRISMSVR.EXE
MSConfigStartUp-AntiSpyware Service - c:\docume~1\CATTIE~1\LOCALS~1\Temp\mrxbewlfp.exe
MSConfigStartUp-AOL Spyware Protection - c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
MSConfigStartUp-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe
MSConfigStartUp-CurseClient - c:\program files\Curse\CurseClient.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-HostManager - c:\program files\Common Files\AOL\1208986487\EE\AOLHostManager.exe
MSConfigStartUp-pebjqirm - c:\documents and settings\Cattie Bullard\Local Settings\Application Data\yevshm\jcymsftav.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-VerizonServicepoint - c:\program files\Verizon\VSP\VerizonServicepoint.exe
MSConfigStartUp-Windows System Recover! - c:\docume~1\CATTIE~1\LOCALS~1\Temp\smss.exe
MSConfigStartUp-Zboard - c:\program files\Ideazon\ZEngine\Zboard.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-18 03:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\program files\Stardock\MyColors\fastload.dll

- - - - - - - > 'explorer.exe'(3796)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
.
**************************************************************************
.
Completion time: 2010-02-18 04:00:11 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-18 10:00
ComboFix2.txt 2009-10-11 03:57
ComboFix3.txt 2009-10-11 02:17

Pre-Run: 110,098,255,872 bytes free
Post-Run: 110,075,699,200 bytes free

Current=6 Default=6 Failed=5 LastKnownGood=2 Sets=1,2,5,6
- - End Of File - - 292DE6CF452E0B4DB072A2366E088A97

descriptionComputer Safety. EmptyRe: Computer Safety.

more_horiz
Hi again. Please do these steps in order.

1. Please download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


2. Computer Safety. Mbamicontw5 Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

3. Please visit this webpage for instructions for downloading and running SUPERAntiSpyware (SAS) to scan and remove malware from your computer:

http://www.bleepingcomputer.com/virus-removal/how-to-use-superantispyware-tutorial

Post the log from SUPERAntiSpyware when you've accomplished that.

4. Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


5. Post the following in your next reply:
  • MBAM log
  • SAS log
  • ESET log

And, please tell me how your computer is doing.

descriptionComputer Safety. EmptyRe: Computer Safety.

more_horiz
I downloaded TFC by OldTimer but wasnt able to run it. I am running Windows XP. This is the error message I am getting.


C:\Documents and Settings\Cattie\Desktop\TFC.exe

Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.

But I should be able to run considering I am the only user. Should I attempt to run as administrater it ask for a password but there was never a password put on that right.

descriptionComputer Safety. EmptyRe: Computer Safety.

more_horiz
Try MBAM first.

descriptionComputer Safety. EmptyRe: Computer Safety.

more_horiz
Malwarebytes' Anti-Malware 1.44
Database version: 3758
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/19/2010 2:34:54 AM
mbam-log-2010-02-19 (02-34-54).txt

Scan type: Full Scan (C:\|)
Objects scanned: 172816
Time elapsed: 33 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\helpers32.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000266.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

descriptionComputer Safety. EmptyRe: Computer Safety.

more_horiz
Now SUPERAntiSpyware and ESET, please.

descriptionComputer Safety. EmptyRe: Computer Safety.

more_horiz
Still with us? If so, please do the following:

Please download DDS by sUBs from BleepingComputer.com or Forospyware.com and save it to your Desktop.

Note: Before scanning, make sure all other running programs are closed. There shouldn't be any scheduled antivirus scans running while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click Yes to the Optional_Scan
  • Please follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your Desktop.

descriptionComputer Safety. EmptyRe: Computer Safety.

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum