WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Antivirus The shield deluxe 2010

2 posters

descriptionAntivirus The shield deluxe 2010 - Page 1 EmptyRe: Antivirus The shield deluxe 20109th April 2010, 11:01 pm

more_horiz
ComboFix 10-04-08.06 - Owner 04/09/2010 18:23:55.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.148 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bold.log
c:\documents and settings\Owner\Shortcut to .360Share.lnk
c:\program files\Internet Explorer\msimg32.dll
c:\recycler\S-1-5-21-149320165-2150893164-3376811988-1003
c:\windows\eSellerateEngine.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\csftxctl.ocx
c:\windows\system32\dakomira.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\gokehama.dll
c:\windows\system32\guniyiyu.dll
c:\windows\system32\hafatipo.dll
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\Ijl11.dll
c:\windows\system32\jonefede.dll
c:\windows\system32\kakijigu.dll
c:\windows\system32\lilawaka.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\sujegaru.dll
c:\windows\system32\tikiyabu.dll
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\wiwirira.dll
c:\windows\system32\WS2Fix.exe
c:\windows\system32\yegusaso.dll
c:\windows\system32\zeyoheko.dll
c:\windows\system32\zlibwapi.dll
c:\windows\Tasks\kobwvkgb.job
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-03-09 to 2010-04-09 )))))))))))))))))))))))))))))))
.

2010-04-08 23:23 . 2010-04-08 23:23 -------- d-----w- C:\_OTS
2010-04-07 01:52 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-07 01:52 . 2010-04-07 02:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-07 01:52 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-05 00:13 . 2010-04-05 00:14 -------- d-----w- c:\program files\Veetle
2010-03-11 14:26 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-09 22:41 . 2008-05-21 16:19 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org2
2010-04-09 22:41 . 2009-11-14 02:16 -------- d-----w- c:\program files\Common Files\Akamai
2010-04-08 22:44 . 2008-11-07 21:44 -------- d-----w- c:\program files\McAfee
2010-04-08 22:05 . 2006-07-19 00:23 2169 --sha-w- c:\windows\system32\mmf.sys
2010-04-06 20:04 . 2007-11-15 01:14 -------- d-----w- c:\documents and settings\Owner\Application Data\gtk-2.0
2010-04-02 23:24 . 2010-01-08 00:44 -------- d-----w- c:\program files\High Achiever Grammar
2010-03-01 13:37 . 2008-08-12 12:23 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-25 18:12 . 2010-02-25 18:12 -------- d-----w- c:\documents and settings\Owner\Application Data\Sony Corporation
2010-02-25 18:10 . 2010-02-25 18:10 -------- d-----w- c:\program files\Common Files\Sony Shared
2010-02-25 18:10 . 2010-02-25 18:00 -------- d-----w- c:\program files\Sony
2010-02-25 06:24 . 2004-08-26 16:12 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-11 16:40 . 2005-06-09 19:36 119776 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-06 21:36 . 2010-01-06 21:36 96256 --sha-w- c:\windows\system32\jolaneki.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"CHotkey"="zHotkey.exe" [2004-05-18 543232]
"ShowWnd"="ShowWnd.exe" [2003-09-19 36864]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 61952]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-10-18 135168]
"SoundMan"="SOUNDMAN.EXE" [2004-09-24 77824]
"AlcWzrd"="ALCWZRD.EXE" [2004-09-25 2559488]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 50688]
"HostManager"="c:\program files\Common Files\AOL\1127605169\ee\AOLSoftware.exe" [2006-09-26 50736]
"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-05-07 99480]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2007-11-16 2065648]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-17 198160]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2009-07-09 5134864]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-31 149280]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-07-30 497000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1127605169\\ee\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\America Online 9.0c\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\1127605169\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1127605169\\ee\\aim6.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1038:TCP"= 1038:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/26/2004 12:12 PM 14336]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/26/2009 12:32 AM 189736]
S2 0173251270766774mcinstcleanup;McAfee Application Installer Cleanup (0173251270766774);c:\windows\TEMP\017325~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\017325~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe --> c:\windows\runservice.exe [?]
S3 CA500AI;D-Link, WDM Still Image Capture, Version 1.00;c:\windows\system32\Drivers\MinBULK.sys --> c:\windows\system32\Drivers\MinBULK.sys [?]
S3 CA500AV;D-Link, WDM Video Capture;c:\windows\system32\DRIVERS\CA500AV.SYS --> c:\windows\system32\DRIVERS\CA500AV.SYS [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-04-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-01-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-11-08 16:22]

2010-03-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-11-08 16:22]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride =
IE: &AOL Email Toolbar Search - c:\documents and settings\All Users\Application Data\AOL Email Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: west.com
Trusted Zone: windowsupdate.com\download
Trusted Zone: workathomeagent.com
Trusted Zone: workathomeagent.net
Trusted Zone: workathomeagent.net\connect
DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} - hxxp://plug-in.reallusion.com/CrazyTalk4.cab
DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} - hxxp://p.playfirst.com/play/game/cookingdash/CookingDashWeb.1.0.0.9.cab
DPF: {26E6B759-DEEB-42A1-A21C-78CD29098411} - hxxp://p.playfirst.com/play/game/fitness-dash/FitnessDashWeb.1.0.0.11.cab
DPF: {4EC99A0B-E57C-4FBE-B9C4-8428424FBF88} - hxxp://supportcenter.verizon.net/euserv/jsp/VOLAWeb.cab
DPF: {B7A59580-B39D-4BF9-B968-1BFA25156691} - hxxp://www.reallusion.com/plug-in/rltts.cab
DPF: {C6D25826-96AE-462F-A852-BB33B882B723} - hxxp://duanereade.storefront.com/images/global/activex/SFImageUpload1_4.CAB
DPF: {E9B80D94-D8BB-43CC-9138-75605A8D9666} - hxxp://aolsvc.aol.com/onlinegames/free-trial-wedding-dash/WeddingDash.1.0.0.50.cab
DPF: {F135A813-7152-4532-AC8D-28AC2136DFC7} - hxxp://p.playfirst.com/play/game/parking-dash/parkingdash.1.0.0.15.cab
DPF: {F89EF74A-956B-4BD3-A066-4F23DF891982} - hxxp://www.betterphoto.com/_shared/uploadImageDragDrop/DragAndDropUploader2.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee1z34lm.default\
FF - prefs.js: browser.startup.homepage - hxxp://webmail.aol.com/37563/aol/en-us/Suite.aspx
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{ca3a50d1-1be1-452e-9cea-1122de2dd222} - jonefede.dll
HKCU-Run-EzineExpress - c:\documents and settings\Owner\My Documents\LivingBooksEXPRESS.exe
HKCU-Run-I&F Viewer toolbar - c:\program files\Photo Toolkit\ivbar\phototoolkitmem.exe
HKLM-Run-mavuzodoja - sujegaru.dll
HKLM-Run-saboyefif - c:\windows\system32\lilawaka.dll
SharedTaskScheduler-{3ef97252-4f50-49cc-9af3-70a432956dd6} - c:\windows\system32\jileyemu.dll
SharedTaskScheduler-{a593689c-68a6-451c-992f-5120ff944842} - c:\windows\system32\lilawaka.dll
SSODL-nuwipufuh-{3ef97252-4f50-49cc-9af3-70a432956dd6} - c:\windows\system32\jileyemu.dll
SSODL-zizovikaf-{a593689c-68a6-451c-992f-5120ff944842} - c:\windows\system32\lilawaka.dll
AddRemove-Game Console - WildGames - c:\program files\WildGames\Game Console - WildGames\Uninstall.exe
AddRemove-WildTangent wildgames Master Uninstall - c:\program files\WildGames\Uninstall.exe
AddRemove-WT060144 - c:\program files\WildGames\Penguins!\Uninstall.exe
AddRemove-WT064234 - c:\program files\WildGames\Sportball Challenge\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-09 18:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
d5,42,54,3b,7e,24,3e,19,f8
"2"=hex:f1,df,16,de,80,08,0e,2a,d1,38,b5,6f,94,ca,dc,d2,b3,e8,d2,40,6c,6f,61,
5e,d2,5e,7f,21,14,b5,b2,29
"3"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
d5,f2,55,76,c8,bc,53,92,25,3f,d1,b6,bc,00,35,73,43,96,90,79,f6,5b,97,35,47,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F\3A71B9BC7A708556C64E1FFE8777C71C]
"1"=hex:c0,52,20,b1,47,91,30,5f,58,6a,ea,d4,ff,71,4b,c6,a8,87,6f,5a,78,c6,5d,
5b,22,26,64,2f,88,eb,a4,7b
"2"=hex:ec,dc,99,df,a4,fc,c3,72
"3"=hex:0b,27,90,2f,eb,78,a8,c3,e6,d7,db,d5,1a,87,7f,00,73,26,ea,ff,c2,2a,a3,
11,f3,6e,98,59,87,03,79,7c,fc,14,fb,79,e5,20,c2,ea,32,cc,99,7a,d7,7c,55,15,\
"4"=hex:3d,90,51,aa,32,34,90,25
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:9c,0f,26,c5,43,55,e2,9e,79,40,de,a7,ca,bc,f3,99,99,4d,91,38,55,4f,0b,
a5,8f,9b,e5,fc,d6,5f,45,dd,f6,df,ab,53,85,3c,a2,16,6d,58,d5,44,e1,b2,db,fb,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,6b,8d,dd,0b,84,72,f6,
f2,3d,a6,3c,a0,07,7d,db,f3,88,a8,6c,3f,5c,60,94,94,50,c0,20,2f,ff,27,64,21,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:3d,7b,8c,93,7f,aa,3a,8c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3648)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\zHotkey.exe
c:\windows\SOUNDMAN.EXE
c:\windows\ALCWZRD.EXE
c:\progra~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
c:\program files\Brother\Brmfl06a\FAXRX.exe
c:\documents and settings\Owner\My Documents\RCA Detective\RCADetective.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.BIN
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\Microsoft SQL Server\MSSQL$SOSHOME22\Binn\sqlservr.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\common files\aol\1127605169\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\mcafee\VIRUSS~1\mcvsshld.exe
c:\progra~1\mcafee\VIRUSS~1\mcvsmap.exe
.
**************************************************************************
.
Completion time: 2010-04-09 19:01:56 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-09 23:01

Pre-Run: 104,205,504,512 bytes free
Post-Run: 104,006,688,768 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 5EF33DE22D939ABA9480A241E4EEB888

descriptionAntivirus The shield deluxe 2010 - Page 1 EmptyRe: Antivirus The shield deluxe 201010th April 2010, 4:03 am

more_horiz
Re-running ComboFix to remove infections:

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the box below into it:
    killall::

    File::
    c:\windows\system32\jolaneki.dll

    DDS::
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    Trusted Zone: microsoft.com\*.update
    Trusted Zone: microsoft.com\update
    Trusted Zone: west.com
    Trusted Zone: windowsupdate.com\download
    Trusted Zone: workathomeagent.com
    Trusted Zone: workathomeagent.net
    Trusted Zone: workathomeagent.net\connect

    Rootkit::

    Reboot::
  • Save this as CFScript.txt, in the same location as ComboFix.exe

    Antivirus The shield deluxe 2010 - Page 1 2v3rg44

  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.

descriptionAntivirus The shield deluxe 2010 - Page 1 EmptyRe: Antivirus The shield deluxe 201010th April 2010, 3:54 pm

more_horiz
ComboFix 10-04-09.06 - Owner 04/10/2010 11:30:08.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.228 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFscript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\windows\system32\jolaneki.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\jolaneki.dll
c:\windows\Temp\0318511270911703mcinst.exe

.
((((((((((((((((((((((((( Files Created from 2010-03-10 to 2010-04-10 )))))))))))))))))))))))))))))))
.

2010-04-08 23:23 . 2010-04-08 23:23 -------- d-----w- C:\_OTS
2010-04-07 01:52 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-07 01:52 . 2010-04-07 02:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-07 01:52 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-05 00:13 . 2010-04-05 00:14 -------- d-----w- c:\program files\Veetle

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-10 15:42 . 2009-11-14 02:16 -------- d-----w- c:\program files\Common Files\Akamai
2010-04-10 15:42 . 2008-05-21 16:19 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org2
2010-04-09 14:23 . 2010-03-27 13:46 439816 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.10\setup.exe
2010-04-08 22:44 . 2008-11-07 21:44 -------- d-----w- c:\program files\McAfee
2010-04-08 22:05 . 2006-07-19 00:23 2169 --sha-w- c:\windows\system32\mmf.sys
2010-04-06 20:04 . 2007-11-15 01:14 -------- d-----w- c:\documents and settings\Owner\Application Data\gtk-2.0
2010-04-02 23:24 . 2010-01-08 00:44 -------- d-----w- c:\program files\High Achiever Grammar
2010-03-01 13:37 . 2008-08-12 12:23 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-25 18:12 . 2010-02-25 18:12 -------- d-----w- c:\documents and settings\Owner\Application Data\Sony Corporation
2010-02-25 18:10 . 2010-02-25 18:10 -------- d-----w- c:\program files\Common Files\Sony Shared
2010-02-25 18:10 . 2010-02-25 18:00 -------- d-----w- c:\program files\Sony
2010-02-25 06:24 . 2004-08-26 16:12 916480 ------w- c:\windows\system32\wininet.dll
2010-01-11 16:40 . 2005-06-09 19:36 119776 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-11 16:02 . 2004-08-26 18:03 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"CHotkey"="zHotkey.exe" [2004-05-18 543232]
"ShowWnd"="ShowWnd.exe" [2003-09-19 36864]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 61952]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-10-18 135168]
"SoundMan"="SOUNDMAN.EXE" [2004-09-24 77824]
"AlcWzrd"="ALCWZRD.EXE" [2004-09-25 2559488]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 50688]
"HostManager"="c:\program files\Common Files\AOL\1127605169\ee\AOLSoftware.exe" [2006-09-26 50736]
"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-05-07 99480]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2007-11-16 2065648]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-17 198160]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-31 149280]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-07-30 497000]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
FAXRX.lnk - c:\program files\Brother\Brmfl06a\FAXRX.exe [2007-9-30 499712]
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
RCA Detective.lnk - c:\documents and settings\Owner\My Documents\RCA Detective\RCADetective.exe [2009-5-9 942592]
Seagate 2GEXMLG7 Product Registration.lnk - c:\documents and settings\Owner\Application Data\Leadertech\PowerRegister\Seagate 2GEXMLG7 Product Registration.exe [2009-12-31 1731736]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1127605169\\ee\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\America Online 9.0c\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\1127605169\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1127605169\\ee\\aim6.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1032:TCP"= 1032:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/26/2004 12:12 PM 14336]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/26/2009 12:32 AM 189736]
S2 0318511270911703mcinstcleanup;McAfee Application Installer Cleanup (0318511270911703);c:\windows\TEMP\031851~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\031851~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe --> c:\windows\runservice.exe [?]
S3 CA500AI;D-Link, WDM Still Image Capture, Version 1.00;c:\windows\system32\Drivers\MinBULK.sys --> c:\windows\system32\Drivers\MinBULK.sys [?]
S3 CA500AV;D-Link, WDM Video Capture;c:\windows\system32\DRIVERS\CA500AV.SYS --> c:\windows\system32\DRIVERS\CA500AV.SYS [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-04-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-01-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-11-08 16:22]

2010-03-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-11-08 16:22]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride =
IE: &AOL Email Toolbar Search - c:\documents and settings\All Users\Application Data\AOL Email Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} - hxxp://plug-in.reallusion.com/CrazyTalk4.cab
DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} - hxxp://p.playfirst.com/play/game/cookingdash/CookingDashWeb.1.0.0.9.cab
DPF: {26E6B759-DEEB-42A1-A21C-78CD29098411} - hxxp://p.playfirst.com/play/game/fitness-dash/FitnessDashWeb.1.0.0.11.cab
DPF: {4EC99A0B-E57C-4FBE-B9C4-8428424FBF88} - hxxp://supportcenter.verizon.net/euserv/jsp/VOLAWeb.cab
DPF: {B7A59580-B39D-4BF9-B968-1BFA25156691} - hxxp://www.reallusion.com/plug-in/rltts.cab
DPF: {C6D25826-96AE-462F-A852-BB33B882B723} - hxxp://duanereade.storefront.com/images/global/activex/SFImageUpload1_4.CAB
DPF: {E9B80D94-D8BB-43CC-9138-75605A8D9666} - hxxp://aolsvc.aol.com/onlinegames/free-trial-wedding-dash/WeddingDash.1.0.0.50.cab
DPF: {F135A813-7152-4532-AC8D-28AC2136DFC7} - hxxp://p.playfirst.com/play/game/parking-dash/parkingdash.1.0.0.15.cab
DPF: {F89EF74A-956B-4BD3-A066-4F23DF891982} - hxxp://www.betterphoto.com/_shared/uploadImageDragDrop/DragAndDropUploader2.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee1z34lm.default\
FF - prefs.js: browser.startup.homepage - hxxp://webmail.aol.com/37563/aol/en-us/Suite.aspx
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-10 11:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
d5,42,54,3b,7e,24,3e,19,f8
"2"=hex:f1,df,16,de,80,08,0e,2a,d1,38,b5,6f,94,ca,dc,d2,b3,e8,d2,40,6c,6f,61,
5e,d2,5e,7f,21,14,b5,b2,29
"3"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
d5,f2,55,76,c8,bc,53,92,25,3f,d1,b6,bc,00,35,73,43,96,90,79,f6,5b,97,35,47,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F\3A71B9BC7A708556C64E1FFE8777C71C]
"1"=hex:c0,52,20,b1,47,91,30,5f,58,6a,ea,d4,ff,71,4b,c6,a8,87,6f,5a,78,c6,5d,
5b,22,26,64,2f,88,eb,a4,7b
"2"=hex:ec,dc,99,df,a4,fc,c3,72
"3"=hex:0b,27,90,2f,eb,78,a8,c3,e6,d7,db,d5,1a,87,7f,00,73,26,ea,ff,c2,2a,a3,
11,f3,6e,98,59,87,03,79,7c,fc,14,fb,79,e5,20,c2,ea,32,cc,99,7a,d7,7c,55,15,\
"4"=hex:3d,90,51,aa,32,34,90,25
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:9c,0f,26,c5,43,55,e2,9e,79,40,de,a7,ca,bc,f3,99,99,4d,91,38,55,4f,0b,
a5,8f,9b,e5,fc,d6,5f,45,dd,f6,df,ab,53,85,3c,a2,16,6d,58,d5,44,e1,b2,db,fb,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,6b,8d,dd,0b,84,72,f6,
f2,3d,a6,3c,a0,07,7d,db,f3,88,a8,6c,3f,5c,60,94,94,50,c0,20,2f,ff,27,64,21,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:3d,7b,8c,93,7f,aa,3a,8c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1456)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\zHotkey.exe
c:\windows\SOUNDMAN.EXE
c:\windows\ALCWZRD.EXE
c:\progra~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.BIN
c:\program files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\Microsoft SQL Server\MSSQL$SOSHOME22\Binn\sqlservr.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\common files\aol\1127605169\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
.
**************************************************************************
.
Completion time: 2010-04-10 11:52:59 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-10 15:52
ComboFix2.txt 2010-04-09 23:01

Pre-Run: 103,948,922,880 bytes free
Post-Run: 103,910,719,488 bytes free

- - End Of File - - 880A99C9C636B08057D238826532870C

descriptionAntivirus The shield deluxe 2010 - Page 1 EmptyRe: Antivirus The shield deluxe 201010th April 2010, 6:37 pm

more_horiz
Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

descriptionAntivirus The shield deluxe 2010 - Page 1 EmptyRe: Antivirus The shield deluxe 201010th April 2010, 9:51 pm

more_horiz
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=53fc7e83e840904ebb14e65be92f6953
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-04-10 09:42:20
# local_time=2010-04-10 05:42:20 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16776869 100 96 0 22937829 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=123378
# found=18
# cleaned=18
# scan_time=6636
C:\Qoobox\Quarantine\C\WINDOWS\system32\dakomira.dll.vir a variant of Win32/Adware.SuperJuan.U application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\gokehama.dll.vir a variant of Win32/Kryptik.DNI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\guniyiyu.dll.vir a variant of Win32/Kryptik.DNI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\hafatipo.dll.vir a variant of Win32/Kryptik.DNI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\jolaneki.dll.vir a variant of Win32/Kryptik.DNI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\jonefede.dll.vir a variant of Win32/Kryptik.DNI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\sujegaru.dll.vir a variant of Win32/Kryptik.DNI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\wiwirira.dll.vir a variant of Win32/Kryptik.DNI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\yegusaso.dll.vir a variant of Win32/Kryptik.DNI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\zeyoheko.dll.vir a variant of Win32/Adware.SuperJuan.U application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000059.dll a variant of Win32/Adware.SuperJuan.U application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000061.dll a variant of Win32/Kryptik.DNI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000062.dll a variant of Win32/Kryptik.DNI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000072.dll a variant of Win32/Kryptik.DNI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000077.dll a variant of Win32/Kryptik.DNI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000079.dll a variant of Win32/Kryptik.DNI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000080.dll a variant of Win32/Adware.SuperJuan.U application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP4\A0000431.dll a variant of Win32/Kryptik.DNI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

descriptionAntivirus The shield deluxe 2010 - Page 1 EmptyRe: Antivirus The shield deluxe 201011th April 2010, 9:26 am

more_horiz
Luckily those threats are in contained areas, System Restore and ComboFix quarantine. Let's clean up, your logs are clean.

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE

You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done


To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

descriptionAntivirus The shield deluxe 2010 - Page 1 EmptyRe: Antivirus The shield deluxe 201012th April 2010, 1:59 am

more_horiz
Results of screen317's Security Check version 0.99.3
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
McAfee SecurityCenter
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 17
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 7.1.0
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
McAfee VIRUSS~1 mcshield.exe
McAfee VIRUSS~1 mcsysmon.exe
Common Files Verizon Online ConnMgr cmisrv.exe
Common Files Verizon Online AppMgr vzOpenUIServer.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

descriptionAntivirus The shield deluxe 2010 - Page 1 EmptyRe: Antivirus The shield deluxe 201012th April 2010, 2:04 am

more_horiz
I will be updating all programs after I know that the comp is clean. Also what virus/spy ware program do you recommend?

descriptionAntivirus The shield deluxe 2010 - Page 1 EmptyRe: Antivirus The shield deluxe 201012th April 2010, 3:28 am

more_horiz
Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Antivirus/Antispyware

  • Microsoft Security Essentials: this is Microsoft's free antivirus/antispyware program. It equips you with protection against viruses, spyware, trojans, rootkits, and worms. It is also light on the computer's performance. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.
  • AVG Free: this is one of the most powerful, and easiest to use security software. The free version equips you with protection against viruses, spyware, trojans, rootkits, worms, and rogue software. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.


Firewall

  • Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
  • Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  • PC Tools Firewall Plus: free and excellent firewall.


Note: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:


See this page for more info about malware and prevention.

Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

descriptionAntivirus The shield deluxe 2010 - Page 1 EmptyRe: Antivirus The shield deluxe 201012th April 2010, 1:31 pm

more_horiz
I am interested in joining the academy, where should I go to sign up?

descriptionAntivirus The shield deluxe 2010 - Page 1 EmptyRe: Antivirus The shield deluxe 201012th April 2010, 2:22 pm

more_horiz
Look here: http://www.GeekPolice.net/virus-spyware-malware-removal-f11/do-you-want-to-learn-how-to-fight-malware-join-GeekPolice-academy-t17111.htm

descriptionAntivirus The shield deluxe 2010 - Page 1 EmptyRe: Antivirus The shield deluxe 201013th April 2010, 11:58 am

more_horiz
I have no more questions. Thank you very much for helping me.

descriptionAntivirus The shield deluxe 2010 - Page 1 EmptyRe: Antivirus The shield deluxe 201013th April 2010, 4:11 pm

more_horiz
You're welcome.

descriptionAntivirus The shield deluxe 2010 - Page 1 EmptyRe: Antivirus The shield deluxe 2010

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum