JS/Generic

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

JS/Generic

Post by TDKnite on Thu 18 Mar 2010, 11:30 am

I have the same issue as the member that posted [You must be registered and logged in to see this link.], but I'm running Windows XP.
My AVG Free software continually finds and removes a file called 200.js which it says is infected by a virus called JS/Generic from my C drive directory; the file goes away, but something is obviously bringing it back over and over again.

Please guide me through the steps I need to take to get rid of whatever it is that is causing this problem. Thanks very much ahead of time for helping out!

TDKnite

Newbie Surfer
Newbie Surfer

Posts: 14
Joined: 2010-03-18
Operating System: Windows XP

View user profile

Back to top Go down

Re: JS/Generic

Post by chiaz on Thu 18 Mar 2010, 9:55 pm

Hi TDKnite,
Welcome.

A few things before we start....
1. Please Read All Instructions Carefully.
2. If you don't understand something, stop and ask! Don't keep going on.
3. Please do not run any other tools or scans whilst I am helping you.
4. If you have to go away for an extended period of time, let me know.
5. Please continue to respond until I give you the "All Clear".
(Just because you can't see a problem doesn't mean it isn't there)


Please download DDS and save it to your desktop from any of these links:

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

Your antivirus software might question the file. If it does, allow it.


  • Double click DDS.scr to run it and wait for the scan to finish
  • [When finished DDS.txt will open
  • A small while later, a prompt will open. Answer Yes
  • DDS will continue scanning
  • When done, Attach.txt will open
Copy and paste the DDS.txt in your reply.

chiaz

Malware Advisor
Malware Advisor

Posts: 126
Joined: 2010-03-16
Operating System: Vista

View user profile

Back to top Go down

Re: JS/Generic

Post by TDKnite on Thu 18 Mar 2010, 11:22 pm

Thank you very much for your time. Here's DDS.txt:

DDS (Ver_10-03-17.01) - NTFSx86
Run by HP_Owner at 9:17:51.67 on 03/18/2010 Thu
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.2.932.81.1033.18.894.305 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WTouch\WTouchService.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\hphmon06.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\mshta.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\Documents and Settings\HP_Owner\Desktop\dds.scr
C:\WINDOWS\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
uDefault_Page_URL = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mDefault_Page_URL = [You must be registered and logged in to see this link.]
mDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Page =
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {87b39588-5a6d-466d-abe5-1ef3e113f0e7} - c:\windows\system32\cnetcf.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Encarta Web Companion Helper Object: {955be0b8-bc85-4caf-856e-8e0d8b610560} - c:\program files\common files\microsoft shared\encarta web companion\ENCWCBAR.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: {c5850c95-19ec-4721-9c26-9038fb726f26} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: Encarta Web Companion: {147d6308-0614-4112-89b1-31402f9b82c4} - c:\program files\common files\microsoft shared\encarta web companion\ENCWCBAR.DLL
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeper.exe" /1
uRun: [Window Washer] c:\program files\webroot\washer\wwDisp.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\progra~1\common~1\instal~1\update~1\issch.exe" -start
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_11\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime alternative\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\documents and settings\hp_owner\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: &Search - ?p=ZTYYYYYYYYUS
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} - [You must be registered and logged in to see this link.]
DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - [You must be registered and logged in to see this link.]
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: biosyer - biosyer.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = :\windows\system32\srr
Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_owner\applic~1\mozilla\firefox\profiles\o43jd9p5.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\hp_owner\application data\mozilla\firefox\profiles\o43jd9p5.default\extensions\wildpocketsloader@simopsstudios.com\plugins\npWildPocketsLoader.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npdsplay.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin2.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin3.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin4.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin5.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-23 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-23 29512]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-23 242696]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-12 308064]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2010-3-12 4408616]
R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2010-3-12 112936]

============== File Associations ===============

.txt=

=============== Created Last 30 ================


==================== Find3M ====================

2010-03-15 21:12:45 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-12 19:15:00 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-12 19:14:26 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-09 20:57:18 9766 ----a-w- c:\docume~1\hp_owner\applic~1\wklnhst.dat
2010-02-24 23:55:05 88 --sh--r- c:\docume~1\alluse~1\applic~1\2434D1AF02.sys
2010-02-24 23:55:05 1890 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2010-01-05 05:37:07 245760 ----a-w- c:\windows\system32\Flux.scr
2007-07-12 23:30:49 88 --sh--r- c:\windows\system32\DC5C266260.sys
2007-07-12 23:30:49 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-18 17:31:51 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009091820090919\index.dat
2009-09-19 14:10:30 32768 --sha-w- c:\windows\temp\cookies\index.dat
2009-09-19 14:10:30 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-09-19 14:10:30 49152 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 9:18:54.31 ===============

TDKnite

Newbie Surfer
Newbie Surfer

Posts: 14
Joined: 2010-03-18
Operating System: Windows XP

View user profile

Back to top Go down

Re: JS/Generic

Post by chiaz on Thu 18 Mar 2010, 11:35 pm

OK please now download Malwarebytes' Anti-Malware by clicking the link below:
[You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* You'll be required to post the contents of this log later.

Please Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



Next let's have you download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool:

Go here ======> A guide and tutorial on using ComboFix <====== Go here

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.


Please include the MBAM log and C:\ComboFix.txt for further review, so that we may continue cleansing the system.


Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.

chiaz

Malware Advisor
Malware Advisor

Posts: 126
Joined: 2010-03-16
Operating System: Vista

View user profile

Back to top Go down

Re: JS/Generic

Post by TDKnite on Fri 19 Mar 2010, 1:12 am

MBAM log:
Malwarebytes' Anti-Malware 1.44
Database version: 3880
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

3/18/2010 10:11:59 AM
mbam-log-2010-03-18 (10-11-59).txt

Scan type: Quick Scan
Objects scanned: 153632
Time elapsed: 14 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ComboFix.txt:
ComboFix 10-03-17.07 - HP_Owner 8/2010 Thu 10:44:29.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.932.81.1033.18.894.448 [GMT -4:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\NPROTECT
c:\recycler\S-1-5-21-49000339-2789917115-1880317734-1003
c:\windows\expert
c:\windows\expert\XSNCR.INI
c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Police Pro
c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Police Pro\Windows Police Pro.lnk
c:\windows\system32\ps2.bat
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-02-18 to 2010-03-18 )))))))))))))))))))))))))))))))
.

2010-03-18 13:53 . 2010-03-18 13:53 -------- d-----w- C:\WTablet
2010-03-16 15:36 . 2010-03-16 15:36 -------- d-----w- c:\program files\iPod
2010-03-16 15:36 . 2010-03-16 15:37 -------- d-----w- c:\program files\iTunes
2010-03-16 15:36 . 2010-03-16 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-16 15:35 . 2010-03-16 15:35 -------- d-----w- c:\program files\Bonjour
2010-03-16 15:34 . 2010-03-16 15:34 -------- d-----w- c:\program files\Apple Software Update
2010-03-16 15:34 . 2010-03-16 15:34 -------- d-----w- c:\documents and settings\Mom-mom\Local Settings\Application Data\Apple
2010-03-16 15:32 . 2010-03-16 15:36 -------- d-----w- c:\program files\Common Files\Apple
2010-03-14 22:58 . 2010-03-15 00:13 -------- d-----w- c:\documents and settings\Mom-mom\Application Data\WTouch
2010-03-13 16:20 . 2010-03-15 17:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-03-13 03:21 . 2010-03-17 04:22 -------- d-----w- c:\documents and settings\Mom-mom\Application Data\WTablet
2010-03-12 20:22 . 2010-03-12 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2010-03-12 20:22 . 2010-03-12 20:22 -------- d-----w- c:\program files\Corel
2010-03-12 19:36 . 2010-03-18 14:56 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\WTablet
2010-03-12 19:36 . 2010-03-12 23:24 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\WTouch
2010-03-12 19:36 . 2009-07-15 16:13 220968 ------w- c:\windows\system32\Touch_Tablet.dll
2010-03-12 19:35 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-03-12 19:35 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2010-03-12 19:14 . 2010-03-12 19:14 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-21 05:39 . 2010-02-21 05:39 83648 ----a-w- c:\windows\system\KNPS.DLL
2010-02-21 05:39 . 2010-02-21 05:39 30544 ----a-w- c:\windows\system\DIB.DRV
2010-02-21 05:39 . 2010-02-21 05:39 55136 ----a-w- c:\windows\system\KNPG.DLL
2010-02-20 04:35 . 2010-02-20 04:35 -------- d-----w- c:\program files\Pidgin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-18 13:52 . 2009-09-19 19:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-18 03:54 . 2009-07-23 04:21 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\.purple
2010-03-18 03:47 . 2009-12-06 04:44 0 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\prvlcl.dat
2010-03-18 03:10 . 2010-03-18 03:10 2157 ----a-w- c:\documents and settings\HP_Owner\Application Data\.purple\certificates\x509\tls_peers\omega.contacts.msn.com
2010-03-18 02:44 . 2010-03-18 02:44 2145 ----a-w- c:\documents and settings\HP_Owner\Application Data\.purple\certificates\x509\tls_peers\ows.messenger.msn.com
2010-03-18 01:15 . 2010-03-18 01:15 1065 ----a-w- c:\documents and settings\HP_Owner\Application Data\.purple\certificates\x509\tls_peers\gmail.com
2010-03-18 01:15 . 2010-03-18 01:15 1089 ----a-w- c:\documents and settings\HP_Owner\Application Data\.purple\certificates\x509\tls_peers\login.yahoo.com
2010-03-18 01:15 . 2010-03-18 01:15 2095 ----a-w- c:\documents and settings\HP_Owner\Application Data\.purple\certificates\x509\tls_peers\login.live.com
2010-03-16 21:35 . 2010-02-13 22:31 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\foobar2000
2010-03-16 16:10 . 2005-07-21 05:00 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Apple Computer
2010-03-16 15:50 . 2005-07-21 18:54 -------- d-----w- c:\documents and settings\Mom-mom\Application Data\Apple Computer
2010-03-16 15:49 . 2005-07-22 01:57 85048 ----a-w- c:\documents and settings\Mom-mom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-16 15:34 . 2009-12-12 05:23 -------- d-----w- c:\program files\QuickTime Alternative
2010-03-16 15:34 . 2005-06-16 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-03-15 21:13 . 2010-03-15 21:13 503808 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-203b1fa8-n\msvcp71.dll
2010-03-15 21:13 . 2010-03-15 21:13 499712 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-203b1fa8-n\jmc.dll
2010-03-15 21:13 . 2010-03-15 21:13 348160 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-203b1fa8-n\msvcr71.dll
2010-03-15 21:13 . 2010-03-15 21:13 61440 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7a035832-n\decora-sse.dll
2010-03-15 21:13 . 2010-03-15 21:13 12800 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7a035832-n\decora-d3d.dll
2010-03-15 21:12 . 2009-02-12 14:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-15 21:01 . 2005-06-16 19:16 -------- d-----w- c:\program files\Java
2010-03-15 04:21 . 2010-03-15 04:21 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-15 02:58 . 2010-03-15 02:58 348160 ----a-w- c:\documents and settings\Mom-mom\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-69ffba6d-n\msvcr71.dll
2010-03-15 02:58 . 2010-03-15 02:58 503808 ----a-w- c:\documents and settings\Mom-mom\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-69ffba6d-n\msvcp71.dll
2010-03-15 02:58 . 2010-03-15 02:58 499712 ----a-w- c:\documents and settings\Mom-mom\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-69ffba6d-n\jmc.dll
2010-03-15 02:58 . 2010-03-15 02:58 61440 ----a-w- c:\documents and settings\Mom-mom\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-564f17db-n\decora-sse.dll
2010-03-15 02:58 . 2010-03-15 02:58 12800 ----a-w- c:\documents and settings\Mom-mom\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-564f17db-n\decora-d3d.dll
2010-03-14 16:42 . 2010-03-14 16:42 2165 ----a-w- c:\documents and settings\HP_Owner\Application Data\.purple\certificates\x509\tls_peers\rsi.hotmail.com
2010-03-12 20:52 . 2005-07-22 01:57 85048 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-12 20:52 . 2007-07-12 23:30 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Corel
2010-03-12 19:36 . 2010-03-12 19:36 -------- d-----w- c:\program files\WTouch
2010-03-12 19:36 . 2010-03-12 19:35 -------- d-----w- c:\program files\Tablet
2010-03-12 19:15 . 2010-03-12 19:15 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-03-12 19:15 . 2010-03-12 19:15 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-03-12 19:15 . 2010-03-12 19:15 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-03-12 19:15 . 2009-07-23 16:50 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-12 19:14 . 2009-07-23 16:50 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-12 19:14 . 2009-07-23 16:50 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-11 20:52 . 2005-06-16 19:16 -------- d-----w- c:\program files\Common Files\Java
2010-03-09 20:57 . 2005-08-18 00:26 9766 ----a-w- c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
2010-03-07 18:24 . 2009-09-24 01:16 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Dropbox
2010-03-07 18:23 . 2009-09-24 01:16 91696 ----a-w- c:\documents and settings\HP_Owner\Application Data\Dropbox\bin\Uninstall.exe
2010-03-07 18:22 . 2010-03-07 18:22 13264416 ----a-w- c:\documents and settings\HP_Owner\Application Data\Dropbox\cache\Dropbox-update-0.7.110.exe
2010-02-26 05:10 . 2010-02-26 05:10 21979992 ----a-w- c:\documents and settings\HP_Owner\Application Data\Dropbox\bin\Dropbox.exe
2010-02-24 23:55 . 2009-12-07 06:11 88 --sh--r- c:\documents and settings\All Users\Application Data\2434D1AF02.sys
2010-02-24 23:55 . 2009-12-07 06:11 88 --sh--r- c:\documents and settings\All Users\Application Data\2434D1AF02.sys
2010-02-24 23:55 . 2009-12-07 06:11 1890 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-02-24 23:55 . 2009-12-07 06:11 1890 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-02-23 20:42 . 2006-02-08 16:09 -------- d-----w- c:\program files\Watchtower
2010-02-19 02:50 . 2007-08-22 15:46 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\gtk-2.0
2010-02-15 22:41 . 2010-02-15 22:41 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-13 22:31 . 2010-02-13 22:31 -------- d-----w- c:\program files\foobar2000
2010-02-13 18:48 . 2006-11-12 19:42 -------- d--h--r- c:\documents and settings\HP_Owner\Application Data\yahoo!
2010-02-13 18:48 . 2006-05-05 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2010-02-13 18:48 . 2006-05-05 17:57 -------- d-----w- c:\program files\Yahoo!
2010-02-13 18:44 . 2009-04-12 17:34 -------- d-----w- c:\program files\Pando Networks
2010-02-13 18:29 . 2005-06-16 19:53 -------- d-----w- c:\program files\Easy Internet signup
2010-02-13 01:05 . 2010-02-13 01:05 -------- d-----w- c:\program files\Livestream Procaster
2010-02-11 01:55 . 2008-02-29 20:19 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\uTorrent
2010-02-08 22:49 . 2009-08-24 21:45 -------- d-----w- c:\program files\LMMS 0.4.5
2010-02-08 22:48 . 2010-02-08 22:48 -------- d-----w- c:\program files\LMMS 0.4.6
2010-02-06 16:02 . 2010-02-06 16:02 -------- d-----w- c:\program files\SystemRequirementsLab
2010-02-06 16:02 . 2010-02-06 16:02 138240 ----a-w- c:\documents and settings\HP_Owner\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2010-02-06 16:02 . 2010-02-06 16:02 138240 ----a-w- c:\documents and settings\HP_Owner\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2010-02-06 16:02 . 2010-02-06 16:02 138240 ----a-w- c:\documents and settings\HP_Owner\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2010-02-06 16:02 . 2010-02-06 16:02 138240 ----a-w- c:\documents and settings\HP_Owner\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2010-02-06 16:02 . 2010-02-06 16:02 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\SystemRequirementsLab
2010-01-29 21:03 . 2009-05-21 18:21 1025536 ----a-w- c:\documents and settings\HP_Owner\Application Data\Scirra\Temp.exe
2010-01-29 21:03 . 2008-12-19 16:18 106496 ----a-w- c:\documents and settings\HP_Owner\Application Data\Scirra\Installer.exe
2010-01-29 21:03 . 2008-11-02 13:29 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Scirra
2010-01-20 01:50 . 2008-06-02 03:41 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\OpenOffice.org2
2010-01-20 01:49 . 2008-06-02 03:41 1 ----a-w- c:\documents and settings\HP_Owner\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-01-07 20:07 . 2009-09-19 19:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 20:07 . 2009-09-19 19:32 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 05:37 . 2005-03-20 20:15 245760 ----a-w- c:\windows\system32\Flux.scr
2010-01-04 22:50 . 2009-11-27 01:44 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-27 22:36 . 2009-12-27 22:36 73728 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\6.0\42\41bdaaea-320456ce-n\OpenAL32.dll
2009-12-27 22:36 . 2009-12-27 22:36 45056 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\6.0\42\41bdaaea-320456ce-n\joal_native.dll
2009-12-27 22:36 . 2009-12-27 22:36 409600 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\6.0\42\41bdaaea-320456ce-n\wrap_oal.dll
2007-07-12 23:30 . 2007-07-12 23:30 88 --sh--r- c:\windows\system32\DC5C266260.sys
2007-07-12 23:30 . 2007-07-12 23:30 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB941644$\tcpip.sys

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\system32\dllcache\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[7] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[7] 2004-08-04 04:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\system32\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[7] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\mswsock.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Owner\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Owner\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Owner\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeper.exe" [2005-01-06 3552256]
"Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2003-10-08 198144]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-06-16 180269]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-07-27 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]

c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2005-9-20 256000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-12 19:14 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-15 22:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Livestream Procaster]
2009-12-17 20:44 6477088 ----a-w- c:\program files\Livestream Procaster\Procaster.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\HP_Owner\\Desktop\\Desktop\\new indie\\vanpri101\\ヴァンガードプリンセス\\LunaPort.exe"=
"c:\\Program Files\\Pidgin\\pidgin.exe"=
"c:\\Documents and Settings\\HP_Owner\\My Documents\\Webby Fun\\nvu-1.0\\nvu.exe"=
"c:\\Program Files\\WorldOfGoo\\WorldOfGoo.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Documents and Settings\\HP_Owner\\Desktop\\Desktop\\doujin\\AkatsukiBK\\Akatsuki BK\\akatsukibk.exe"=
"c:\\Program Files\\Opera 10 Beta\\opera.exe"=
"c:\\Documents and Settings\\HP_Owner\\Desktop\\Desktop\\Guilty_Gear_XX_Reload\\Guilty_Gear_XX_Reload\\ggxx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6900:TCP"= 6900:TCP:login-server_sql
"6121:TCP"= 6121:TCP:char-server_sql
"5121:TCP"= 5121:TCP:map-server_sql
"7500:UDP"= 7500:UDP:Lunaport
"1110:TCP"= 1110:TCP:Wanderlust
"1110:UDP"= 1110:UDP:Wanderlust

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/26/2009 9:44 PM 691696]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/23/2009 12:50 PM 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/23/2009 12:50 PM 242696]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/12/2010 3:14 PM 308064]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [3/12/2010 3:35 PM 4408616]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [3/12/2010 3:36 PM 112936]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\o43jd9p5.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\o43jd9p5.default\extensions\wildpocketsloader@simopsstudios.com\plugins\npWildPocketsLoader.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -

BHO-{87B39588-5A6D-466D-ABE5-1EF3E113F0E7} - c:\windows\system32\cnetcf.dll
BHO-{c5850c95-19ec-4721-9c26-9038fb726f26} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Notify-biosyer - biosyer.dll
Notify-dimsntfy - (no file)
MSConfigStartUp-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
MSConfigStartUp-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
AddRemove-LifeGlobe Goldfish Aquarium - c:\program files\Prolific Publishing
AddRemove-MAGIX audio cleaning lab 10 - c:\magix\aclab10\instslct.exe
AddRemove-_{E1A63F75-1F72-4450-980D-434496FFC646} - c:\program files\Corel\Corel Painter Essentials 4\MSILauncher {E1A63F75-1F72-4450-980D-434496FFC646}
AddRemove-{64D3F439-6BB0-4F9A-B51B-DE30B6F38243} - c:\documents and settings\HP_Owner\Local Settings\Application Data\{4AFCE0F4-39DD-49F6-A098-FB07AC26E2C3}\XmlStudio.exe
AddRemove-{661CFD1B-9450-4997-8FF8-E9A902D626AF} - c:\documents and settings\HP_Owner\Local Settings\Application Data\{CEA7A10C-4EA3-4237-B870-DD6F5F06AC54}\XmlDataBinder.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-03-18 10:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x855821F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7660fc3
\Driver\ACPI -> ACPI.sys @ 0xf73c8cb8
\Driver\atapi -> 0x855821f8
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
SecurityProcedure -> ntkrnlpa.exe @ 0x80578264
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
SecurityProcedure -> ntkrnlpa.exe @ 0x80578264
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf726abc3
PacketIndicateHandler -> NDIS.sys @ 0xf7276b21
SendHandler -> NDIS.sys @ 0xf726ad33
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-815478324-241836720-3004507354-1009\Software\InterVideo\Common\AUDIODEC\・*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-815478324-241836720-3004507354-1009\Software\SecuROM\License information*]
"datasecu"=hex:a1,22,19,07,81,28,c7,35,8e,73,4f,27,85,45,42,c5,9c,76,cc,14,87,
44,d7,ae,6c,81,a1,7f,89,73,35,b3,1d,3c,d8,5d,87,ee,55,7c,fe,ea,37,5e,e8,87,\
"rkeysecu"=hex:bc,9a,c5,64,d2,95,55,68,e7,36,14,89,a7,c6,31,0c
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2656)
c:\documents and settings\HP_Owner\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\WTouch\WTouchUser.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\conime.exe
c:\windows\system32\PSIService.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-03-18 11:05:34 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-18 15:05

Pre-Run: 102,720,118,784 bytes free
Post-Run: 102,874,513,408 bytes free

- - End Of File - - 779E7D481447D4ECE4BC9FE76F7F6F9D

TDKnite

Newbie Surfer
Newbie Surfer

Posts: 14
Joined: 2010-03-18
Operating System: Windows XP

View user profile

Back to top Go down

Re: JS/Generic

Post by chiaz on Fri 19 Mar 2010, 5:39 am

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

FCopy::
c:\windows\system32\dllcache\tcpip.sys|c:\windows\system32\drivers\tcpip.sys
c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll|c:\windows\system32\es.dll
c:\windows\system32\dllcache\mswsock.dll|c:\windows\system32\mswsock.dll
File::
c:\documents and settings\All Users\Application Data\2434D1AF02.sys
c:\windows\system32\DC5C266260.sys

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt in your new reply.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall. Altering this script in any way could damage your computer.*

chiaz

Malware Advisor
Malware Advisor

Posts: 126
Joined: 2010-03-16
Operating System: Vista

View user profile

Back to top Go down

Re: JS/Generic

Post by TDKnite on Fri 19 Mar 2010, 12:16 pm

Hey Chiaz, I'm really sorry. I did the combofix properly and all, but when my internet connection went out after using it like the guide that you linked to said it might, I was about to restore my internet connection in the way they instructed, but someone came in my room and distracted me... By accident, I right clicked the Internet Connections icon and clicked Disable (don't ask me how I managed to do such a completely stupid thing, I think I must be mental), which then made the icon completely disappear, and after spending some hours on the phone with a Verizon employee trying to get it to work again, it's still not working on my PC.
However, I'm using my sister's PC which is connected via my wireless router at the moment, and it's working as you can see, so I'm just letting you know what happened.
I'll paste the ComboFix.txt for you when my PC can connect to the internet again. Thank you very much for your help so far, and really sorry about this.

TDKnite

Newbie Surfer
Newbie Surfer

Posts: 14
Joined: 2010-03-18
Operating System: Windows XP

View user profile

Back to top Go down

Re: JS/Generic

Post by chiaz on Fri 19 Mar 2010, 8:59 pm

OK, do keep me in the know. Thanks.

chiaz

Malware Advisor
Malware Advisor

Posts: 126
Joined: 2010-03-16
Operating System: Vista

View user profile

Back to top Go down

Re: JS/Generic

Post by TDKnite on Sun 21 Mar 2010, 2:56 pm

Thanks for your patience!
I finally got the internet working on my PC again (the internet connections icon is still gone for some reason, but whatever), but I had to system restore to the point that was made just before I followed your last directions in ComboFix, so I'm not sure if some changes were undone or not.
Would you still like me to post the report that was made after I followed the last step, or do you need a fresh ComboFix report?

TDKnite

Newbie Surfer
Newbie Surfer

Posts: 14
Joined: 2010-03-18
Operating System: Windows XP

View user profile

Back to top Go down

Re: JS/Generic

Post by chiaz on Sun 21 Mar 2010, 9:02 pm

Yes, let's see a new ComboFix report before we do anything else.

chiaz

Malware Advisor
Malware Advisor

Posts: 126
Joined: 2010-03-16
Operating System: Vista

View user profile

Back to top Go down

Re: JS/Generic

Post by TDKnite on Mon 22 Mar 2010, 6:31 am

ComboFix 10-03-20.06 - HP_Owner 1/2010 Sun 16:18:05.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.932.81.1033.18.894.410 [GMT -4:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-02-21 to 2010-03-21 )))))))))))))))))))))))))))))))
.

2010-03-21 04:37 . 2010-03-21 04:37 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-20 21:16 . 2010-03-21 04:36 -------- d-----w- C:\RECYCLER(2)
2010-03-18 13:53 . 2010-03-18 13:53 -------- d-----w- C:\WTablet
2010-03-18 03:10 . 2010-03-18 03:10 2157 ----a-w- c:\documents and settings\HP_Owner\Application Data\.purple\certificates\x509\tls_peers\omega.contacts.msn.com
2010-03-18 02:44 . 2010-03-18 02:44 2145 ----a-w- c:\documents and settings\HP_Owner\Application Data\.purple\certificates\x509\tls_peers\ows.messenger.msn.com
2010-03-18 01:15 . 2010-03-18 01:15 1065 ----a-w- c:\documents and settings\HP_Owner\Application Data\.purple\certificates\x509\tls_peers\gmail.com
2010-03-18 01:15 . 2010-03-18 01:15 1089 ----a-w- c:\documents and settings\HP_Owner\Application Data\.purple\certificates\x509\tls_peers\login.yahoo.com
2010-03-18 01:15 . 2010-03-18 01:15 2095 ----a-w- c:\documents and settings\HP_Owner\Application Data\.purple\certificates\x509\tls_peers\login.live.com
2010-03-16 15:36 . 2010-03-16 15:36 -------- d-----w- c:\program files\iPod
2010-03-16 15:36 . 2010-03-16 15:37 -------- d-----w- c:\program files\iTunes
2010-03-16 15:36 . 2010-03-16 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-16 15:35 . 2010-03-16 15:35 -------- d-----w- c:\program files\Bonjour
2010-03-16 15:34 . 2010-03-16 15:34 -------- d-----w- c:\program files\Apple Software Update
2010-03-16 15:34 . 2010-03-16 15:34 -------- d-----w- c:\documents and settings\Mom-mom\Local Settings\Application Data\Apple
2010-03-16 15:32 . 2010-03-16 15:36 -------- d-----w- c:\program files\Common Files\Apple
2010-03-15 21:13 . 2010-03-15 21:13 503808 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-203b1fa8-n\msvcp71.dll
2010-03-15 21:13 . 2010-03-15 21:13 499712 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-203b1fa8-n\jmc.dll
2010-03-15 21:13 . 2010-03-15 21:13 348160 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-203b1fa8-n\msvcr71.dll
2010-03-15 21:13 . 2010-03-15 21:13 61440 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7a035832-n\decora-sse.dll
2010-03-15 21:13 . 2010-03-15 21:13 12800 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7a035832-n\decora-d3d.dll
2010-03-15 04:21 . 2010-03-15 04:21 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-15 02:58 . 2010-03-15 02:58 348160 ----a-w- c:\documents and settings\Mom-mom\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-69ffba6d-n\msvcr71.dll
2010-03-15 02:58 . 2010-03-15 02:58 503808 ----a-w- c:\documents and settings\Mom-mom\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-69ffba6d-n\msvcp71.dll
2010-03-15 02:58 . 2010-03-15 02:58 499712 ----a-w- c:\documents and settings\Mom-mom\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-69ffba6d-n\jmc.dll
2010-03-15 02:58 . 2010-03-15 02:58 61440 ----a-w- c:\documents and settings\Mom-mom\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-564f17db-n\decora-sse.dll
2010-03-15 02:58 . 2010-03-15 02:58 12800 ----a-w- c:\documents and settings\Mom-mom\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-564f17db-n\decora-d3d.dll
2010-03-14 22:58 . 2010-03-15 00:13 -------- d-----w- c:\documents and settings\Mom-mom\Application Data\WTouch
2010-03-14 16:42 . 2010-03-14 16:42 2165 ----a-w- c:\documents and settings\HP_Owner\Application Data\.purple\certificates\x509\tls_peers\rsi.hotmail.com
2010-03-13 16:20 . 2010-03-21 20:14 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-03-13 03:21 . 2010-03-21 04:35 -------- d-----w- c:\documents and settings\Mom-mom\Application Data\WTablet
2010-03-12 20:22 . 2010-03-12 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2010-03-12 20:22 . 2010-03-12 20:22 -------- d-----w- c:\program files\Corel
2010-03-12 19:36 . 2010-03-21 20:14 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\WTablet
2010-03-12 19:36 . 2010-03-12 23:24 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\WTouch
2010-03-12 19:36 . 2009-07-15 16:13 220968 ------w- c:\windows\system32\Touch_Tablet.dll
2010-03-12 19:35 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-03-12 19:35 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2010-03-12 19:15 . 2010-03-12 19:15 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-03-12 19:15 . 2010-03-12 19:15 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-03-12 19:15 . 2010-03-12 19:15 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-03-12 19:14 . 2010-03-12 19:14 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-07 18:22 . 2010-03-07 18:22 13264416 ----a-w- c:\documents and settings\HP_Owner\Application Data\Dropbox\cache\Dropbox-update-0.7.110.exe
2010-02-26 05:10 . 2010-02-26 05:10 21979992 ----a-w- c:\documents and settings\HP_Owner\Application Data\Dropbox\bin\Dropbox.exe
2010-02-21 05:39 . 2010-02-21 05:39 83648 ----a-w- c:\windows\system\KNPS.DLL
2010-02-21 05:39 . 2010-02-21 05:39 30544 ----a-w- c:\windows\system\DIB.DRV
2010-02-21 05:39 . 2010-02-21 05:39 55136 ----a-w- c:\windows\system\KNPG.DLL
2010-02-20 04:35 . 2010-02-20 04:35 -------- d-----w- c:\program files\Pidgin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-21 14:47 . 2009-12-06 04:44 0 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\prvlcl.dat
2010-03-21 04:37 . 2007-08-22 15:46 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\gtk-2.0
2010-03-20 22:21 . 2009-02-19 19:16 -------- d-----w- c:\program files\Unity
2010-03-19 22:38 . 2010-02-13 22:31 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\foobar2000
2010-03-18 13:52 . 2009-09-19 19:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-18 03:54 . 2009-07-23 04:21 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\.purple
2010-03-16 16:10 . 2005-07-21 05:00 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Apple Computer
2010-03-16 15:50 . 2005-07-21 18:54 -------- d-----w- c:\documents and settings\Mom-mom\Application Data\Apple Computer
2010-03-16 15:49 . 2005-07-22 01:57 85048 ----a-w- c:\documents and settings\Mom-mom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-16 15:34 . 2009-12-12 05:23 -------- d-----w- c:\program files\QuickTime Alternative
2010-03-16 15:34 . 2005-06-16 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-03-15 21:12 . 2009-02-12 14:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-15 21:01 . 2005-06-16 19:16 -------- d-----w- c:\program files\Java
2010-03-12 20:52 . 2005-07-22 01:57 85048 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-12 20:52 . 2007-07-12 23:30 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Corel
2010-03-12 19:36 . 2010-03-12 19:36 -------- d-----w- c:\program files\WTouch
2010-03-12 19:36 . 2010-03-12 19:35 -------- d-----w- c:\program files\Tablet
2010-03-12 19:15 . 2009-07-23 16:50 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-12 19:14 . 2009-07-23 16:50 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-12 19:14 . 2009-07-23 16:50 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-11 20:52 . 2005-06-16 19:16 -------- d-----w- c:\program files\Common Files\Java
2010-03-09 20:57 . 2005-08-18 00:26 9766 ----a-w- c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
2010-03-07 18:24 . 2009-09-24 01:16 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Dropbox
2010-03-07 18:23 . 2009-09-24 01:16 91696 ----a-w- c:\documents and settings\HP_Owner\Application Data\Dropbox\bin\Uninstall.exe
2010-02-24 23:55 . 2009-12-07 06:11 88 --sh--r- c:\documents and settings\All Users\Application Data\2434D1AF02.sys
2010-02-24 23:55 . 2009-12-07 06:11 88 --sh--r- c:\documents and settings\All Users\Application Data\2434D1AF02.sys
2010-02-24 23:55 . 2009-12-07 06:11 1890 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-02-24 23:55 . 2009-12-07 06:11 1890 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-02-23 20:42 . 2006-02-08 16:09 -------- d-----w- c:\program files\Watchtower
2010-02-15 22:41 . 2010-02-15 22:41 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-13 22:31 . 2010-02-13 22:31 -------- d-----w- c:\program files\foobar2000
2010-02-13 18:48 . 2006-11-12 19:42 -------- d--h--r- c:\documents and settings\HP_Owner\Application Data\yahoo!
2010-02-13 18:48 . 2006-05-05 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2010-02-13 18:48 . 2006-05-05 17:57 -------- d-----w- c:\program files\Yahoo!
2010-02-13 18:44 . 2009-04-12 17:34 -------- d-----w- c:\program files\Pando Networks
2010-02-13 18:29 . 2005-06-16 19:53 -------- d-----w- c:\program files\Easy Internet signup
2010-02-13 01:05 . 2010-02-13 01:05 -------- d-----w- c:\program files\Livestream Procaster
2010-02-11 01:55 . 2008-02-29 20:19 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\uTorrent
2010-02-08 22:49 . 2009-08-24 21:45 -------- d-----w- c:\program files\LMMS 0.4.5
2010-02-08 22:48 . 2010-02-08 22:48 -------- d-----w- c:\program files\LMMS 0.4.6
2010-02-06 16:02 . 2010-02-06 16:02 -------- d-----w- c:\program files\SystemRequirementsLab
2010-02-06 16:02 . 2010-02-06 16:02 138240 ----a-w- c:\documents and settings\HP_Owner\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2010-02-06 16:02 . 2010-02-06 16:02 138240 ----a-w- c:\documents and settings\HP_Owner\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2010-02-06 16:02 . 2010-02-06 16:02 138240 ----a-w- c:\documents and settings\HP_Owner\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2010-02-06 16:02 . 2010-02-06 16:02 138240 ----a-w- c:\documents and settings\HP_Owner\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2010-02-06 16:02 . 2010-02-06 16:02 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\SystemRequirementsLab
2010-01-29 21:03 . 2009-05-21 18:21 1025536 ----a-w- c:\documents and settings\HP_Owner\Application Data\Scirra\Temp.exe
2010-01-29 21:03 . 2008-12-19 16:18 106496 ----a-w- c:\documents and settings\HP_Owner\Application Data\Scirra\Installer.exe
2010-01-29 21:03 . 2008-11-02 13:29 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Scirra
2010-01-20 01:49 . 2008-06-02 03:41 1 ----a-w- c:\documents and settings\HP_Owner\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-01-07 20:07 . 2009-09-19 19:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 20:07 . 2009-09-19 19:32 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 05:37 . 2005-03-20 20:15 245760 ----a-w- c:\windows\system32\Flux.scr
2010-01-04 22:50 . 2009-11-27 01:44 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-27 22:36 . 2009-12-27 22:36 73728 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\6.0\42\41bdaaea-320456ce-n\OpenAL32.dll
2009-12-27 22:36 . 2009-12-27 22:36 45056 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\6.0\42\41bdaaea-320456ce-n\joal_native.dll
2009-12-27 22:36 . 2009-12-27 22:36 409600 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\6.0\42\41bdaaea-320456ce-n\wrap_oal.dll
2007-07-12 23:30 . 2007-07-12 23:30 88 --sh--r- c:\windows\system32\DC5C266260.sys
2007-07-12 23:30 . 2007-07-12 23:30 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB941644$\tcpip.sys

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\system32\dllcache\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[7] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[7] 2004-08-04 04:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\system32\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[7] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\mswsock.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Owner\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Owner\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Owner\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeper.exe" [2005-01-06 3552256]
"Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2003-10-08 198144]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-06-16 180269]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-07-27 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]

c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2005-9-20 256000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-12 19:14 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\biosyer]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[BU]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-15 22:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Livestream Procaster]
2009-12-17 20:44 6477088 ----a-w- c:\program files\Livestream Procaster\Procaster.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\HP_Owner\\Desktop\\Desktop\\new indie\\vanpri101\\ヴァンガードプリンセス\\LunaPort.exe"=
"c:\\Program Files\\Pidgin\\pidgin.exe"=
"c:\\Documents and Settings\\HP_Owner\\My Documents\\Webby Fun\\nvu-1.0\\nvu.exe"=
"c:\\Program Files\\WorldOfGoo\\WorldOfGoo.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Documents and Settings\\HP_Owner\\Desktop\\Desktop\\doujin\\AkatsukiBK\\Akatsuki BK\\akatsukibk.exe"=
"c:\\Program Files\\Opera 10 Beta\\opera.exe"=
"c:\\Documents and Settings\\HP_Owner\\Desktop\\Desktop\\Guilty_Gear_XX_Reload\\Guilty_Gear_XX_Reload\\ggxx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6900:TCP"= 6900:TCP:login-server_sql
"6121:TCP"= 6121:TCP:char-server_sql
"5121:TCP"= 5121:TCP:map-server_sql
"7500:UDP"= 7500:UDP:Lunaport
"1110:TCP"= 1110:TCP:Wanderlust
"1110:UDP"= 1110:UDP:Wanderlust

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/23/2009 12:50 PM 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/23/2009 12:50 PM 242696]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/12/2010 3:14 PM 308064]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [3/12/2010 3:35 PM 4408616]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [3/12/2010 3:36 PM 112936]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/26/2009 9:44 PM 691696]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\o43jd9p5.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\o43jd9p5.default\extensions\wildpocketsloader@simopsstudios.com\plugins\npWildPocketsLoader.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -

BHO-{87B39588-5A6D-466D-ABE5-1EF3E113F0E7} - (no file)
BHO-{c5850c95-19ec-4721-9c26-9038fb726f26} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-03-21 16:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-815478324-241836720-3004507354-1009\Software\InterVideo\Common\AUDIODEC\・*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-815478324-241836720-3004507354-1009\Software\SecuROM\License information*]
"datasecu"=hex:a1,22,19,07,81,28,c7,35,8e,73,4f,27,85,45,42,c5,9c,76,cc,14,87,
44,d7,ae,6c,81,a1,7f,89,73,35,b3,1d,3c,d8,5d,87,ee,55,7c,fe,ea,37,5e,e8,87,\
"rkeysecu"=hex:bc,9a,c5,64,d2,95,55,68,e7,36,14,89,a7,c6,31,0c
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(696)
c:\documents and settings\HP_Owner\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-03-21 16:28:38
ComboFix-quarantined-files.txt 2010-03-21 20:28
ComboFix2.txt 2010-03-20 20:53
ComboFix3.txt 2010-03-20 03:43
ComboFix4.txt 2010-03-18 20:23
ComboFix5.txt 2010-03-21 20:17

Pre-Run: 102,692,806,656 bytes free
Post-Run: 102,661,652,480 bytes free

- - End Of File - - 9370C1905B6FAE460B576E45D0DFE496

TDKnite

Newbie Surfer
Newbie Surfer

Posts: 14
Joined: 2010-03-18
Operating System: Windows XP

View user profile

Back to top Go down

Re: JS/Generic

Post by chiaz on Mon 22 Mar 2010, 6:34 am

OK all good - you can follow my instructions here and post back with the generated log:
[You must be registered and logged in to see this link.]

chiaz

Malware Advisor
Malware Advisor

Posts: 126
Joined: 2010-03-16
Operating System: Vista

View user profile

Back to top Go down

Re: JS/Generic

Post by TDKnite on Mon 22 Mar 2010, 6:59 am

ComboFix 10-03-20.06 - HP_Owner 1/2010 Sun 16:47:24.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.932.81.1033.18.894.347 [GMT -4:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\documents and settings\All Users\Application Data\2434D1AF02.sys"
"c:\windows\system32\DC5C266260.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\2434D1AF02.sys
c:\windows\system32\DC5C266260.sys

.
--------------- FCopy ---------------

c:\windows\system32\dllcache\tcpip.sys --> c:\windows\system32\drivers\tcpip.sys
c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll --> c:\windows\system32\es.dll
c:\windows\system32\dllcache\mswsock.dll --> c:\windows\system32\mswsock.dll
.
((((((((((((((((((((((((( Files Created from 2010-02-21 to 2010-03-21 )))))))))))))))))))))))))))))))
.

2010-03-21 04:37 . 2010-03-21 04:37 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-20 21:16 . 2010-03-21 04:36 -------- d-----w- C:\RECYCLER(2)
2010-03-18 13:53 . 2010-03-18 13:53 -------- d-----w- C:\WTablet
2010-03-18 03:10 . 2010-03-18 03:10 2157 ----a-w- c:\documents and settings\HP_Owner\Application Data\.purple\certificates\x509\tls_peers\omega.contacts.msn.com
2010-03-18 02:44 . 2010-03-18 02:44 2145 ----a-w- c:\documents and settings\HP_Owner\Application Data\.purple\certificates\x509\tls_peers\ows.messenger.msn.com
2010-03-18 01:15 . 2010-03-18 01:15 1065 ----a-w- c:\documents and settings\HP_Owner\Application Data\.purple\certificates\x509\tls_peers\gmail.com
2010-03-18 01:15 . 2010-03-18 01:15 1089 ----a-w- c:\documents and settings\HP_Owner\Application Data\.purple\certificates\x509\tls_peers\login.yahoo.com
2010-03-18 01:15 . 2010-03-18 01:15 2095 ----a-w- c:\documents and settings\HP_Owner\Application Data\.purple\certificates\x509\tls_peers\login.live.com
2010-03-16 15:36 . 2010-03-16 15:36 -------- d-----w- c:\program files\iPod
2010-03-16 15:36 . 2010-03-16 15:37 -------- d-----w- c:\program files\iTunes
2010-03-16 15:36 . 2010-03-16 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-16 15:35 . 2010-03-16 15:35 -------- d-----w- c:\program files\Bonjour
2010-03-16 15:34 . 2010-03-16 15:34 -------- d-----w- c:\program files\Apple Software Update
2010-03-16 15:34 . 2010-03-16 15:34 -------- d-----w- c:\documents and settings\Mom-mom\Local Settings\Application Data\Apple
2010-03-16 15:32 . 2010-03-16 15:36 -------- d-----w- c:\program files\Common Files\Apple
2010-03-15 21:13 . 2010-03-15 21:13 503808 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-203b1fa8-n\msvcp71.dll
2010-03-15 21:13 . 2010-03-15 21:13 499712 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-203b1fa8-n\jmc.dll
2010-03-15 21:13 . 2010-03-15 21:13 348160 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-203b1fa8-n\msvcr71.dll
2010-03-15 21:13 . 2010-03-15 21:13 61440 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7a035832-n\decora-sse.dll
2010-03-15 21:13 . 2010-03-15 21:13 12800 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7a035832-n\decora-d3d.dll
2010-03-15 04:21 . 2010-03-15 04:21 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-15 02:58 . 2010-03-15 02:58 348160 ----a-w- c:\documents and settings\Mom-mom\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-69ffba6d-n\msvcr71.dll
2010-03-15 02:58 . 2010-03-15 02:58 503808 ----a-w- c:\documents and settings\Mom-mom\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-69ffba6d-n\msvcp71.dll
2010-03-15 02:58 . 2010-03-15 02:58 499712 ----a-w- c:\documents and settings\Mom-mom\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-69ffba6d-n\jmc.dll
2010-03-15 02:58 . 2010-03-15 02:58 61440 ----a-w- c:\documents and settings\Mom-mom\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-564f17db-n\decora-sse.dll
2010-03-15 02:58 . 2010-03-15 02:58 12800 ----a-w- c:\documents and settings\Mom-mom\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-564f17db-n\decora-d3d.dll
2010-03-14 22:58 . 2010-03-15 00:13 -------- d-----w- c:\documents and settings\Mom-mom\Application Data\WTouch
2010-03-14 16:42 . 2010-03-14 16:42 2165 ----a-w- c:\documents and settings\HP_Owner\Application Data\.purple\certificates\x509\tls_peers\rsi.hotmail.com
2010-03-13 16:20 . 2010-03-21 20:14 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-03-13 03:21 . 2010-03-21 04:35 -------- d-----w- c:\documents and settings\Mom-mom\Application Data\WTablet
2010-03-12 20:22 . 2010-03-12 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2010-03-12 20:22 . 2010-03-12 20:22 -------- d-----w- c:\program files\Corel
2010-03-12 19:36 . 2010-03-21 20:14 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\WTablet
2010-03-12 19:36 . 2010-03-12 23:24 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\WTouch
2010-03-12 19:36 . 2009-07-15 16:13 220968 ------w- c:\windows\system32\Touch_Tablet.dll
2010-03-12 19:35 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-03-12 19:35 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2010-03-12 19:15 . 2010-03-12 19:15 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-03-12 19:15 . 2010-03-12 19:15 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-03-12 19:15 . 2010-03-12 19:15 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-03-12 19:14 . 2010-03-12 19:14 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-07 18:22 . 2010-03-07 18:22 13264416 ----a-w- c:\documents and settings\HP_Owner\Application Data\Dropbox\cache\Dropbox-update-0.7.110.exe
2010-02-26 05:10 . 2010-02-26 05:10 21979992 ----a-w- c:\documents and settings\HP_Owner\Application Data\Dropbox\bin\Dropbox.exe
2010-02-21 05:39 . 2010-02-21 05:39 83648 ----a-w- c:\windows\system\KNPS.DLL
2010-02-21 05:39 . 2010-02-21 05:39 30544 ----a-w- c:\windows\system\DIB.DRV
2010-02-21 05:39 . 2010-02-21 05:39 55136 ----a-w- c:\windows\system\KNPG.DLL
2010-02-20 04:35 . 2010-02-20 04:35 -------- d-----w- c:\program files\Pidgin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-21 20:39 . 2010-02-13 22:31 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\foobar2000
2010-03-21 14:47 . 2009-12-06 04:44 0 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\prvlcl.dat
2010-03-21 04:37 . 2007-08-22 15:46 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\gtk-2.0
2010-03-20 22:21 . 2009-02-19 19:16 -------- d-----w- c:\program files\Unity
2010-03-18 13:52 . 2009-09-19 19:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-18 03:54 . 2009-07-23 04:21 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\.purple
2010-03-16 16:10 . 2005-07-21 05:00 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Apple Computer
2010-03-16 15:50 . 2005-07-21 18:54 -------- d-----w- c:\documents and settings\Mom-mom\Application Data\Apple Computer
2010-03-16 15:49 . 2005-07-22 01:57 85048 ----a-w- c:\documents and settings\Mom-mom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-16 15:34 . 2009-12-12 05:23 -------- d-----w- c:\program files\QuickTime Alternative
2010-03-16 15:34 . 2005-06-16 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-03-15 21:12 . 2009-02-12 14:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-15 21:01 . 2005-06-16 19:16 -------- d-----w- c:\program files\Java
2010-03-12 20:52 . 2005-07-22 01:57 85048 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-12 20:52 . 2007-07-12 23:30 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Corel
2010-03-12 19:36 . 2010-03-12 19:36 -------- d-----w- c:\program files\WTouch
2010-03-12 19:36 . 2010-03-12 19:35 -------- d-----w- c:\program files\Tablet
2010-03-12 19:15 . 2009-07-23 16:50 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-12 19:14 . 2009-07-23 16:50 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-12 19:14 . 2009-07-23 16:50 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-11 20:52 . 2005-06-16 19:16 -------- d-----w- c:\program files\Common Files\Java
2010-03-09 20:57 . 2005-08-18 00:26 9766 ----a-w- c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
2010-03-07 18:24 . 2009-09-24 01:16 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Dropbox
2010-03-07 18:23 . 2009-09-24 01:16 91696 ----a-w- c:\documents and settings\HP_Owner\Application Data\Dropbox\bin\Uninstall.exe
2010-02-24 23:55 . 2009-12-07 06:11 1890 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-02-24 23:55 . 2009-12-07 06:11 1890 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-02-23 20:42 . 2006-02-08 16:09 -------- d-----w- c:\program files\Watchtower
2010-02-15 22:41 . 2010-02-15 22:41 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-13 22:31 . 2010-02-13 22:31 -------- d-----w- c:\program files\foobar2000
2010-02-13 18:48 . 2006-11-12 19:42 -------- d--h--r- c:\documents and settings\HP_Owner\Application Data\yahoo!
2010-02-13 18:48 . 2006-05-05 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2010-02-13 18:48 . 2006-05-05 17:57 -------- d-----w- c:\program files\Yahoo!
2010-02-13 18:44 . 2009-04-12 17:34 -------- d-----w- c:\program files\Pando Networks
2010-02-13 18:29 . 2005-06-16 19:53 -------- d-----w- c:\program files\Easy Internet signup
2010-02-13 01:05 . 2010-02-13 01:05 -------- d-----w- c:\program files\Livestream Procaster
2010-02-11 01:55 . 2008-02-29 20:19 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\uTorrent
2010-02-08 22:49 . 2009-08-24 21:45 -------- d-----w- c:\program files\LMMS 0.4.5
2010-02-08 22:48 . 2010-02-08 22:48 -------- d-----w- c:\program files\LMMS 0.4.6
2010-02-06 16:02 . 2010-02-06 16:02 -------- d-----w- c:\program files\SystemRequirementsLab
2010-02-06 16:02 . 2010-02-06 16:02 138240 ----a-w- c:\documents and settings\HP_Owner\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2010-02-06 16:02 . 2010-02-06 16:02 138240 ----a-w- c:\documents and settings\HP_Owner\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2010-02-06 16:02 . 2010-02-06 16:02 138240 ----a-w- c:\documents and settings\HP_Owner\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2010-02-06 16:02 . 2010-02-06 16:02 138240 ----a-w- c:\documents and settings\HP_Owner\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2010-02-06 16:02 . 2010-02-06 16:02 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\SystemRequirementsLab
2010-01-29 21:03 . 2009-05-21 18:21 1025536 ----a-w- c:\documents and settings\HP_Owner\Application Data\Scirra\Temp.exe
2010-01-29 21:03 . 2008-12-19 16:18 106496 ----a-w- c:\documents and settings\HP_Owner\Application Data\Scirra\Installer.exe
2010-01-29 21:03 . 2008-11-02 13:29 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Scirra
2010-01-20 01:49 . 2008-06-02 03:41 1 ----a-w- c:\documents and settings\HP_Owner\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-01-07 20:07 . 2009-09-19 19:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 20:07 . 2009-09-19 19:32 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 05:37 . 2005-03-20 20:15 245760 ----a-w- c:\windows\system32\Flux.scr
2010-01-04 22:50 . 2009-11-27 01:44 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-27 22:36 . 2009-12-27 22:36 73728 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\6.0\42\41bdaaea-320456ce-n\OpenAL32.dll
2009-12-27 22:36 . 2009-12-27 22:36 45056 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\6.0\42\41bdaaea-320456ce-n\joal_native.dll
2009-12-27 22:36 . 2009-12-27 22:36 409600 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\6.0\42\41bdaaea-320456ce-n\wrap_oal.dll
2007-07-12 23:30 . 2007-07-12 23:30 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-20 20:19 . 2007-10-30 17:20 360064 c:\windows\system32\dllcache\tcpip.sys
- 2008-06-20 11:51 . 2007-10-30 17:20 360064 c:\windows\system32\dllcache\tcpip.sys
+ 2004-08-04 04:00 . 2004-08-04 04:00 245248 c:\windows\system32\dllcache\mswsock.dll
- 2008-06-20 17:46 . 2004-08-04 04:00 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2004-08-04 04:00 . 2005-07-26 04:20 243200 c:\windows\system32\dllcache\es.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Owner\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Owner\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Owner\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeper.exe" [2005-01-06 3552256]
"Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2003-10-08 198144]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-06-16 180269]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-07-27 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]

c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2005-9-20 256000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-12 19:14 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\biosyer]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[BU]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-15 22:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Livestream Procaster]
2009-12-17 20:44 6477088 ----a-w- c:\program files\Livestream Procaster\Procaster.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\HP_Owner\\Desktop\\Desktop\\new indie\\vanpri101\\ヴァンガードプリンセス\\LunaPort.exe"=
"c:\\Program Files\\Pidgin\\pidgin.exe"=
"c:\\Documents and Settings\\HP_Owner\\My Documents\\Webby Fun\\nvu-1.0\\nvu.exe"=
"c:\\Program Files\\WorldOfGoo\\WorldOfGoo.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Documents and Settings\\HP_Owner\\Desktop\\Desktop\\doujin\\AkatsukiBK\\Akatsuki BK\\akatsukibk.exe"=
"c:\\Program Files\\Opera 10 Beta\\opera.exe"=
"c:\\Documents and Settings\\HP_Owner\\Desktop\\Desktop\\Guilty_Gear_XX_Reload\\Guilty_Gear_XX_Reload\\ggxx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6900:TCP"= 6900:TCP:login-server_sql
"6121:TCP"= 6121:TCP:char-server_sql
"5121:TCP"= 5121:TCP:map-server_sql
"7500:UDP"= 7500:UDP:Lunaport
"1110:TCP"= 1110:TCP:Wanderlust
"1110:UDP"= 1110:UDP:Wanderlust

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/23/2009 12:50 PM 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/23/2009 12:50 PM 242696]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/12/2010 3:14 PM 308064]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [3/12/2010 3:35 PM 4408616]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [3/12/2010 3:36 PM 112936]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/26/2009 9:44 PM 691696]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\o43jd9p5.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\o43jd9p5.default\extensions\wildpocketsloader@simopsstudios.com\plugins\npWildPocketsLoader.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

BHO-{87B39588-5A6D-466D-ABE5-1EF3E113F0E7} - (no file)
BHO-{c5850c95-19ec-4721-9c26-9038fb726f26} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-03-21 16:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-815478324-241836720-3004507354-1009\Software\InterVideo\Common\AUDIODEC\・*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-815478324-241836720-3004507354-1009\Software\SecuROM\License information*]
"datasecu"=hex:a1,22,19,07,81,28,c7,35,8e,73,4f,27,85,45,42,c5,9c,76,cc,14,87,
44,d7,ae,6c,81,a1,7f,89,73,35,b3,1d,3c,d8,5d,87,ee,55,7c,fe,ea,37,5e,e8,87,\
"rkeysecu"=hex:bc,9a,c5,64,d2,95,55,68,e7,36,14,89,a7,c6,31,0c
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-03-21 16:56:33
ComboFix-quarantined-files.txt 2010-03-21 20:56
ComboFix2.txt 2010-03-21 20:28
ComboFix3.txt 2010-03-20 20:53
ComboFix4.txt 2010-03-20 03:43
ComboFix5.txt 2010-03-21 20:46

Pre-Run: 102,764,982,272 bytes free
Post-Run: 102,751,801,344 bytes free

- - End Of File - - 620C02B29CA1D55539B12A0B9A6942AC

TDKnite

Newbie Surfer
Newbie Surfer

Posts: 14
Joined: 2010-03-18
Operating System: Windows XP

View user profile

Back to top Go down

Re: JS/Generic

Post by chiaz on Mon 22 Mar 2010, 7:03 am

Great!

Now download: CCleaner (freeware)
[You must be registered and logged in to see this link.]
Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar).
Once installed, run CCleaner click the Windows [tab]
The following should be selected by default, if not, please select:

Then click Run Cleaner (bottom right) then Exit


Next, please go HERE to run Panda ActiveScan 2.0

  • Click the big green Scan now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Once the scan is completed, please hit the notepad icon next to the text Export to:
  • Save it to a convenient location such as your Desktop
  • Post the contents of the ActiveScan.txt in your next reply, as well as let me know how your PC is running now.

chiaz

Malware Advisor
Malware Advisor

Posts: 126
Joined: 2010-03-16
Operating System: Vista

View user profile

Back to top Go down

Re: JS/Generic

Post by TDKnite on Mon 22 Mar 2010, 11:43 am

So far, my PC's been running great. Here's the report from Panda:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2010-03-21 21:41:17
PROTECTIONS: 1
MALWARE: 6
SUSPECTS: 61
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Anti-Virus Free 9.0 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00278769 Application/PRScheduler HackTools Yes 0 Yes No c:\documents and settings\hp_owner\start menu\programs\startup\powerreg scheduler.exe
00447834 Adware/Lop Adware No 0 Yes No c:\program files\norton systemworks\norton antivirus\quarantine\12e40713.exe
00447834 Adware/Lop Adware No 0 Yes No c:\program files\norton systemworks\norton antivirus\quarantine\22037d12.dll
01313177 Generic Malware Virus/Trojan No 0 Yes No c:\program files\wildtangent\components\wtpropertybag0200.dll
01343147 Application/MyWay HackTools No 0 Yes No d:\i386\apps\app22084\src\hpsummer2005.exe
02235691 Generic Malware Virus/Trojan No 0 Yes No c:\windows\downloaded program files\hgstart9usa.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\documents and settings\hp_owner\my documents\other\something new\winkawaks156.zip[winkawaks.exe]
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\documents and settings\hp_owner\my documents\other\something new\winkawaks156\winkawaks.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No c:\documents and settings\hp_owner\desktop\combofix.exe[32788r22fwjfw\pev.exe]
No c:\documents and settings\hp_owner\my documents\indie games\ikiki\bakudan\bakudan.exe
No c:\documents and settings\hp_owner\my documents\indie games\ikiki\bakuhatu\bakuhatu.exe
No c:\documents and settings\hp_owner\my documents\indie games\ikiki\basirin\basirin.exe
No c:\documents and settings\hp_owner\my documents\indie games\ikiki\bimboman\bimboman.exe
No c:\documents and settings\hp_owner\my documents\indie games\ikiki\blockman\blockman.exe
No c:\documents and settings\hp_owner\my documents\indie games\ikiki\bokorin\bokorin.exe
No c:\documents and settings\hp_owner\my documents\indie games\ikiki\bokusin\bokusin.exe
No c:\documents and settings\hp_owner\my documents\indie games\ikiki\curryki\curryki.exe
No c:\documents and settings\hp_owner\my documents\indie games\ikiki\gonbutoman\gonbutoman.exe
No c:\documents and settings\hp_owner\my documents\indie games\ikiki\hageyarou\hageyarou.exe
No c:\documents and settings\hp_owner\my documents\indie games\ikiki\hitotobasi\hitotobasi.exe
No c:\documents and settings\hp_owner\my documents\indie games\ikiki\hosonaga\āzā\hosonaga.exe
No c:\documents and settings\hp_owner\my documents\indie games\ikiki\kamutaro\kamutaro.exe
No c:\documents and settings\hp_owner\my documents\indie games\ikiki\kusariman\kusariman.exe
No c:\documents and settings\hp_owner\my documents\indie games\ikiki\nikujin\nikujin.exe
No c:\documents and settings\hp_owner\my documents\indie games\ikiki\ninjagame\ninjagame.exe
No c:\documents and settings\hp_owner\my documents\indie games\ikiki\niwatori\niwatori.exe
No c:\documents and settings\hp_owner\my documents\indie games\ikiki\rakkasan\rakkasan.exe
No c:\documents and settings\hp_owner\my documents\indie games\ikiki\rocketaro\rocketaro.exe
No c:\documents and settings\hp_owner\my documents\indie games\ikiki\sogeking\ā\sogeking.exe
No c:\documents and settings\hp_owner\my documents\indie games\ikiki\tarenagasi\tarenagasi.exe
No c:\documents and settings\hp_owner\my documents\indie games\ikiki\tekkyuuman\tekkyuuman.exe
No c:\documents and settings\hp_owner\my documents\indie games\ikiki\teppodon\teppodon.exe
No c:\documents and settings\hp_owner\my documents\indie games\ikiki\teppoman\teppoman.exe
No c:\documents and settings\hp_owner\my documents\indie games\ikiki\tepposenso\tepposenso.exe
No c:\documents and settings\hp_owner\my documents\indie games\ikiki\tobioriya\tobioriya.exe
No c:\documents and settings\hp_owner\my documents\indie games\konjak\noitulove\noitu love.exe
No c:\documents and settings\hp_owner\my documents\indie games\nifflas\withinadeepforest_114\secrets levels.exe
No c:\documents and settings\hp_owner\my documents\indie games\nifflas\withinadeepforest_114\within a deep forest.exe
No c:\documents and settings\hp_owner\my documents\indie games\squidyesnotsooctopus\synso\treble.dll
No c:\hp\recovery\wizard\fscommand\cdlogic_ret.exe
No c:\hp\recovery\wizard\swr_wizard.exe
No c:\program files\common files\webroot shared\office.dll
No c:\system volume information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\rp109\a0022854.exe
No c:\system volume information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\rp118\a0023632.dll
No c:\system volume information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\rp145\a0028305.rbf
No c:\system volume information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\rp145\a0028319.mst[unk_0016]
No c:\system volume information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\rp145\a0028322.mst[unk_0016]
No c:\system volume information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\rp195\a0039049.exe
No c:\system volume information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\rp196\a0039084.exe
No c:\system volume information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\rp196\a0039226.exe
No c:\system volume information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\rp197\a0039345.exe
No c:\system volume information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\rp197\a0039375.exe
No c:\system volume information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\rp198\a0039492.exe
No c:\system volume information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\rp198\a0039611.exe
No c:\system volume information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\rp199\a0039749.exe
No c:\system volume information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\rp199\a0039867.exe
No c:\system volume information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\rp199\a0039942.exe
No c:\system volume information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\rp199\a0040059.exe
No c:\system volume information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\rp201\a0040406.exe
No c:\system volume information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\rp201\a0040450.exe
No c:\system volume information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\rp201\a0040521.exe
No c:\system volume information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\rp201\a0040617.exe
No c:\system volume information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\rp201\a0040727.exe[32788r22fwjfw\pev.exe]
No c:\system volume information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\rp201\a0040776.exe
No c:\system volume information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\rp201\a0040807.exe
No c:\system volume information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\rp201\a0040924.exe
No c:\system volume information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\rp201\a0041011.exe
No c:\windows\downloaded program files\hgplugin9usa.dll
No c:\windows\pev.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
217842 HIGH MS10-015
217839 HIGH MS10-012
217838 HIGH MS10-011
217834 HIGH MS10-008
217833 HIGH MS10-007
217832 HIGH MS10-006
217831 HIGH MS10-005
217169 HIGH MS10-002
216839 HIGH MS10-001
215938 HIGH MS09-072
215935 HIGH MS09-069
215048 HIGH MS09-065
214076 HIGH MS09-059
971486 HIGH MS09-058
214074 HIGH MS09-057
214073 HIGH MS09-056
214072 HIGH MS09-055
214071 HIGH MS09-054
213109 HIGH MS09-046
212494 HIGH MS09-042
212493 HIGH MS09-041
212530 HIGH MS09-034
211784 HIGH MS09-032
211781 HIGH MS09-029
210625 HIGH MS09-026
210624 HIGH MS09-025
210621 HIGH MS09-022
210618 HIGH MS09-019
208380 HIGH MS09-015
208379 HIGH MS09-014
208378 HIGH MS09-013
208377 HIGH MS09-012
206981 HIGH MS09-007
206980 HIGH MS09-006
205735 HIGH MS09-002
204670 HIGH MS09-001
;===================================================================================================================================================================================

TDKnite

Newbie Surfer
Newbie Surfer

Posts: 14
Joined: 2010-03-18
Operating System: Windows XP

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


Permissions in this forum:
You cannot reply to topics in this forum