GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

18 trojans on my computer

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Solved Re: 18 trojans on my computer

Post by Belahzur on Sat Jan 10, 2009 3:47 pm

Did you run fix.bat?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Solved Re: 18 trojans on my computer

Post by madihamemon on Sat Jan 10, 2009 3:49 pm

yeah but it didnt give me a report

madihamemon
Novice
Novice

Status :
Online
Offline

Posts : 45
Joined : 2009-01-09
OS : Windows XP
Points : 28890
# Likes : 0

View user profile

Back to top Go down

Solved Re: 18 trojans on my computer

Post by Belahzur on Sat Jan 10, 2009 3:51 pm

Okay, we'll do this manually?
Navigate to the system32 folder:
C:\WINDOWS\system32\
Find userinit.exe in there.
Right click the file > Rename
Add a .bad extension onto it, so it's called userinit.exe.bad

Now right click userinit.exe file from your Desktop > Cut, then paste it in system32 folder.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Solved Re: 18 trojans on my computer

Post by madihamemon on Sat Jan 10, 2009 4:26 pm

its not called userinit.exe, its just userinit. My computer is acting very slow. Its hard to open anything without it getting stuck

madihamemon
Novice
Novice

Status :
Online
Offline

Posts : 45
Joined : 2009-01-09
OS : Windows XP
Points : 28890
# Likes : 0

View user profile

Back to top Go down

Solved Re: 18 trojans on my computer

Post by Belahzur on Sat Jan 10, 2009 4:28 pm

Ah, no file extensions.
Okay, rename it to userinitbad.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Solved Re: 18 trojans on my computer

Post by madihamemon on Sat Jan 10, 2009 4:31 pm

ok i renamed it and I pasted it in system32 folder

madihamemon
Novice
Novice

Status :
Online
Offline

Posts : 45
Joined : 2009-01-09
OS : Windows XP
Points : 28890
# Likes : 0

View user profile

Back to top Go down

Solved Re: 18 trojans on my computer

Post by Belahzur on Sat Jan 10, 2009 4:38 pm

Right click the new userinit in system32 folder > Copy <== DO NOT cut this time.
Paste the copy on your Desktop.

  1. Open My Computer.
  2. Go to Tools > Folder Options.
  3. Select the View tab.
  4. Scroll down to Hidden files and folders.
  5. Select Show hidden files and folders.
  6. Uncheck (untick) Hide extensions of known file types.
  7. Uncheck (untick) Hide protected operating system files (Recommended).
  8. Click Yes when prompted.
  9. Click OK.
  10. Close My Computer.

Navigate to this folder in bold:
C:\Windows\system32\dllcache\
There is also a userinit in there, rename that to userinitbad as well.

Now right click the new userinit that you copied to your desktop > Cut the userinit file from your desktop and paste it in dllcache.

Now we have two new copies of userinit replaced and two bad copies of userinit.

Delete these two files in bold:
C:\Windows\system32\userinitbad
C:\Windows\system32\dlcache\userinitbad

Lets finish up here now.


  • Now open a new notepad file.
  • Input this into the notepad file:

    regedit /e peek1.txt "HKEY_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Policies\System"
    regedit /e peek2.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System"
    type peek1.txt >> look.txt
    type peek2.txt >> look.txt
    del peek*.txt
    start notepad look.txt

  • Save this as look.bat, save it to your desktop.
  • Double click look.bat to run it.
  • Copy and paste the report back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Solved Re: 18 trojans on my computer

Post by madihamemon on Sat Jan 10, 2009 4:44 pm

there is no dlcache folder in system 32

madihamemon
Novice
Novice

Status :
Online
Offline

Posts : 45
Joined : 2009-01-09
OS : Windows XP
Points : 28890
# Likes : 0

View user profile

Back to top Go down

Solved Re: 18 trojans on my computer

Post by Belahzur on Sat Jan 10, 2009 4:50 pm

Sorry, dllcache, I missed an "L" in there.
You have to follow my unhide hidden files/folders instructions to be able to see it, this part:
Uncheck (untick) Hide protected operating system files (Recommended).


Once you untick that option, you can see dllcache then.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Solved Re: 18 trojans on my computer

Post by madihamemon on Sun Jan 11, 2009 4:02 am

cant find the dlcache folder even after unchecking the hidden folders/files

madihamemon
Novice
Novice

Status :
Online
Offline

Posts : 45
Joined : 2009-01-09
OS : Windows XP
Points : 28890
# Likes : 0

View user profile

Back to top Go down

Solved Re: 18 trojans on my computer

Post by Belahzur on Sun Jan 11, 2009 1:13 pm

Okay, nevermind.
The main file is replaced and that's all that matters.

Can you do my reg export look.bat?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Solved Re: 18 trojans on my computer

Post by madihamemon on Sun Jan 11, 2009 1:26 pm

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000

madihamemon
Novice
Novice

Status :
Online
Offline

Posts : 45
Joined : 2009-01-09
OS : Windows XP
Points : 28890
# Likes : 0

View user profile

Back to top Go down

Solved Re: 18 trojans on my computer

Post by Belahzur on Sun Jan 11, 2009 3:38 pm


  • Now open a new notepad file.
  • Input this into the notepad file:

    Windows Registry Editor Version 5.00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "DisableTaskMgr"=-

  • Save this as fix.reg, save it to your desktop.
  • Double click fix.reg to run it.
  • Select yes to the registry merge prompt.


What problems remain?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Solved Re: 18 trojans on my computer

Post by madihamemon on Sun Jan 11, 2009 4:27 pm

well firefox keep acting really wierd. I am getting too many pop ups with antivirus websites. Firefox keeps crashing. Computer is acting really slow. It keeps getting stuck too.

madihamemon
Novice
Novice

Status :
Online
Offline

Posts : 45
Joined : 2009-01-09
OS : Windows XP
Points : 28890
# Likes : 0

View user profile

Back to top Go down

Solved Re: 18 trojans on my computer

Post by Belahzur on Sun Jan 11, 2009 4:52 pm

Can you post a new DDS log please.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Solved Re: 18 trojans on my computer

Post by madihamemon on Sun Jan 11, 2009 6:30 pm

DDS (Ver_09-01-07.01) - NTFSx86
Run by Maddi at 13:23:37.04 on Sun 01/11/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_01
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.98 [GMT -5:00]

AV: F-Secure Client Security 7.11 *On-access scanning enabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: F-Secure Client Security 7.11 *enabled*
FW: Sunbelt Personal Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\IMSafer\bin\imslive.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\IMSafer\bin\imsc.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\WebDrive\webdrive.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\WebDrive\wdService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Documents and Settings\Maddi\Desktop\Antivirus stuff\dds.com
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe

madihamemon
Novice
Novice

Status :
Online
Offline

Posts : 45
Joined : 2009-01-09
OS : Windows XP
Points : 28890
# Likes : 0

View user profile

Back to top Go down

Solved Re: 18 trojans on my computer

Post by madihamemon on Sun Jan 11, 2009 6:31 pm

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
LSP: c:\program files\f-secure\fsps\program\FSLSP.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: mrxaqn.dll
SEH: Trend Micro Anti-Spyware Shell Extension: {03a80b1d-5c6a-42c2-9dfb-81b6005d8023} - c:\program files\trend micro\tmas\sshook.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\maddi\applic~1\mozilla\firefox\profiles\r51m0iug.default\
FF - plugin: c:\documents and settings\maddi\application data\mozilla\firefox\profiles\r51m0iug.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {4E87C79F-1395-4175-8DEB-3A9504FCC6C2} - c:\documents and settings\maddi\local settings\application data\{4E87C79F-1395-4175-8DEB-3A9504FCC6C2}
FF - HiddenExtension: XUL Cache: {F6712E96-93F6-4C78-922A-95AF2835A89C} - c:\windows\system32\config\systemprofile\local settings\application data\{f6712e96-93f6-4c78-922a-95af2835a89c}\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCE08D86A-A41A-410A-943C-13BABB7DC474", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA9EDC9ED-603A-4F3F-BBEA-59C8853A3236", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID90D10942-D952-4863-9DD6-A2BDBBAD456E", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0ECEE744-7B69-4912-AB91-AE76D61ECB04", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF25635B2-1AB9-47B5-88D1-8877B22C86DE", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID27B7F812-4159-45B9-A389-B7A118A58DE4", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF849DF29-393B-4F8B-99D1-117A70D66FC7", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBF1E9C3D-637C-4171-BD12-28A7360B879A", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDDE1C0601-7947-4D7F-A6E5-E68BF6BA1E37", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EA0DCCE-4D98-4876-9C6A-E5C563D0820A", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID446462BA-2AAD-4C88-BC63-5210E2F31465", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0862E368-A40E-4E55-83EB-FBC5571BABA4", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDD2A96E3C-FFB3-4D38-9AC3-B127527BEA35", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4B05B39A-9DDC-4650-A7F8-D5B134E5FFE5", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC8E2574A-7BCE-4B93-A22E-61831DFD6DB8", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID659796C0-8B5D-48D7-A4EB-7E6874E26274", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID78071AB5-E729-414E-8D02-9C1D034F82E7", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCC3F71E1-17F3-4C5B-997D-44CA56943197", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE67D5C78-B2D4-4BA0-8D69-1C7AF4BB08B5", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFC5F3D7A-D321-412C-8A5D-9AD0C8041941", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6EC5CD16-81BC-4515-9EDD-9265C906F56E", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID67CFB2C5-E491-4395-977B-CD45E4124655", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID73600569-52E6-4760-8BAB-B68202937D98", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB02EBD42-6885-401A-9389-E089F7DDC872", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBAE5CB8C-4075-4743-B2E4-78DA8D8CDC64", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID28B07B04-DA99-4FD3-BF27-4972F2B8142B", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D53448F-D12B-4102-8CE2-697DAE8D6643", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE3266A47-A141-47B8-AAA8-5F16FB4F8CCD", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB33AB7AF-76D7-4B1C-B709-5D6BF9E7B1C7", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID153B7451-0BB5-4B37-95C0-44D89E2F1F2B", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID3BBE8E21-0D3D-4BAA-AC6F-C7BCEF750849", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9B5B4F2D-A7D9-4329-B0FE-92B301A8CAAD", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA5C42921-8CD0-4924-97C3-01B5B0610BC6", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID06969252-F90F-4CF2-9074-33772EB64859", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFBF37655-1236-4C0D-96C5-F94E1724841B", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC1A3F035-B68F-4B2B-9FD5-E36DAAAF26DD", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID368F3685-543E-4812-9FDE-96E097E453FC", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID43969873-56AA-4113-84CB-4AB2AEB9AA31", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA205DD80-63D4-4E41-B785-26EC3D90B97B", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID068D43E7-7551-4A2F-AE96-4A38A9AD1953", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF443E9CB-9EEC-456E-8AE7-F3102D5CD47D", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE36A7B16-645D-4261-BFF8-3A7E69C5F7A5", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID379805E3-E0E2-40DC-B51B-6DC1AE5802AA", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF6240D69-A06D-44A1-8003-8496CCEF2C53", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID26C3113D-5A71-4F1B-A2CB-BE59E1279DDA", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID92B97F2B-7565-4CE9-9AC7-0598DFD731F8", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID2AA5E7CF-9696-42F0-B76A-8655296EADF2", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0AAACE0B-ACEF-4781-83F4-BFB52EEC995A", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D56FF58-A39D-4E8C-A40B-2E3711251772", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID946121C2-11F1-49DD-A7E3-CF793DE827A4", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB853303D-1BAB-43F3-9D7D-101D0DA8E7A5", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9E578247-FE29-4F8C-8202-A24A5688CF2A", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6D065A8F-FFC0-4A0F-B863-1D724B8C786B", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4451D291-6940-42CE-9D3C-CA1D4C96549C", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID064B722D-079D-4EBB-B3CF-9FCBF64FFF5D", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID38F8AB0F-5DFB-43D9-889E-8717CC4AB59B", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EC68CD1-0EF1-4CB9-9EF1-3D64AB266149", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID44F96B27-CFAD-41E1-83A1-6B28040C3BDE", "AllAccess");

madihamemon
Novice
Novice

Status :
Online
Offline

Posts : 45
Joined : 2009-01-09
OS : Windows XP
Points : 28890
# Likes : 0

View user profile

Back to top Go down

Solved Re: 18 trojans on my computer

Post by madihamemon on Sun Jan 11, 2009 6:31 pm

============= SERVICES / DRIVERS ===============

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-7-13 60256]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\f-secure\hips\fshs.sys [2008-7-13 70752]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-6-21 66600]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\f-secure\anti-virus\minifilter\fsgk.sys [2008-7-13 62048]
R3 F-Secure Network Request Broker;F-Secure Network Request Broker;c:\program files\f-secure\common\FNRB32.exe [2008-7-13 162456]
R3 WPRO_40_755;WinPcap Packet Driver (WPRO_40_755);c:\windows\system32\drivers\wpro_40_755.sys --> c:\windows\system32\drivers\WPRO_40_755.sys [?]
R4 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\f-secure\anti-virus\fsgk32st.exe [2008-7-13 47800]
R4 ImSaferLive;IMSafer Live;c:\program files\imsafer\bin\imslive.exe [2008-12-22 1882176]
R4 ImSaferService;IMSafer;c:\program files\imsafer\bin\imsc.exe [2008-12-22 2173504]
R4 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
R4 SbPF.Launcher;SbPF.Launcher;c:\program files\sunbelt software\personal firewall\SbPFLnch.exe [2008-10-31 95528]
R4 WebDriveFSD;WebDrive Filesystem Driver;c:\program files\webdrive\wdfsd.sys [2007-5-19 167552]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\f-secure\anti-virus\win2k\fsfilter.sys [2008-7-13 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\f-secure\anti-virus\win2k\fsrec.sys [2008-7-13 25184]
S4 SPF4;Sunbelt Personal Firewall 4;c:\program files\sunbelt software\personal firewall\SbPFSvc.exe [2008-10-31 1365288]

=============== Created Last 30 ================

2009-01-11 13:03 101,136 a------- c:\windows\system32\WPRO_40_755woem.tmp
2009-01-11 09:18 --d----- c:\program files\GMATPrep
2009-01-10 11:30 24,576 a------- c:\windows\system32\userinitbad.exe
2009-01-10 11:24 24,576 ac------ c:\windows\system32\dllcache\userinit.exe
2009-01-10 11:24 24,576 a------- c:\windows\system32\userinit.exe
2009-01-10 09:25 --d----- c:\docume~1\maddi\applic~1\Malwarebytes
2009-01-10 09:25 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-10 09:25 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-10 09:25 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-10 09:25 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-06 22:06 --d----- c:\program files\Sunbelt Software
2009-01-06 19:56 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-01-06 19:55 --d----- c:\documents and settings\maddi\.housecall6.6
2009-01-06 02:29 491 a------- c:\windows\system32\win32hlp.cnf

==================== Find3M ====================

2008-10-23 08:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-16 15:38 826,368 a------- c:\windows\system32\wininet.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2006-10-05 19:24 148 a------- c:\docume~1\maddi\applic~1\wklnhst.dat
2004-03-23 17:14 724,597,104 a------- c:\documents and settings\maddi\AUTOCAD_2005.bin

madihamemon
Novice
Novice

Status :
Online
Offline

Posts : 45
Joined : 2009-01-09
OS : Windows XP
Points : 28890
# Likes : 0

View user profile

Back to top Go down

Solved Re: 18 trojans on my computer

Post by Belahzur on Sun Jan 11, 2009 7:28 pm

Please download [You must be registered and logged in to see this link.] and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt). Note: Do not run Option #2 yet.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Solved Re: 18 trojans on my computer

Post by madihamemon on Sun Jan 11, 2009 7:40 pm

GooredFix v1.8 by jpshortstuff
Log created at 14:39 on 11/01/2009 running Option #1 (Maddi)
Firefox version 3.0.5 (en-US)

=====Suspect Goored Entries=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{F6712E96-93F6-4C78-922A-95AF2835A89C}"="C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{F6712E96-93F6-4C78-922A-95AF2835A89C}\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{4E87C79F-1395-4175-8DEB-3A9504FCC6C2}"="C:\Documents and Settings\Maddi\Local Settings\Application Data\{4E87C79F-1395-4175-8DEB-3A9504FCC6C2}"

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{F6712E96-93F6-4C78-922A-95AF2835A89C}"="C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{F6712E96-93F6-4C78-922A-95AF2835A89C}\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{4E87C79F-1395-4175-8DEB-3A9504FCC6C2}"="C:\Documents and Settings\Maddi\Local Settings\Application Data\{4E87C79F-1395-4175-8DEB-3A9504FCC6C2}"

madihamemon
Novice
Novice

Status :
Online
Offline

Posts : 45
Joined : 2009-01-09
OS : Windows XP
Points : 28890
# Likes : 0

View user profile

Back to top Go down

Solved Re: 18 trojans on my computer

Post by Belahzur on Sun Jan 11, 2009 8:14 pm

Hello.

Please double-click GooredFix.exe on your Desktop to run it. Select 2. Fix Goored by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Solved Re: 18 trojans on my computer

Post by madihamemon on Sun Jan 11, 2009 8:26 pm

GooredFix v1.8 by jpshortstuff
Log created at 15:25 on 11/01/2009 running Option #2 (Maddi)
Firefox version 3.0.5 (en-US)

=====Goored Deletions=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{F6712E96-93F6-4C78-922A-95AF2835A89C}"="C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{F6712E96-93F6-4C78-922A-95AF2835A89C}\"
->Backing up value... Done.
->Deleting value... Done.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{F6712E96-93F6-4C78-922A-95AF2835A89C}\
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Failed.
->Delete on reboot... Set.

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{4E87C79F-1395-4175-8DEB-3A9504FCC6C2}"="C:\Documents and Settings\Maddi\Local Settings\Application Data\{4E87C79F-1395-4175-8DEB-3A9504FCC6C2}"
->Backing up value... Done.
->Deleting value... Done.

C:\Documents and Settings\Maddi\Local Settings\Application Data\{4E87C79F-1395-4175-8DEB-3A9504FCC6C2}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

=====Reboot=====

madihamemon
Novice
Novice

Status :
Online
Offline

Posts : 45
Joined : 2009-01-09
OS : Windows XP
Points : 28890
# Likes : 0

View user profile

Back to top Go down

Solved Re: 18 trojans on my computer

Post by Belahzur on Sun Jan 11, 2009 8:28 pm

Hello.
I need you to reboot the computer, Gooredfix needs to delete something on reboot.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Solved Re: 18 trojans on my computer

Post by madihamemon on Sun Jan 11, 2009 9:05 pm

i rebooted the system but firefox is still crashing

madihamemon
Novice
Novice

Status :
Online
Offline

Posts : 45
Joined : 2009-01-09
OS : Windows XP
Points : 28890
# Likes : 0

View user profile

Back to top Go down

Solved Re: 18 trojans on my computer

Post by Belahzur on Sun Jan 11, 2009 9:09 pm

Hello.
That reg export I asked, we went one registry key too far to see the policies, so I need you to repeat this step using this slightly edited reg export script.


  • Now open a new notepad file.
  • Input this into the notepad file:

    regedit /e peek1.txt "HKEY_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Policies"
    regedit /e peek2.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies"
    type peek1.txt >> look.txt
    type peek2.txt >> look.txt
    del peek*.txt
    start notepad look.txt

  • Save this as look.bat, save it to your desktop.
  • Double click look.bat to run it.
  • Copy and paste the report back here.


Are you experiencing popups or re-directs?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Solved Re: 18 trojans on my computer

Post by madihamemon on Sun Jan 11, 2009 11:29 pm

look.bat wont give me a report

madihamemon
Novice
Novice

Status :
Online
Offline

Posts : 45
Joined : 2009-01-09
OS : Windows XP
Points : 28890
# Likes : 0

View user profile

Back to top Go down

Solved Re: 18 trojans on my computer

Post by Belahzur on Sun Jan 11, 2009 11:32 pm

Okay, i'll make a reg fix manually soon, but that isn't top priority right now.

What problems remain?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Solved Re: 18 trojans on my computer

Post by madihamemon on Sun Jan 11, 2009 11:35 pm

firefox crashing every 15 or so minutes. Computer gets stuck occasionally then I have to restart the computer. It takes really long for it to restart

madihamemon
Novice
Novice

Status :
Online
Offline

Posts : 45
Joined : 2009-01-09
OS : Windows XP
Points : 28890
# Likes : 0

View user profile

Back to top Go down

Solved Re: 18 trojans on my computer

Post by Belahzur on Sun Jan 11, 2009 11:39 pm

Re-installing Firefox may help.
Machine crashing.
I don't think it's malware related.

How much RAM does this machine have?
How fast is the processor?

Please post a new DDS just to be sure the malware is gone.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Solved Re: 18 trojans on my computer

Post by madihamemon on Sun Jan 11, 2009 11:47 pm

1.73 ghz 1 gig of ram

dds report:


DDS (Ver_09-01-07.01) - NTFSx86
Run by Maddi at 18:43:16.87 on Sun 01/11/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_01
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.528 [GMT -5:00]

AV: F-Secure Client Security 7.11 *On-access scanning enabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: F-Secure Client Security 7.11 *enabled*
FW: Sunbelt Personal Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\IMSafer\bin\imslive.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\IMSafer\bin\imsc.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\WebDrive\wdService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\WebDrive\webdrive.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Maddi\Desktop\Antivirus stuff\dds.com

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: {19EFFBFB-59A4-402C-9078-E0351EABFC21} - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_7
uRun: [RollerCoasterTycoon.exe] c:\docume~1\maddi\desktop\ROLLER~1.EXE /r
uRun: [Aim6]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [WebDriveTray] c:\program files\webdrive\webdrive.exe /trayicon
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [URLLSTCK.exe] c:\program files\norton internet security\UrlLstCk.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_01\bin\jusched.exe"
mRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [IPHSend] c:\program files\common files\aol\iphsend\IPHSend.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HostManager] c:\program files\common files\aol\1155605302\ee\AOLSoftware.exe
mRun: [F-Secure TNB] "c:\program files\f-secure\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [F-Secure Manager] "c:\program files\f-secure\common\FSM32.EXE" /splash
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
StartupFolder: c:\documents and settings\maddi\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
LSP: c:\program files\f-secure\fsps\program\FSLSP.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: mrxaqn.dll
SEH: Trend Micro Anti-Spyware Shell Extension: {03a80b1d-5c6a-42c2-9dfb-81b6005d8023} - c:\program files\trend micro\tmas\sshook.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

madihamemon
Novice
Novice

Status :
Online
Offline

Posts : 45
Joined : 2009-01-09
OS : Windows XP
Points : 28890
# Likes : 0

View user profile

Back to top Go down

Solved Re: 18 trojans on my computer

Post by madihamemon on Sun Jan 11, 2009 11:49 pm

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\maddi\applic~1\mozilla\firefox\profiles\r51m0iug.default\
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCE08D86A-A41A-410A-943C-13BABB7DC474", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA9EDC9ED-603A-4F3F-BBEA-59C8853A3236", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID90D10942-D952-4863-9DD6-A2BDBBAD456E", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0ECEE744-7B69-4912-AB91-AE76D61ECB04", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF25635B2-1AB9-47B5-88D1-8877B22C86DE", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID27B7F812-4159-45B9-A389-B7A118A58DE4", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF849DF29-393B-4F8B-99D1-117A70D66FC7", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBF1E9C3D-637C-4171-BD12-28A7360B879A", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDDE1C0601-7947-4D7F-A6E5-E68BF6BA1E37", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EA0DCCE-4D98-4876-9C6A-E5C563D0820A", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID446462BA-2AAD-4C88-BC63-5210E2F31465", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0862E368-A40E-4E55-83EB-FBC5571BABA4", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDD2A96E3C-FFB3-4D38-9AC3-B127527BEA35", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4B05B39A-9DDC-4650-A7F8-D5B134E5FFE5", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC8E2574A-7BCE-4B93-A22E-61831DFD6DB8", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID659796C0-8B5D-48D7-A4EB-7E6874E26274", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID78071AB5-E729-414E-8D02-9C1D034F82E7", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCC3F71E1-17F3-4C5B-997D-44CA56943197", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE67D5C78-B2D4-4BA0-8D69-1C7AF4BB08B5", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFC5F3D7A-D321-412C-8A5D-9AD0C8041941", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6EC5CD16-81BC-4515-9EDD-9265C906F56E", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID67CFB2C5-E491-4395-977B-CD45E4124655", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID73600569-52E6-4760-8BAB-B68202937D98", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB02EBD42-6885-401A-9389-E089F7DDC872", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBAE5CB8C-4075-4743-B2E4-78DA8D8CDC64", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID28B07B04-DA99-4FD3-BF27-4972F2B8142B", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D53448F-D12B-4102-8CE2-697DAE8D6643", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE3266A47-A141-47B8-AAA8-5F16FB4F8CCD", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB33AB7AF-76D7-4B1C-B709-5D6BF9E7B1C7", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID153B7451-0BB5-4B37-95C0-44D89E2F1F2B", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID3BBE8E21-0D3D-4BAA-AC6F-C7BCEF750849", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9B5B4F2D-A7D9-4329-B0FE-92B301A8CAAD", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA5C42921-8CD0-4924-97C3-01B5B0610BC6", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID06969252-F90F-4CF2-9074-33772EB64859", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFBF37655-1236-4C0D-96C5-F94E1724841B", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC1A3F035-B68F-4B2B-9FD5-E36DAAAF26DD", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID368F3685-543E-4812-9FDE-96E097E453FC", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID43969873-56AA-4113-84CB-4AB2AEB9AA31", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA205DD80-63D4-4E41-B785-26EC3D90B97B", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID068D43E7-7551-4A2F-AE96-4A38A9AD1953", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF443E9CB-9EEC-456E-8AE7-F3102D5CD47D", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE36A7B16-645D-4261-BFF8-3A7E69C5F7A5", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID379805E3-E0E2-40DC-B51B-6DC1AE5802AA", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF6240D69-A06D-44A1-8003-8496CCEF2C53", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID26C3113D-5A71-4F1B-A2CB-BE59E1279DDA", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID92B97F2B-7565-4CE9-9AC7-0598DFD731F8", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID2AA5E7CF-9696-42F0-B76A-8655296EADF2", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0AAACE0B-ACEF-4781-83F4-BFB52EEC995A", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D56FF58-A39D-4E8C-A40B-2E3711251772", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID946121C2-11F1-49DD-A7E3-CF793DE827A4", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB853303D-1BAB-43F3-9D7D-101D0DA8E7A5", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9E578247-FE29-4F8C-8202-A24A5688CF2A", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6D065A8F-FFC0-4A0F-B863-1D724B8C786B", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4451D291-6940-42CE-9D3C-CA1D4C96549C", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID064B722D-079D-4EBB-B3CF-9FCBF64FFF5D", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID38F8AB0F-5DFB-43D9-889E-8717CC4AB59B", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EC68CD1-0EF1-4CB9-9EF1-3D64AB266149", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID44F96B27-CFAD-41E1-83A1-6B28040C3BDE", "AllAccess");

============= SERVICES / DRIVERS ===============

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-7-13 60256]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\f-secure\hips\fshs.sys [2008-7-13 70752]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-6-21 66600]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\f-secure\anti-virus\minifilter\fsgk.sys [2008-7-13 62048]
R3 F-Secure Network Request Broker;F-Secure Network Request Broker;c:\program files\f-secure\common\FNRB32.exe [2008-7-13 162456]
R3 WPRO_40_755;WinPcap Packet Driver (WPRO_40_755);c:\windows\system32\drivers\wpro_40_755.sys --> c:\windows\system32\drivers\WPRO_40_755.sys [?]
R4 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\f-secure\anti-virus\fsgk32st.exe [2008-7-13 47800]
R4 ImSaferLive;IMSafer Live;c:\program files\imsafer\bin\imslive.exe [2008-12-22 1882176]
R4 ImSaferService;IMSafer;c:\program files\imsafer\bin\imsc.exe [2008-12-22 2173504]
R4 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
R4 SbPF.Launcher;SbPF.Launcher;c:\program files\sunbelt software\personal firewall\SbPFLnch.exe [2008-10-31 95528]
R4 WebDriveFSD;WebDrive Filesystem Driver;c:\program files\webdrive\wdfsd.sys [2007-5-19 167552]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\f-secure\anti-virus\win2k\fsfilter.sys [2008-7-13 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\f-secure\anti-virus\win2k\fsrec.sys [2008-7-13 25184]
S4 SPF4;Sunbelt Personal Firewall 4;c:\program files\sunbelt software\personal firewall\SbPFSvc.exe [2008-10-31 1365288]

=============== Created Last 30 ================

2009-01-11 15:57 101,136 a------- c:\windows\system32\WPRO_40_755woem.tmp
2009-01-11 09:18 --d----- c:\program files\GMATPrep
2009-01-10 11:30 24,576 a------- c:\windows\system32\userinitbad.exe
2009-01-10 11:24 24,576 ac------ c:\windows\system32\dllcache\userinit.exe
2009-01-10 11:24 24,576 a------- c:\windows\system32\userinit.exe
2009-01-10 09:25 --d----- c:\docume~1\maddi\applic~1\Malwarebytes
2009-01-10 09:25 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-10 09:25 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-10 09:25 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-10 09:25 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-06 22:06 --d----- c:\program files\Sunbelt Software
2009-01-06 19:56 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-01-06 19:55 --d----- c:\documents and settings\maddi\.housecall6.6
2009-01-06 02:29 491 a------- c:\windows\system32\win32hlp.cnf

==================== Find3M ====================

2008-10-23 08:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-16 15:38 826,368 a------- c:\windows\system32\wininet.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2006-10-05 19:24 148 a------- c:\docume~1\maddi\applic~1\wklnhst.dat
2004-03-23 17:14 724,597,104 a------- c:\documents and settings\maddi\AUTOCAD_2005.bin

============= FINISH: 18:44:48.43 ===========

madihamemon
Novice
Novice

Status :
Online
Offline

Posts : 45
Joined : 2009-01-09
OS : Windows XP
Points : 28890
# Likes : 0

View user profile

Back to top Go down

Solved Re: 18 trojans on my computer

Post by Belahzur on Sun Jan 11, 2009 11:55 pm


  • Now open a new notepad file.
  • Input this into the notepad file:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

  • Save this as fix.reg, save it to your desktop.
  • Double click fix.reg to run it.
  • Select yes to the registry merge prompt.

Delete this file in bold:
c:\windows\system32\win32hlp.cnf


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Solved Re: 18 trojans on my computer

Post by madihamemon on Mon Jan 12, 2009 4:37 am

Ok I did that. I was wondering maybe I got all these viruses because I dont have an anti-virus. Are there any free anti-virus softwares?

madihamemon
Novice
Novice

Status :
Online
Offline

Posts : 45
Joined : 2009-01-09
OS : Windows XP
Points : 28890
# Likes : 0

View user profile

Back to top Go down

Solved Re: 18 trojans on my computer

Post by Belahzur on Mon Jan 12, 2009 2:09 pm

You have f-secure installed?
If you don't want to use that, let me know and we'll switch to something else.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Solved Re: 18 trojans on my computer

Post by Doctor Inferno on Sat Mar 28, 2009 8:13 am

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Status :
Online
Offline

Posts : 12017
Joined : 2007-12-26
Gender : Male
OS : Windows 7 Home Premium and Ultimate X64
Points : 104564
# Likes : 0

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum