Jump to content


Photo

Unresponsive Script Error constantly, plz help.


  • This topic is locked This topic is locked
13 replies to this topic

#1 Jerzmade

Jerzmade

    Member

  • Full Member
  • Pip
  • 66 posts

Posted 19 August 2010 - 06:26 PM

I noticed i am getting a lot of warning unresponsive script errors while using firefox. I will open up firefox and it'll freeze up for a minute then give me a pop up error message. I used malewarbytes to see if i have any viruses and spyware but comes up clean. ill run a hjt log for u guys to see if anything can be spotted.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:26:10 PM, on 8/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Updater.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://register.hp....e=EN&prodOS=011
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AutoTBar] AUTOTBAR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...t Installer.cab
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h50203.www5.h...DataManager.CAB
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.euchannel...e/KooPlayer.ocx
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.updat...b?1201289319421
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: F-Secure BlackLight Sensor - Unknown owner - C:\DOCUME~1\BRYANC~1\LOCALS~1\Temp\F-Secure\Anti-Virus\fsblsrv.exe (file missing)
O23 - Service: Google Update Service (gupdate1cac26c38a08682) (gupdate1cac26c38a08682) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

--
End of file - 12291 bytes

#2 Jerzmade

Jerzmade

    Member

  • Full Member
  • Pip
  • 66 posts

Posted 19 August 2010 - 07:41 PM

mrwang's comment got deleted and idk if i was supposed to do it but i ran a combofix program and got the log. Hope it wasnt any spyware.

EDIT: MrWong's comment was from someone who is untrained and his advice could have disabled your computer... Please only follow responses from our trained staff... Also, please note that it is generally not a good idea to run ComboFix without someone guiding you, it is very powerful... Thank you...

i deleted the hjt file that was selected. and heres the combofix log.


ComboFix 10-08-18.04 - Bryan Carpenter 08/19/2010 20:03:09.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.638.101 [GMT -4:00]
Running from: c:\documents and settings\Bryan Carpenter\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *enabled* {BFD080F6-3BF0-40E1-9507-9CA969C35870}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Fonts\serf1257.fon

.
((((((((((((((((((((((((( Files Created from 2010-07-20 to 2010-08-20 )))))))))))))))))))))))))))))))
.

2010-08-18 19:13 . 2010-08-18 19:13 -------- d-----w- c:\documents and settings\Bryan Carpenter\Application Data\StreamTorrent
2010-08-18 19:13 . 2010-08-18 19:13 -------- d-----w- c:\program files\StreamTorrent 1.0
2010-08-10 20:04 . 2010-08-10 20:10 -------- d-----w- c:\documents and settings\Bryan Carpenter\Calibre Library
2010-08-10 20:03 . 2010-08-10 20:07 -------- d-----w- c:\documents and settings\Bryan Carpenter\Application Data\calibre
2010-08-10 19:59 . 2010-08-10 20:01 -------- d-----w- c:\program files\Calibre2
2010-08-07 02:06 . 2010-08-16 23:03 -------- d-----w- c:\documents and settings\Bryan Carpenter\Application Data\BitTorrent
2010-08-07 02:06 . 2010-08-07 02:06 -------- d-----w- c:\program files\BitTorrent
2010-08-04 20:31 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-04 20:31 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-04 20:31 . 2010-08-04 20:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-04 19:46 . 2010-08-04 20:19 -------- d-----w- c:\program files\Tansee iPhone Transfer SMS
2010-07-30 15:47 . 2010-07-30 15:51 -------- d-----w- c:\program files\iTunes
2010-07-30 15:34 . 2010-07-30 15:34 -------- d-----w- c:\program files\Bonjour
2010-07-30 14:34 . 2010-08-20 00:21 -------- d-----w- c:\windows\system32\CatRoot2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-18 17:52 . 2010-01-18 15:25 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-13 16:53 . 2007-12-13 23:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-09 16:57 . 2008-10-20 11:23 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-08-07 01:16 . 2005-04-29 12:33 -------- d-----w- c:\program files\Common Files\Java
2010-08-07 01:10 . 2005-04-29 12:33 -------- d-----w- c:\program files\Java
2010-07-30 15:50 . 2005-04-29 13:02 -------- d-----w- c:\program files\iPod
2010-07-30 15:49 . 2009-05-26 02:59 -------- d-----w- c:\program files\Common Files\Apple
2010-07-24 21:02 . 2009-09-25 17:01 -------- d-----w- c:\documents and settings\Bryan Carpenter\Application Data\HpUpdate
2010-07-17 09:00 . 2010-05-14 02:14 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:31 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 20:57 . 2010-07-08 04:35 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2008-01-14 00:52 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2008-01-14 00:53 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2008-06-30 14:58 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2008-01-14 00:53 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2008-01-14 00:53 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2008-01-14 00:53 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2008-06-30 14:58 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2008-01-14 00:53 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-25 00:52 . 2010-06-25 00:51 -------- d-----w- c:\documents and settings\Bryan Carpenter\Application Data\Facebook
2010-06-24 12:22 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-04 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-09-21 18:32 . 2008-01-11 20:04 2467616 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-21 18:32 . 2008-01-11 20:04 62496 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-08-13 2403568]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 339968]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 794624]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 188416]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"iRiver Updater"="\Updater.exe" [2004-07-01 212992]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-06-26 236016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-13 202256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

c:\documents and settings\Bryan Carpenter\Start Menu\Programs\Startup\
Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2007-5-9 1585233]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2003-9-30 57344]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-29 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-10 01:43 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 19:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\UltraVNC\\winvnc.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

R0 IFP300;iriver Internet Audio Player IFP-300;c:\windows\system32\drivers\ifp300.sys [5/11/2008 3:06 PM 14531]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/26/2009 1:51 AM 28552]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/30/2008 10:58 AM 165456]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [4/26/2007 11:21 AM 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [4/26/2007 11:21 AM 72624]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 2:53 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 1:39 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/30/2008 10:58 AM 17744]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [4/26/2007 11:21 AM 1234480]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [12/15/2004 11:18 AM 200192]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/17/2007 8:38 PM 682232]
S2 gupdate1cac26c38a08682;Google Update Service (gupdate1cac26c38a08682);c:\program files\Google\Update\GoogleUpdate.exe [3/13/2010 1:15 AM 133104]
S2 pciinfo;HP Pci Information;\??\c:\docume~1\BRYANC~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\BRYANC~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]
S3 fsbl;F-Secure BlackLight Engine Driver;\??\c:\docume~1\BRYANC~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsbldrv.sys --> c:\docume~1\BRYANC~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsbldrv.sys [?]
S3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [5/17/2007 9:18 PM 7548]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 6:51 PM 12872]
S4 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor;c:\docume~1\BRYANC~1\LOCALS~1\Temp\F-Secure\Anti-Virus\fsblsrv.exe --> c:\docume~1\BRYANC~1\LOCALS~1\Temp\F-Secure\Anti-Virus\fsblsrv.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2010-08-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 05:15]

2010-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 05:15]

2010-08-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = https://register.hp....e=EN&prodOS=011
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: microsoft.com
DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} - hxxp://www.euchannels.net/update/KooPlayer.ocx
FF - ProfilePath - c:\documents and settings\Bryan Carpenter\Application Data\Mozilla\Firefox\Profiles\5rb01o0t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\Bryan Carpenter\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Bryan Carpenter\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\Bryan Carpenter\Application Data\Move Networks\plugins\npqmp071705000014.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-RegistryMechanic - (no file)
HKLM-Run-AutoTBar - AUTOTBAR.EXE
SafeBoot-AVG Anti-Spyware Driver



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-19 20:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1144)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3284)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
C:\Updater.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\HPQ\SHARED\HPQWMI.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-08-19 20:36:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-20 00:36
ComboFix2.txt 2008-01-13 07:04

Pre-Run: 27,525,050,368 bytes free
Post-Run: 27,388,465,152 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=15 Default=15 Failed=3 LastKnownGood=16 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
- - End Of File - - 30401D116458118BC5C16A07D7F721D0

#3 Jerzmade

Jerzmade

    Member

  • Full Member
  • Pip
  • 66 posts

Posted 19 August 2010 - 07:51 PM

ah geez i hope i didnt ruin anything. But thank you for your heads up i appreciate it. I ran combofix and idk if it did anything bad. hopefully not.


update*****

Just tried loading up my firefox again and I still seem to have a lagging firefox with these scripts popping up. My computer is always up to date and always thouroughly cleaned with programs i got from here. Probably the first problem I cant overcome myself. Help is much appreciated to all. I'll wait around for the experts here when ya have time to take a look. Thanks guys, n gals.

Edited by Jerzmade, 20 August 2010 - 01:36 PM.


#4 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,484 posts

Posted 22 August 2010 - 07:13 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.


[this is an automated reply]
This is an automated message. It does not count as help.

#5 lance_yien

lance_yien

    Forum Deity

  • Malware Support Mod
  • PipPipPipPipPip
  • 2,442 posts

Posted 27 August 2010 - 04:04 AM

Hello Jerzmade and welcome to SWI.

I'm lance_yien and will be helping you.

 Very Important!

:excl: Please do immediately:
  • Make sure you have read the forum FAQ.
  • In the upper right hand corner of the topic you will see a button called "Watch this topic", by clicking on this => "Immediate E-Mail notification" => "Proceed" you will be advised when we respond to your topic and facilitate the cleaning of your machine.
:excl: During this cleanup, please DO NOT run, install and/or uninstall any tools/ programs other than those I suggest to you because some programs can interfere with others and/ or can cause some problems to your system.

:excl: When you receive new instructions,
  • Please Read the whole message.
  • All our tools must be launched from the Desktop (unless otherwise specified). Please make sure to save them to your Desktop and check before running each program.
    To move a tool to your Desktop, right-click on it => "Cut". Right-click on your Desktop => "Paste".
  • Please disable ALL your protection programs (antiVirus, firewall and antiSpyware), they may otherwise interfere with our tools. If you don't know how to do, please see here and/or here.
  • Please perform all steps in the received order and DO NOT proceed if you need clarification.
  • Please DO NOT re-run any program I suggest. If you encounter problems please stop and tell me about it.
  • After posting your reply, please re-enable your antivirus and firewall programs.
:excl: When replying,
  • Please use the Add Reply button Posted Image. I do not need to see my previous instructions. Thank you!
  • Please copy and paste your logs into your post unless specifically asked to attach one:
    - Click "Edition" => "Select all".
    - Click "Edition" => "Copy".
    In your next reply, right-click => "Paste".
 

>>> Your log shows that you are running 3 antispyware programs:
Windows Defender
Grisoft\AVG Anti-Spyware 7.5
SUPERAntiSpyware


Running more than one resident protection program of the same type (antivirus, firewall or antispyware program) at the same time can result in unwanted conflict.
This can reduce the effectiveness of all your programs individually and may slowdown your computer.


I recommend you keep ONLY ONE running and disable or uninstall the rest:
  • AVG Anti-Spyware is no longer available and I suggest you uninstall it by going to Start => Control Panel double-click on the Software icon => Add or Remove Programs. Select the program and click "Remove".
  • To disable SUPERAntiSpyware, please open the program and click "Preferences" and then uncheck the box "Start SUPERAntiSpyware when Windows starts".
  • To disable Windows Defender, please open the program => Tools => General Settings and scroll down to Real Time Protection Options. Uncheck "Turn on Real Time Protection (recommended)" and click on the "Save" button. Then close Windows Defender.
    --

Please print out these instructions or copy them to a Notepad file for an easier reading and delete your copy of ComboFix (just right on it => "Delete").

>>> Download to your Desktop:
  • CCleaner (freeware) from here.
  • GooredFix by jpshortstuff from here or here
  • Security Check by screen317 from here or here.
  • ComboFix© by sUBs from here or here

>>> Run the CCleaner installer by double clicking ccsetup....exe, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar).
Once installed, run the CCleaner by clicking its icon on your Desktop or "Start" => "All programs" => "CCleaner"..

The following should be selected by default, if not, please select:

Posted Image

Then please click Posted Image and choose Posted Image

Please uncheck Posted Image

Then go back to Posted Image and click Posted Image to run it.


>>> Please go to Start => Run. Type Notepad in the Open field and click OK.
Copy and paste the text present inside the quote box below:

Driver::
pciinfo
S3 fsbl
F-Secure BlackLight Sensor


Save this as CFScript.txt, in the same location as ComboFix.exe.
Please close any open browsers and disable all your Protection Programs so they do not interfere with the running of ComboFix.

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
This will start ComboFix again.
After reboot, (in case it asks to reboot), it will produce a log for you.
Please reboot the computer (if ComboFix did not ask for a reboot) and post the Combofix log in your next reply.


>>> Please ensure all Firefox windows are closed and double click ( right-click) GooredFix.exe (and select Run As Administrator). Click Yes when prompted to run the scan.
GooredFix will check for infections, and then a log will appear and can also be found on your desktop, called GooredFix.txt.
Please copy and paste the contents of this log in yor next reply.


>>> Please double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt. Please copy and past its contents into your next reply.


In your next reply, please include the following:
  • ComboFix.txt
  • GooredFix.exe
  • checkup.txt
Please let me know if you still have any problems (important to give you the next instructions)

EI | SWI | ZEBULON | Posted Image | Posted Image

My help is free, but if you wish to help keep these forums running please consider a donation. Please, see here for details.

#6 Jerzmade

Jerzmade

    Member

  • Full Member
  • Pip
  • 66 posts

Posted 27 August 2010 - 01:55 PM

Thank you very much for your help lance.

Ok so heres what i did. everything that you said.

I disabled windows defender, got ride of/uninstalled superantispyware, and left avast as my primary anti virus.

I ran the ccleaner, ran combofix, ran the goored fix, and did the security check.

Here are my logs.

Combo fix:

ComboFix 10-08-26.04 - Bryan Carpenter 08/27/2010 14:06:54.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.638.335 [GMT -4:00]
Running from: c:\documents and settings\Bryan Carpenter\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Bryan Carpenter\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *enabled* {BFD080F6-3BF0-40E1-9507-9CA969C35870}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_F-SECURE_BLACKLIGHT_SENSOR
-------\Legacy_PCIINFO
-------\Service_F-Secure BlackLight Sensor
-------\Service_pciinfo


((((((((((((((((((((((((( Files Created from 2010-07-27 to 2010-08-27 )))))))))))))))))))))))))))))))
.

2010-08-24 00:19 . 2010-08-24 00:22 -------- d-----w- c:\program files\Security Task Manager
2010-08-23 20:37 . 2010-08-23 20:39 -------- d-----w- c:\documents and settings\Bryan Carpenter\Application Data\vlc
2010-08-23 20:35 . 2010-08-23 20:35 -------- d-----w- c:\program files\VideoLAN
2010-08-18 19:13 . 2010-08-18 19:13 -------- d-----w- c:\documents and settings\Bryan Carpenter\Application Data\StreamTorrent
2010-08-18 19:13 . 2010-08-18 19:13 -------- d-----w- c:\program files\StreamTorrent 1.0
2010-08-10 20:04 . 2010-08-10 20:10 -------- d-----w- c:\documents and settings\Bryan Carpenter\Calibre Library
2010-08-10 20:03 . 2010-08-10 20:07 -------- d-----w- c:\documents and settings\Bryan Carpenter\Application Data\calibre
2010-08-10 19:59 . 2010-08-10 20:01 -------- d-----w- c:\program files\Calibre2
2010-08-07 02:06 . 2010-08-26 03:49 -------- d-----w- c:\documents and settings\Bryan Carpenter\Application Data\BitTorrent
2010-08-07 02:06 . 2010-08-25 19:01 -------- d-----w- c:\program files\BitTorrent
2010-08-04 20:31 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-04 20:31 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-04 20:31 . 2010-08-04 20:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-04 19:46 . 2010-08-04 20:19 -------- d-----w- c:\program files\Tansee iPhone Transfer SMS
2010-07-30 15:47 . 2010-07-30 15:51 -------- d-----w- c:\program files\iTunes
2010-07-30 15:34 . 2010-07-30 15:34 -------- d-----w- c:\program files\Bonjour
2010-07-30 14:34 . 2010-08-27 18:06 -------- d-----w- c:\windows\system32\CatRoot2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-24 00:22 . 2009-04-08 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-08-18 17:52 . 2010-01-18 15:25 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-13 16:53 . 2007-12-13 23:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-09 16:57 . 2008-10-20 11:23 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-08-07 01:16 . 2005-04-29 12:33 -------- d-----w- c:\program files\Common Files\Java
2010-08-07 01:10 . 2005-04-29 12:33 -------- d-----w- c:\program files\Java
2010-07-30 15:50 . 2005-04-29 13:02 -------- d-----w- c:\program files\iPod
2010-07-30 15:49 . 2009-05-26 02:59 -------- d-----w- c:\program files\Common Files\Apple
2010-07-24 21:02 . 2009-09-25 17:01 -------- d-----w- c:\documents and settings\Bryan Carpenter\Application Data\HpUpdate
2010-07-17 09:00 . 2010-05-14 02:14 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:31 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 20:57 . 2010-07-08 04:35 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2008-01-14 00:52 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2008-01-14 00:53 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2008-06-30 14:58 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2008-01-14 00:53 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2008-01-14 00:53 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2008-01-14 00:53 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2008-06-30 14:58 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2008-01-14 00:53 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-24 12:22 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-04 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-09-21 18:32 . 2008-01-11 20:04 2467616 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-21 18:32 . 2008-01-11 20:04 62496 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 339968]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 794624]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 188416]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"iRiver Updater"="\Updater.exe" [2004-07-01 212992]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-06-26 236016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-13 202256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

c:\documents and settings\Bryan Carpenter\Start Menu\Programs\Startup\
Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2007-5-9 1585233]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2003-9-30 57344]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-29 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-10 01:43 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 19:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\UltraVNC\\winvnc.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

R0 IFP300;iriver Internet Audio Player IFP-300;c:\windows\system32\drivers\ifp300.sys [5/11/2008 3:06 PM 14531]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/26/2009 1:51 AM 28552]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/30/2008 10:58 AM 165456]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [4/26/2007 11:21 AM 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [4/26/2007 11:21 AM 72624]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 2:53 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 1:39 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/30/2008 10:58 AM 17744]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [12/15/2004 11:18 AM 200192]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/17/2007 8:38 PM 682232]
S2 gupdate1cac26c38a08682;Google Update Service (gupdate1cac26c38a08682);c:\program files\Google\Update\GoogleUpdate.exe [3/13/2010 1:15 AM 133104]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [4/26/2007 11:21 AM 1234480]
S3 fsbl;F-Secure BlackLight Engine Driver;\??\c:\docume~1\BRYANC~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsbldrv.sys --> c:\docume~1\BRYANC~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsbldrv.sys [?]
S3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [5/17/2007 9:18 PM 7548]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 6:51 PM 12872]
.
Contents of the 'Scheduled Tasks' folder

2010-08-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 05:15]

2010-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 05:15]

2010-08-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = https://register.hp....e=EN&prodOS=011
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: microsoft.com
DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} - hxxp://www.euchannels.net/update/KooPlayer.ocx
FF - ProfilePath - c:\documents and settings\Bryan Carpenter\Application Data\Mozilla\Firefox\Profiles\5rb01o0t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\Bryan Carpenter\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Bryan Carpenter\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\Bryan Carpenter\Application Data\Move Networks\plugins\npqmp071705000014.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-AVG Anti-Spyware Guard



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-27 14:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1144)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(292)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
C:\Updater.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HPQ\SHARED\HPQWMI.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-08-27 14:38:51 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-27 18:38
ComboFix2.txt 2010-08-20 00:36
ComboFix3.txt 2008-01-13 07:04

Pre-Run: 26,164,387,840 bytes free
Post-Run: 26,087,612,416 bytes free

Current=15 Default=15 Failed=3 LastKnownGood=16 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
- - End Of File - - E96A007D8C1BDA856800520DA64ECA6B
.....................................................................................

Goored Fix:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 14:46 on 27/08/2010 (Bryan Carpenter)
Firefox version 3.6.8 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [18:16 19/03/2009]
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [01:10 25/11/2008]
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [02:09 13/03/2009]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [02:16 01/04/2009]
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [17:43 10/06/2009]
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [02:48 05/08/2009]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [01:28 04/11/2009]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [02:14 14/05/2010]
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [01:13 07/08/2010]

C:\Documents and Settings\Bryan Carpenter\Application Data\Mozilla\Firefox\Profiles\5rb01o0t.default\extensions\
Access Privileges Test [19:34 31/12/2009]
firefox@tvunetworks.com [03:24 16/12/2009]
illimitux@illimitux.net [23:09 10/03/2010]
{20a82645-c095-46ed-80e3-08825760534b} [05:01 27/04/2010]
{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} [11:23 20/10/2008]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [00:19 12/03/2010]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [02:13 14/05/2010]

-=E.O.F=-

....................................................................

Security Check:

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
avast! Free Antivirus
Sunbelt Personal Firewall
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner (remove only)
Java™ 6 Update 21
Adobe Flash Player 10.1.82.76
Adobe Reader 9.3.4
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Windows Defender MSASCui.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Windows Defender MsMpEng.exe
Windows Defender MSASCui.exe
Alwil Software Avast5 AvastSvc.exe
ALWILS~1 Avast5 avastUI.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````


I wont do anything until you instruct me further. Thanks again lance. You the man!!!

#7 lance_yien

lance_yien

    Forum Deity

  • Malware Support Mod
  • PipPipPipPipPip
  • 2,442 posts

Posted 28 August 2010 - 10:22 AM

Please, print out these instructions or copy them to a Notepad file for an easier reading.
Then, please go to Start => Run. Type Notepad in the Open field and click OK.
Copy and paste the text present inside the quote box below:

Drive::
fsbl

File::
c:\docume~1\BRYANC~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsbldrv.sys
c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\{20a82645-c095-46ed-80e3-08825760534b}


Save this as CFScript.txt, in the same location as ComboFix.exe.
Please close any open browsers and disable all your Protection Programs so they do not interfere with the running of ComboFix.

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
This will start ComboFix again.
After reboot, (in case it asks to reboot), it will produce a log for you.
Please reboot the computer (if ComboFix did not ask for a reboot) and post the Combofix log in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):
  • ComboFix.txt
Does that help for Firefox?
Do you still have any problems?

EI | SWI | ZEBULON | Posted Image | Posted Image

My help is free, but if you wish to help keep these forums running please consider a donation. Please, see here for details.

#8 Jerzmade

Jerzmade

    Member

  • Full Member
  • Pip
  • 66 posts

Posted 28 August 2010 - 01:23 PM

ComboFix 10-08-26.04 - Bryan Carpenter 08/28/2010 13:35:02.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.638.378 [GMT -4:00]
Running from: c:\documents and settings\Bryan Carpenter\Desktop\SWI Fix\ComboFix.exe
Command switches used :: c:\documents and settings\Bryan Carpenter\Desktop\SWI Fix\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *disabled* {BFD080F6-3BF0-40E1-9507-9CA969C35870}

FILE ::
"c:\docume~1\BRYANC~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsbldrv.sys"
"c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\{20a82645-c095-46ed-80e3-08825760534b}"
.

((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-28 )))))))))))))))))))))))))))))))
.

2010-08-24 00:20 . 2010-08-24 00:20 1162 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_96AD698E399FE0445851BE91E7BF82F4.dll
2010-08-23 20:37 . 2010-08-23 20:39 -------- d-----w- c:\documents and settings\Bryan Carpenter\Application Data\vlc
2010-08-23 20:35 . 2010-08-23 20:35 -------- d-----w- c:\program files\VideoLAN
2010-08-18 19:13 . 2010-08-18 19:13 -------- d-----w- c:\documents and settings\Bryan Carpenter\Application Data\StreamTorrent
2010-08-18 19:13 . 2010-08-18 19:13 -------- d-----w- c:\program files\StreamTorrent 1.0
2010-08-10 20:04 . 2010-08-10 20:10 -------- d-----w- c:\documents and settings\Bryan Carpenter\Calibre Library
2010-08-10 20:03 . 2010-08-10 20:07 -------- d-----w- c:\documents and settings\Bryan Carpenter\Application Data\calibre
2010-08-10 19:59 . 2010-08-10 20:01 -------- d-----w- c:\program files\Calibre2
2010-08-07 02:06 . 2010-08-28 08:29 -------- d-----w- c:\documents and settings\Bryan Carpenter\Application Data\BitTorrent
2010-08-07 02:06 . 2010-08-27 19:07 -------- d-----w- c:\program files\BitTorrent
2010-08-07 01:14 . 2010-08-07 01:14 503808 ----a-w- c:\documents and settings\Bryan Carpenter\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-64785042-n\msvcp71.dll
2010-08-07 01:14 . 2010-08-07 01:14 499712 ----a-w- c:\documents and settings\Bryan Carpenter\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-64785042-n\jmc.dll
2010-08-07 01:14 . 2010-08-07 01:14 61440 ----a-w- c:\documents and settings\Bryan Carpenter\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1b4532ab-n\decora-sse.dll
2010-08-07 01:14 . 2010-08-07 01:14 348160 ----a-w- c:\documents and settings\Bryan Carpenter\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-64785042-n\msvcr71.dll
2010-08-07 01:14 . 2010-08-07 01:14 12800 ----a-w- c:\documents and settings\Bryan Carpenter\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1b4532ab-n\decora-d3d.dll
2010-08-04 20:31 . 2008-06-12 10:09 33088 ----a-w- c:\documents and settings\Bryan Carpenter\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-04 20:31 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-04 20:31 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-04 20:31 . 2010-08-04 20:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-04 19:46 . 2010-08-04 20:19 -------- d-----w- c:\program files\Tansee iPhone Transfer SMS
2010-07-30 15:47 . 2010-07-30 15:51 -------- d-----w- c:\program files\iTunes
2010-07-30 15:34 . 2010-07-30 15:34 -------- d-----w- c:\program files\Bonjour
2010-07-30 15:30 . 2010-07-30 15:30 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-30 14:34 . 2010-08-28 17:34 -------- d-----w- c:\windows\system32\CatRoot2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-28 17:24 . 2009-04-08 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-08-28 04:40 . 2009-03-26 21:26 1 ----a-w- c:\documents and settings\Bryan Carpenter\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-24 00:22 . 2010-08-24 00:19 -------- d-----w- c:\program files\Security Task Manager
2010-08-24 00:20 . 2010-08-24 00:19 1241 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_3F0CDB91BF1534746B484E1E8AB75328.dll
2010-08-18 17:52 . 2010-01-18 15:25 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-13 16:53 . 2007-12-13 23:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-09 16:57 . 2008-10-20 11:23 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-08-07 01:16 . 2005-04-29 12:33 -------- d-----w- c:\program files\Common Files\Java
2010-08-07 01:10 . 2005-04-29 12:33 -------- d-----w- c:\program files\Java
2010-07-30 15:50 . 2005-04-29 13:02 -------- d-----w- c:\program files\iPod
2010-07-30 15:49 . 2009-05-26 02:59 -------- d-----w- c:\program files\Common Files\Apple
2010-07-24 21:02 . 2009-09-25 17:01 -------- d-----w- c:\documents and settings\Bryan Carpenter\Application Data\HpUpdate
2010-07-17 09:00 . 2010-05-14 02:14 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:31 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 20:57 . 2010-07-08 04:35 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2008-01-14 00:52 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2008-01-14 00:53 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2008-06-30 14:58 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2008-01-14 00:53 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2008-01-14 00:53 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2008-01-14 00:53 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2008-06-30 14:58 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2008-01-14 00:53 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-25 00:52 . 2010-06-25 00:52 50354 ----a-w- c:\documents and settings\Bryan Carpenter\Application Data\Facebook\uninstall.exe
2010-06-24 12:22 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-04 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-08-04 08:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\Bryan Carpenter\Application Data\Facebook\npfbplugin_1_0_3.dll
2009-09-21 18:32 . 2008-01-11 20:04 2467616 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-21 18:32 . 2008-01-11 20:04 62496 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 339968]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 794624]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 188416]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"iRiver Updater"="\Updater.exe" [2004-07-01 212992]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-06-26 236016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-13 202256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

c:\documents and settings\Bryan Carpenter\Start Menu\Programs\Startup\
Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2007-5-9 1585233]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2003-9-30 57344]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-29 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-10 01:43 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 19:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\UltraVNC\\winvnc.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

R0 IFP300;iriver Internet Audio Player IFP-300;c:\windows\system32\drivers\ifp300.sys [5/11/2008 3:06 PM 14531]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/26/2009 1:51 AM 28552]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/30/2008 10:58 AM 165456]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [4/26/2007 11:21 AM 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [4/26/2007 11:21 AM 72624]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 2:53 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 1:39 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/30/2008 10:58 AM 17744]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [4/26/2007 11:21 AM 1234480]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [12/15/2004 11:18 AM 200192]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/17/2007 8:38 PM 682232]
S2 gupdate1cac26c38a08682;Google Update Service (gupdate1cac26c38a08682);c:\program files\Google\Update\GoogleUpdate.exe [3/13/2010 1:15 AM 133104]
S3 fsbl;F-Secure BlackLight Engine Driver;\??\c:\docume~1\BRYANC~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsbldrv.sys --> c:\docume~1\BRYANC~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsbldrv.sys [?]
S3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [5/17/2007 9:18 PM 7548]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 6:51 PM 12872]
.
Contents of the 'Scheduled Tasks' folder

2010-08-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 05:15]

2010-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 05:15]

2010-08-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = https://register.hp....e=EN&prodOS=011
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: microsoft.com
DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} - hxxp://www.euchannels.net/update/KooPlayer.ocx
FF - ProfilePath - c:\documents and settings\Bryan Carpenter\Application Data\Mozilla\Firefox\Profiles\5rb01o0t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\Bryan Carpenter\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Bryan Carpenter\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\Bryan Carpenter\Application Data\Move Networks\plugins\npqmp071705000014.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-28 13:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1144)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2736)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-08-28 13:53:13
ComboFix-quarantined-files.txt 2010-08-28 17:53
ComboFix2.txt 2010-08-27 18:38
ComboFix3.txt 2010-08-20 00:36
ComboFix4.txt 2008-01-13 07:04

Pre-Run: 26,198,773,760 bytes free
Post-Run: 26,178,318,336 bytes free

Current=15 Default=15 Failed=3 LastKnownGood=16 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
- - End Of File - - 6C9F7C6F35F083DB5C9EC81ADDC26DA6


-------------------------------------------------------------------------


It has cleaned up my firefox for the most part. But i did get one unresponsive script error. Better than my usual every click of a page though.

#9 lance_yien

lance_yien

    Forum Deity

  • Malware Support Mod
  • PipPipPipPipPip
  • 2,442 posts

Posted 29 August 2010 - 05:12 AM

Please set your Windows to show hidden/system files and folders.

Please click Start and open My Computer.
On the Tools menu, click on Folder Options.
On the View tab, uncheck "Hide file extensions for known file types".
Uncheck "Hide protected operating system files (Recommended)" and click Yes on the warning message.
Under "Hidden files and folders", check "Show hidden files and folders".
Click Apply to All Folders.
Click OK and close My Computer.

Navigate and delete these files/ folders (in bold):
C:\Documents and Settings\Bryan Carpenter\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbldrv.sys
C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\{20a82645-c095-46ed-80e3-08825760534b}

Note: If you get any problem, try in Safe Mode.

Now, please set your Windows to hide hidden/system files and folders since this is safer now that your system seems to be clean.

Please click Start and open My Computer.
On the Tools menu, click on Folder Options.
On the View tab, check "Hide file extensions for known file types".
Check "Hide protected operating system files (Recommended)". Under "Hidden files and folders", check "Do not show hidden files and folders".
Click Apply to All Folders.
Click OK and close My Computer.

Does that help?
EI | SWI | ZEBULON | Posted Image | Posted Image

My help is free, but if you wish to help keep these forums running please consider a donation. Please, see here for details.

#10 Jerzmade

Jerzmade

    Member

  • Full Member
  • Pip
  • 66 posts

Posted 29 August 2010 - 08:04 PM

I tried what you told me to do, but...

When i went to the temp folder there wasnt a online scanner anti virus file, neither was there that microsoft.net file you told me to delete.

i made sure the boxes were unchecked and hit apply to all folders.

#11 lance_yien

lance_yien

    Forum Deity

  • Malware Support Mod
  • PipPipPipPipPip
  • 2,442 posts

Posted 30 August 2010 - 12:55 AM

Please download and install Revo Uninstaller (Freeware) from here. Then please run Revo Uninstaller.

Select "Mozilla Firefox" and click the Uninstall button. Posted Image

Please choose Advanced. Posted Image

Then click Next and follow the prompts.

Please click Select All (1.) and Delete (2.) Posted Image

to delete all registry items, folders and files listed by Revo.
If asked to restart the computer, please do so immediately.

Now, download and install the latest version of Firefox from here.

Any problems remaining?.
EI | SWI | ZEBULON | Posted Image | Posted Image

My help is free, but if you wish to help keep these forums running please consider a donation. Please, see here for details.

#12 Jerzmade

Jerzmade

    Member

  • Full Member
  • Pip
  • 66 posts

Posted 02 September 2010 - 01:26 PM

im pretty sure that cleared all the unresponsive script errors, i havent gotten one yet after a day n a half of use. Thanks man this worked and ya cleaned out my machine very nicely. I appreciate your help and if theres anything I can do to help out the site jus let me know. i love this place.

#13 lance_yien

lance_yien

    Forum Deity

  • Malware Support Mod
  • PipPipPipPipPip
  • 2,442 posts

Posted 03 September 2010 - 12:47 AM

Hi Jerzmade,

Good to know that your problem seems to have been fixed :thumbup:

I appreciate your help and if theres anything I can do to help out the site jus let me know. i love this place.

Please, see here for details. Thank you :)

>>> Tools removal:
  • Please remove ComboFix from your computer by going to Start => Run and type (or copy and paste) ComboFix /Uninstall in the runbox. Click OK (make sure to leave a space between ComboFix and /Uninstall).
    It will remove all its files/ folders and reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point for you.
  • Please delete any other files/folders of our tools (right-click => "Delete).

>>> Protect your computer:
  • Enable Automatic Updates for your Windows under Start => Control Panel => Automatic Updates. These updates address known issues and will strengthen your protection against known security threats. Without these updates I can almost guarantee that you will get infected again.
  • Back up your Registry with ERUNT. It can help you especially if the System Restore is disabled by malware or corrupted for some reasons.
  • Make sure your programs are up to date - because older versions may contain Security Leaks.
    To find out what programs need to be updated, please run the Secunia Software Inspector Scan.
  • Please, note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here: http://www.spywarewa...nti-spyware.htm
  • Nowadays, most malware is developed only to steal personal information and/or various passwords. I recommend you change all your passwords - make sure you create strong passwords and use a different password for every site (you can keep them in KeePass).

>>> Finally, I highly recommend you read:

Hopefully this should take care of your problems!

Safe surfing! :)
EI | SWI | ZEBULON | Posted Image | Posted Image

My help is free, but if you wish to help keep these forums running please consider a donation. Please, see here for details.

#14 lance_yien

lance_yien

    Forum Deity

  • Malware Support Mod
  • PipPipPipPipPip
  • 2,442 posts

Posted 06 September 2010 - 05:25 AM

Since the issue appears to be resolved, this topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
EI | SWI | ZEBULON | Posted Image | Posted Image

My help is free, but if you wish to help keep these forums running please consider a donation. Please, see here for details.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button