PDA

View Full Version : Dealing with VBS:ExeDropper-gen



cyberson
2010-08-04, 17:46
Hello,

I have a severe virus on my PC. I have ran AVG, Malwarebytes, Spybot, and Avast (on Boot Scan). I have found the same virus over and over.

VBS:ExeDropper-gen (Trj)
Win32/Z.bot.A

Need to get this off of my computer pronto!

Please help...

Some of the symptoms

**Broswer redirect
**Can not access Firefox or do certain functions in IE
**Missing deskstop shortcuts
**Can not open files that I opened before

There might be more then just that virus.

Here are the dds log
I have also provided the attach.zip

Thank You


DDS (Ver_10-03-17.01) - NTFSx86
Run by Same Cane at 10:24:04.09 on Wed 08/04/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1534.985 [GMT -4:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alwil Software\Avast5\setup\avast.setup
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\SoftwareDistribution\Download\a37ea2d49e8a7659886ac76c226cad7d\update\update.exe
C:\Documents and Settings\Same Cane\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://support.dell.com/support/downloads/download.aspx?c=us&l=en&s=gen&releaseid=R130051&SystemID=DIMENSION%205150/E510&os=WW1&osl=en&deviceid=10373&devlib=0&typecnt=1&vercnt=2&formatcnt=1&libid=32&fileid=173334&appindex=ds
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\userinit.exe ,c:\windows\system32\userinlt.exe,c:\program files\microsoft\desktoplayer.exe,
BHO: rsion - No File
BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {0347C33E-8762-4905-BF09-768834316C61} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: {d0025934-45ed-c023-0570-ccd5fe5b4cff} - No File
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File
BHO: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - No File
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
TB: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [{4A7AE0E8-B158-65FC-94C1-73BF7C86022F}] "c:\documents and settings\same cane\application data\oruc\zacyc.exe"
uRun: [a256fb97-162a-4558-be23-08ae4bbcb195_46] rundll32.exe "c:\documents and settings\same cane\application data\a256fb97-162a-4558-be23-08ae4bbcb195_46.avi", start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
StartupFolder: c:\docume~1\sameca~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {066040F0-5018-4E15-8AA0-81D36136D989}
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab53083.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director/cabs/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} - hxxp://musicmix.messenger.msn.com/Medialogic.CAB
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.cab
DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/controls/ysftcntr/ysftcntr_current.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab53083.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168065754156
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204692064375
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab53083.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab53852.cab
DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} - hxxp://messenger.zone.msn.com/binary/WoF.cab31267.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} - hxxp://zone.msn.com/bingame/zpagames/CheckersZPA.cab40641.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
LSA: Notification Packages = scecli scecli scecli scecli scecli
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sameca~1\applic~1\mozilla\firefox\profiles\lpwshgds.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint_03050024.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-3 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-3 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-3 40384]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-1-27 596336]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-1-27 596336]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-3-12 24652]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-3 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-3 40384]
S0 dcdzvo;dcdzvo;c:\windows\system32\drivers\dcdzvo.sys [2010-7-24 0]
S0 uhxp;uhxp;c:\windows\system32\drivers\slvl.sys --> c:\windows\system32\drivers\slvl.sys [?]
S1 nneslhrv;nneslhrv;\??\c:\windows\system32\drivers\nneslhrv.sys --> c:\windows\system32\drivers\nneslhrv.sys [?]
S2 gupdate1c9cb7829016c2a;Google Update Service (gupdate1c9cb7829016c2a);c:\program files\google\update\GoogleUpdate.exe [2009-5-2 133104]
S2 McDetect.exe;McDetect.exe; [x]
S2 McTskshd.exe;McTskshd.exe; [x]
S3 mcupdmgr.exe;mcupdmgr.exe; [x]
S3 SaiHFF0C;SaiHFF0C;c:\windows\system32\drivers\SaiHFF0C.sys [2006-9-25 56576]
S3 SaiUFF0C;SaiUFF0C;c:\windows\system32\drivers\saiuFF0C.sys [2006-9-25 19584]
S3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [2006-9-25 7548]

=============== Created Last 30 ================

2010-08-04 13:21:17 1355 ----a-w- c:\windows\imsins.BAK
2010-08-04 01:17:59 456704 -c--a-w- c:\windows\system32\dllcache\smtpsvc.dll
2010-08-04 01:16:57 59392 -c--a-w- c:\windows\system32\dllcache\imscinst.exe
2010-08-04 01:15:48 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2010-08-04 01:12:59 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2010-08-04 01:12:52 749 ---ha-r- c:\windows\WindowsShell.Manifest
2010-08-04 01:12:52 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2010-08-04 01:12:52 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2010-08-04 01:12:52 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2010-08-04 00:45:28 10559 ----a-r- c:\windows\SET9F.tmp
2010-08-04 00:45:27 22339 ----a-r- c:\windows\SET9E.tmp
2010-08-04 00:45:24 13753 ----a-r- c:\windows\SET67.tmp
2010-08-04 00:45:19 1086058 ----a-r- c:\windows\SET58.tmp
2010-08-04 00:45:17 1042903 ----a-r- c:\windows\SET55.tmp
2010-08-04 00:09:55 22339 ----a-r- c:\windows\SET9A.tmp
2010-08-04 00:09:55 10559 ----a-r- c:\windows\SET9B.tmp
2010-08-04 00:09:51 13753 ----a-r- c:\windows\SET66.tmp
2010-08-04 00:09:48 1086058 ----a-r- c:\windows\SET57.tmp
2010-08-04 00:09:46 1042903 ----a-r- c:\windows\SET54.tmp
2010-08-03 23:42:57 1086058 ----a-r- c:\windows\SET9C.tmp
2010-08-03 23:42:54 1042903 ----a-r- c:\windows\SET99.tmp
2010-08-03 18:45:42 38848 ----a-w- c:\windows\avastSS.scr
2010-08-03 18:45:17 0 dc----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-08-03 18:22:32 365 ----a-w- c:\documents and settings\same cane\Shortcut to Same Cane's Documents.lnk
2010-08-03 17:13:17 0 d-----w- c:\docume~1\sameca~1\applic~1\Oruc
2010-08-03 12:47:09 0 d-----w- c:\docume~1\sameca~1\applic~1\Leuvlo
2010-08-03 12:47:09 0 d-----w- c:\docume~1\sameca~1\applic~1\Itka
2010-08-03 08:54:44 0 d-----w- c:\docume~1\sameca~1\applic~1\Pouwsi
2010-08-03 05:05:45 0 d-----w- c:\docume~1\sameca~1\applic~1\Tuiw
2010-08-03 04:22:58 0 d-----w- c:\docume~1\sameca~1\applic~1\Elxii
2010-08-03 03:46:09 0 d-----w- c:\docume~1\sameca~1\applic~1\AceBIT
2010-08-03 03:45:37 0 d-----w- c:\docume~1\sameca~1\applic~1\AT&T
2010-08-03 03:45:37 0 d-----w- c:\docume~1\sameca~1\applic~1\AOL
2010-08-03 03:45:18 0 d-----w- c:\docume~1\sameca~1\applic~1\BellSouth
2010-08-03 03:45:12 0 d-----w- c:\docume~1\sameca~1\applic~1\Corel Photo Album
2010-08-03 03:45:11 0 d-----w- c:\docume~1\sameca~1\applic~1\GetRightToGo
2010-08-03 03:44:48 0 d-----w- c:\docume~1\sameca~1\applic~1\Icolvu
2010-08-03 03:44:46 0 d-----w- c:\docume~1\sameca~1\applic~1\iolo
2010-08-03 03:44:46 0 d-----w- c:\docume~1\sameca~1\applic~1\IEPro
2010-08-03 03:44:44 0 d-----w- c:\docume~1\sameca~1\applic~1\KompoZer
2010-08-03 03:44:37 0 d-----w- c:\docume~1\sameca~1\applic~1\Malwarebytes
2010-08-03 03:44:15 0 d-----w- c:\docume~1\sameca~1\applic~1\uTorrent
2010-08-03 03:44:15 0 d-----w- c:\docume~1\sameca~1\applic~1\Uniblue
2010-08-03 03:44:13 0 d-----w- c:\docume~1\sameca~1\applic~1\Windows Desktop Search
2010-08-02 02:55:39 0 d-----w- c:\windows\system32\CatRoot_bak
2010-08-02 01:30:59 1902 ----a-w- c:\windows\system32\SetupBD.din
2010-08-02 01:29:34 0 dc----w- C:\drvrtmp
2010-08-01 20:15:12 135168 ----a-w- c:\windows\system32\igfxres.dll
2010-08-01 19:25:50 0 d--h--w- c:\program files\WindowsUpdate
2010-08-01 19:25:33 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-08-01 18:53:52 10559 ----a-r- c:\windows\SET92.tmp
2010-08-01 18:53:51 22339 ----a-r- c:\windows\SET91.tmp
2010-08-01 18:53:44 13753 ----a-r- c:\windows\SET5C.tmp
2010-08-01 18:53:38 1086058 ----a-r- c:\windows\SET50.tmp
2010-08-01 18:53:35 1042903 ----a-r- c:\windows\SET4D.tmp
2010-08-01 17:56:33 10559 ----a-r- c:\windows\SET90.tmp
2010-08-01 17:56:31 22339 ----a-r- c:\windows\SET8F.tmp
2010-08-01 17:56:24 13753 ----a-r- c:\windows\SET5B.tmp
2010-08-01 17:56:16 1086058 ----a-r- c:\windows\SET4F.tmp
2010-08-01 17:56:12 1042903 ----a-r- c:\windows\SET4C.tmp
2010-08-01 16:50:34 10559 ----a-r- c:\windows\SET8E.tmp
2010-08-01 16:50:33 22339 ----a-r- c:\windows\SET8D.tmp
2010-08-01 16:50:29 13753 ----a-r- c:\windows\SET5A.tmp
2010-08-01 16:50:25 1086058 ----a-r- c:\windows\SET4E.tmp
2010-08-01 16:50:22 1042903 ----a-r- c:\windows\SET4B.tmp
2010-08-01 15:44:07 0 d-----w- c:\program files\common files\ODBC
2010-08-01 15:43:40 22339 ----a-r- c:\windows\SET108.tmp
2010-08-01 15:43:40 10559 ----a-r- c:\windows\SET109.tmp
2010-08-01 15:43:30 13753 ----a-r- c:\windows\SETD5.tmp
2010-08-01 15:43:25 1086058 ----a-r- c:\windows\SETC9.tmp
2010-08-01 15:43:23 1042903 ----a-r- c:\windows\SETC6.tmp
2010-07-30 06:31:30 0 d-----w- c:\program files\Windows Live SkyDrive
2010-07-30 06:27:47 0 d-----w- c:\program files\common files\Windows Live
2010-07-29 00:43:34 0 d-----w- c:\program files\Bonjour
2010-07-27 05:06:40 0 dc----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-07-27 05:06:40 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-27 03:16:02 207734 ----a-w- c:\windows\setupapi.old
2010-07-27 00:32:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-27 00:32:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-27 00:32:08 0 dc----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-27 00:32:08 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-26 17:54:05 0 d-----w- c:\program files\riva
2010-07-26 17:53:53 0 d-----w- c:\program files\Microsoft
2010-07-25 14:00:45 9200 ----a-w- c:\windows\system32\drivers\cdralw2k.sys
2010-07-25 14:00:45 9072 ----a-w- c:\windows\system32\drivers\cdr4_xp.sys
2010-07-25 14:00:42 133616 ----a-w- c:\windows\system32\pxafs.dll
2010-07-24 23:34:51 0 ----a-w- c:\windows\system32\drivers\dcdzvo.sys
2010-07-24 23:34:42 190 --s-a-w- c:\windows\system32\1320402504.dat
2010-07-24 19:25:30 0 d-----w- c:\program files\common files\Macrovision Shared
2010-07-23 20:35:58 53248 ----a-w- c:\windows\system32\Process.exe
2010-07-23 20:35:58 288417 ----a-w- c:\windows\system32\SrchSTS.exe
2010-07-23 20:35:58 135168 ----a-w- c:\windows\system32\swreg.exe
2010-07-23 14:39:10 0 d-----w- c:\program files\AVG
2010-07-23 14:39:09 0 dc----w- c:\docume~1\alluse~1\applic~1\avg9
2010-07-23 03:59:13 0 d-----w- c:\windows\All Users
2010-07-21 17:39:53 0 d-----w- c:\program files\Free Window Registry Repair

==================== Find3M ====================

2010-08-04 01:11:51 22800 ----a-w- c:\windows\system32\emptyregdb.dat
2010-08-03 15:07:40 126568 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-07-13 23:13:18 5330 --sha-w- c:\windows\system32\KGyGaAvL.sys
2007-04-08 02:07:36 66269 -c--a-w- c:\program files\INSTALL.LOG
2009-08-03 00:34:35 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009080220090803\index.dat

============= FINISH: 10:27:24.31 ===============

Jack&Jill
2010-08-09, 17:53
Hello and welcome to Safer Networking.

I am currently assessing your situation and will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this, click Thread Tools, then click Subscribe to this Thread. Under the Notification Type: title, make sure it is set to Instant notification by email, then click Add Subscription.

Please be patient with me during this time.

Meanwhile, please make a reply to this topic to acknowledge that you have read this and is still with me to tackle the problem until the end. If I do not get any response within 3 days, this topic will be closed.

Jack&Jill
2010-08-12, 19:09
Due to lack of response, this topic is now closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. How to post a DDS log. (http://forums.spybot.info/showpost.php?p=1150&postcount=2)

If it has been less than three days since your last response and you need the thread re-opened, please send a private message (pm) to me or a MOD. A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

Everyone else please begin a New Topic.