Results 1 to 3 of 3

Thread: Dealing with VBS:ExeDropper-gen

  1. #1
    Junior Member
    Join Date
    Aug 2010
    Posts
    1

    Default Dealing with VBS:ExeDropper-gen

    Hello,

    I have a severe virus on my PC. I have ran AVG, Malwarebytes, Spybot, and Avast (on Boot Scan). I have found the same virus over and over.

    VBS:ExeDropper-gen (Trj)
    Win32/Z.bot.A

    Need to get this off of my computer pronto!

    Please help...

    Some of the symptoms


    **Broswer redirect
    **Can not access Firefox or do certain functions in IE
    **Missing deskstop shortcuts
    **Can not open files that I opened before

    There might be more then just that virus.

    Here are the dds log
    I have also provided the attach.zip

    Thank You

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Same Cane at 10:24:04.09 on Wed 08/04/2010
    Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_16
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1534.985 [GMT -4:00]

    AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\WINDOWS\system32\svchost -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\iolo\common\lib\ioloServiceManager.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Alwil Software\Avast5\setup\avast.setup
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\mozilla.org\Mozilla\mozilla.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\SoftwareDistribution\Download\a37ea2d49e8a7659886ac76c226cad7d\update\update.exe
    C:\Documents and Settings\Same Cane\Desktop\dds.scr
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.yahoo.com
    uSearch Page = hxxp://www.google.com
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearch Bar = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = hxxp://support.dell.com/support/downloads/download.aspx?c=us&l=en&s=gen&releaseid=R130051&SystemID=DIMENSION%205150/E510&os=WW1&osl=en&deviceid=10373&devlib=0&typecnt=1&vercnt=2&formatcnt=1&libid=32&fileid=173334&appindex=ds
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\userinit.exe ,c:\windows\system32\userinlt.exe,c:\program files\microsoft\desktoplayer.exe,
    BHO: rsion - No File
    BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: {0347C33E-8762-4905-BF09-768834316C61} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
    BHO: {d0025934-45ed-c023-0570-ccd5fe5b4cff} - No File
    BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File
    BHO: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - No File
    TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB: {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
    TB: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
    EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [{4A7AE0E8-B158-65FC-94C1-73BF7C86022F}] "c:\documents and settings\same cane\application data\oruc\zacyc.exe"
    uRun: [a256fb97-162a-4558-be23-08ae4bbcb195_46] rundll32.exe "c:\documents and settings\same cane\application data\a256fb97-162a-4558-be23-08ae4bbcb195_46.avi", start
    mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    StartupFolder: c:\docume~1\sameca~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    mPolicies-system: EnableLUA = 0 (0x0)
    IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: {066040F0-5018-4E15-8AA0-81D36136D989}
    IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
    IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: {d9288080-1baa-4bc4-9cf8-a92d743db949}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: musicmatch.com\online
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab53083.cab
    DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director/cabs/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} - hxxp://musicmix.messenger.msn.com/Medialogic.CAB
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.cab
    DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/controls/ysftcntr/ysftcntr_current.cab
    DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab53083.cab
    DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168065754156
    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204692064375
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab53083.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab53852.cab
    DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} - hxxp://messenger.zone.msn.com/binary/WoF.cab31267.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} - hxxp://zone.msn.com/bingame/zpagames/CheckersZPA.cab40641.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
    LSA: Notification Packages = scecli scecli scecli scecli scecli
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\sameca~1\applic~1\mozilla\firefox\profiles\lpwshgds.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint_03050024.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-3 165456]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-3 17744]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-3 40384]
    R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-1-27 596336]
    R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-1-27 596336]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-3-12 24652]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-3 40384]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-3 40384]
    S0 dcdzvo;dcdzvo;c:\windows\system32\drivers\dcdzvo.sys [2010-7-24 0]
    S0 uhxp;uhxp;c:\windows\system32\drivers\slvl.sys --> c:\windows\system32\drivers\slvl.sys [?]
    S1 nneslhrv;nneslhrv;\??\c:\windows\system32\drivers\nneslhrv.sys --> c:\windows\system32\drivers\nneslhrv.sys [?]
    S2 gupdate1c9cb7829016c2a;Google Update Service (gupdate1c9cb7829016c2a);c:\program files\google\update\GoogleUpdate.exe [2009-5-2 133104]
    S2 McDetect.exe;McDetect.exe; [x]
    S2 McTskshd.exe;McTskshd.exe; [x]
    S3 mcupdmgr.exe;mcupdmgr.exe; [x]
    S3 SaiHFF0C;SaiHFF0C;c:\windows\system32\drivers\SaiHFF0C.sys [2006-9-25 56576]
    S3 SaiUFF0C;SaiUFF0C;c:\windows\system32\drivers\saiuFF0C.sys [2006-9-25 19584]
    S3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [2006-9-25 7548]

    =============== Created Last 30 ================

    2010-08-04 13:21:17 1355 ----a-w- c:\windows\imsins.BAK
    2010-08-04 01:17:59 456704 -c--a-w- c:\windows\system32\dllcache\smtpsvc.dll
    2010-08-04 01:16:57 59392 -c--a-w- c:\windows\system32\dllcache\imscinst.exe
    2010-08-04 01:15:48 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
    2010-08-04 01:12:59 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
    2010-08-04 01:12:52 749 ---ha-r- c:\windows\WindowsShell.Manifest
    2010-08-04 01:12:52 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
    2010-08-04 01:12:52 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
    2010-08-04 01:12:52 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
    2010-08-04 00:45:28 10559 ----a-r- c:\windows\SET9F.tmp
    2010-08-04 00:45:27 22339 ----a-r- c:\windows\SET9E.tmp
    2010-08-04 00:45:24 13753 ----a-r- c:\windows\SET67.tmp
    2010-08-04 00:45:19 1086058 ----a-r- c:\windows\SET58.tmp
    2010-08-04 00:45:17 1042903 ----a-r- c:\windows\SET55.tmp
    2010-08-04 00:09:55 22339 ----a-r- c:\windows\SET9A.tmp
    2010-08-04 00:09:55 10559 ----a-r- c:\windows\SET9B.tmp
    2010-08-04 00:09:51 13753 ----a-r- c:\windows\SET66.tmp
    2010-08-04 00:09:48 1086058 ----a-r- c:\windows\SET57.tmp
    2010-08-04 00:09:46 1042903 ----a-r- c:\windows\SET54.tmp
    2010-08-03 23:42:57 1086058 ----a-r- c:\windows\SET9C.tmp
    2010-08-03 23:42:54 1042903 ----a-r- c:\windows\SET99.tmp
    2010-08-03 18:45:42 38848 ----a-w- c:\windows\avastSS.scr
    2010-08-03 18:45:17 0 dc----w- c:\docume~1\alluse~1\applic~1\Alwil Software
    2010-08-03 18:22:32 365 ----a-w- c:\documents and settings\same cane\Shortcut to Same Cane's Documents.lnk
    2010-08-03 17:13:17 0 d-----w- c:\docume~1\sameca~1\applic~1\Oruc
    2010-08-03 12:47:09 0 d-----w- c:\docume~1\sameca~1\applic~1\Leuvlo
    2010-08-03 12:47:09 0 d-----w- c:\docume~1\sameca~1\applic~1\Itka
    2010-08-03 08:54:44 0 d-----w- c:\docume~1\sameca~1\applic~1\Pouwsi
    2010-08-03 05:05:45 0 d-----w- c:\docume~1\sameca~1\applic~1\Tuiw
    2010-08-03 04:22:58 0 d-----w- c:\docume~1\sameca~1\applic~1\Elxii
    2010-08-03 03:46:09 0 d-----w- c:\docume~1\sameca~1\applic~1\AceBIT
    2010-08-03 03:45:37 0 d-----w- c:\docume~1\sameca~1\applic~1\AT&T
    2010-08-03 03:45:37 0 d-----w- c:\docume~1\sameca~1\applic~1\AOL
    2010-08-03 03:45:18 0 d-----w- c:\docume~1\sameca~1\applic~1\BellSouth
    2010-08-03 03:45:12 0 d-----w- c:\docume~1\sameca~1\applic~1\Corel Photo Album
    2010-08-03 03:45:11 0 d-----w- c:\docume~1\sameca~1\applic~1\GetRightToGo
    2010-08-03 03:44:48 0 d-----w- c:\docume~1\sameca~1\applic~1\Icolvu
    2010-08-03 03:44:46 0 d-----w- c:\docume~1\sameca~1\applic~1\iolo
    2010-08-03 03:44:46 0 d-----w- c:\docume~1\sameca~1\applic~1\IEPro
    2010-08-03 03:44:44 0 d-----w- c:\docume~1\sameca~1\applic~1\KompoZer
    2010-08-03 03:44:37 0 d-----w- c:\docume~1\sameca~1\applic~1\Malwarebytes
    2010-08-03 03:44:15 0 d-----w- c:\docume~1\sameca~1\applic~1\uTorrent
    2010-08-03 03:44:15 0 d-----w- c:\docume~1\sameca~1\applic~1\Uniblue
    2010-08-03 03:44:13 0 d-----w- c:\docume~1\sameca~1\applic~1\Windows Desktop Search
    2010-08-02 02:55:39 0 d-----w- c:\windows\system32\CatRoot_bak
    2010-08-02 01:30:59 1902 ----a-w- c:\windows\system32\SetupBD.din
    2010-08-02 01:29:34 0 dc----w- C:\drvrtmp
    2010-08-01 20:15:12 135168 ----a-w- c:\windows\system32\igfxres.dll
    2010-08-01 19:25:50 0 d--h--w- c:\program files\WindowsUpdate
    2010-08-01 19:25:33 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
    2010-08-01 18:53:52 10559 ----a-r- c:\windows\SET92.tmp
    2010-08-01 18:53:51 22339 ----a-r- c:\windows\SET91.tmp
    2010-08-01 18:53:44 13753 ----a-r- c:\windows\SET5C.tmp
    2010-08-01 18:53:38 1086058 ----a-r- c:\windows\SET50.tmp
    2010-08-01 18:53:35 1042903 ----a-r- c:\windows\SET4D.tmp
    2010-08-01 17:56:33 10559 ----a-r- c:\windows\SET90.tmp
    2010-08-01 17:56:31 22339 ----a-r- c:\windows\SET8F.tmp
    2010-08-01 17:56:24 13753 ----a-r- c:\windows\SET5B.tmp
    2010-08-01 17:56:16 1086058 ----a-r- c:\windows\SET4F.tmp
    2010-08-01 17:56:12 1042903 ----a-r- c:\windows\SET4C.tmp
    2010-08-01 16:50:34 10559 ----a-r- c:\windows\SET8E.tmp
    2010-08-01 16:50:33 22339 ----a-r- c:\windows\SET8D.tmp
    2010-08-01 16:50:29 13753 ----a-r- c:\windows\SET5A.tmp
    2010-08-01 16:50:25 1086058 ----a-r- c:\windows\SET4E.tmp
    2010-08-01 16:50:22 1042903 ----a-r- c:\windows\SET4B.tmp
    2010-08-01 15:44:07 0 d-----w- c:\program files\common files\ODBC
    2010-08-01 15:43:40 22339 ----a-r- c:\windows\SET108.tmp
    2010-08-01 15:43:40 10559 ----a-r- c:\windows\SET109.tmp
    2010-08-01 15:43:30 13753 ----a-r- c:\windows\SETD5.tmp
    2010-08-01 15:43:25 1086058 ----a-r- c:\windows\SETC9.tmp
    2010-08-01 15:43:23 1042903 ----a-r- c:\windows\SETC6.tmp
    2010-07-30 06:31:30 0 d-----w- c:\program files\Windows Live SkyDrive
    2010-07-30 06:27:47 0 d-----w- c:\program files\common files\Windows Live
    2010-07-29 00:43:34 0 d-----w- c:\program files\Bonjour
    2010-07-27 05:06:40 0 dc----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2010-07-27 05:06:40 0 d-----w- c:\program files\Spybot - Search & Destroy
    2010-07-27 03:16:02 207734 ----a-w- c:\windows\setupapi.old
    2010-07-27 00:32:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-07-27 00:32:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-07-27 00:32:08 0 dc----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-07-27 00:32:08 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-26 17:54:05 0 d-----w- c:\program files\riva
    2010-07-26 17:53:53 0 d-----w- c:\program files\Microsoft
    2010-07-25 14:00:45 9200 ----a-w- c:\windows\system32\drivers\cdralw2k.sys
    2010-07-25 14:00:45 9072 ----a-w- c:\windows\system32\drivers\cdr4_xp.sys
    2010-07-25 14:00:42 133616 ----a-w- c:\windows\system32\pxafs.dll
    2010-07-24 23:34:51 0 ----a-w- c:\windows\system32\drivers\dcdzvo.sys
    2010-07-24 23:34:42 190 --s-a-w- c:\windows\system32\1320402504.dat
    2010-07-24 19:25:30 0 d-----w- c:\program files\common files\Macrovision Shared
    2010-07-23 20:35:58 53248 ----a-w- c:\windows\system32\Process.exe
    2010-07-23 20:35:58 288417 ----a-w- c:\windows\system32\SrchSTS.exe
    2010-07-23 20:35:58 135168 ----a-w- c:\windows\system32\swreg.exe
    2010-07-23 14:39:10 0 d-----w- c:\program files\AVG
    2010-07-23 14:39:09 0 dc----w- c:\docume~1\alluse~1\applic~1\avg9
    2010-07-23 03:59:13 0 d-----w- c:\windows\All Users
    2010-07-21 17:39:53 0 d-----w- c:\program files\Free Window Registry Repair

    ==================== Find3M ====================

    2010-08-04 01:11:51 22800 ----a-w- c:\windows\system32\emptyregdb.dat
    2010-08-03 15:07:40 126568 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
    2010-07-13 23:13:18 5330 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2007-04-08 02:07:36 66269 -c--a-w- c:\program files\INSTALL.LOG
    2009-08-03 00:34:35 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009080220090803\index.dat

    ============= FINISH: 10:27:24.31 ===============

  2. #2
    Security Expert- Emeritus
    Join Date
    Aug 2008
    Location
    South East Asia
    Posts
    725

    Default

    Hello and welcome to Safer Networking.

    I am currently assessing your situation and will be back with a fix for your problem as soon as possible.

    Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this, click Thread Tools, then click Subscribe to this Thread. Under the Notification Type: title, make sure it is set to Instant notification by email, then click Add Subscription.

    Please be patient with me during this time.

    Meanwhile, please make a reply to this topic to acknowledge that you have read this and is still with me to tackle the problem until the end. If I do not get any response within 3 days, this topic will be closed.

  3. #3
    Security Expert- Emeritus
    Join Date
    Aug 2008
    Location
    South East Asia
    Posts
    725

    Default

    Due to lack of response, this topic is now closed.

    If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. How to post a DDS log.

    If it has been less than three days since your last response and you need the thread re-opened, please send a private message (pm) to me or a MOD. A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

    Everyone else please begin a New Topic.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •