Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

DCOM exploit constant attacks

  • 20-03-2010 2:35pm
    #1
    Site Banned Posts: 5,676 ✭✭✭


    Hi,
    evey few minutes emmingly my avast gives me notice that it has blocked a "DCOM exploit".
    This is becoming very annoying as it keeps popping up.
    This is on my desktop only - my laptop which shares the same connection does not suffer this problem.

    Could anyone know how I might get this stopped?
    Thanks.


Comments

  • Registered Users Posts: 1,275 ✭✭✭endasmail


    am getting the same on my laptop
    would also appreciate some help on the matter


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    enda make your own topic for it, be easier then


    Please download DDS and save it to your desktop.
    • Disable any script blocking protection
    • Double click dds.pif to run the tool.
    • When done, two DDS.txts will open.
    • Save both reports to your desktop.


    Please include the contents of the following in your next reply:

    DDS.txt
    Attach.txt.


  • Site Banned Posts: 5,676 ✭✭✭jayteecork


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by John at 12:52:11.68 on 22/03/2010
    Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_18
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.353.1033.18.3070.1800 [GMT 0:00]

    SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\lg_fwupdate\fwupdate.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\Pando Networks\Media Booster\PMB.exe
    C:\Program Files\Xfire\Xfire.exe
    C:\Users\John\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AskBarDis\bar\bin\AskService.exe
    C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\FsUsbExService.Exe
    C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
    C:\Windows\system32\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Xobni\XobniService.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\System32\alg.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\O2\O2 Broadband USB Modem\O2 Broadband\O2 Broadband.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe
    C:\Program Files\PokerStars\PokerStars.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\John\Desktop\dds.com
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 17/03/2009 06:17:34
    System Uptime: 22/03/2010 08:37:08 (4 hours ago)

    Motherboard: Gigabyte Technology Co., Ltd. | | G31M-S2L
    Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz | Socket 775 | 3000/333mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 466 GiB total, 74.496 GiB free.
    D: is CDROM ()
    E: is CDROM (CDFS)
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    K: is CDROM ()
    L: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================


    ==== Installed Programs ======================

    7-Zip 4.65
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3.1
    Age of Conan - Hyborian Adventures
    Aliens versus Predator Classic 2000
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    avast! Free Antivirus
    AVI Splitter
    Betfair Poker
    Bodog Poker
    Bonjour
    Borderlands
    Boylepoker
    Cake Poker
    ConvertXtoDVD 3.5.2.137
    Crysis WARHEAD(R)
    Crysis(R)
    Diablo II
    Doom 3
    Dragon Age: Origins
    Dungeon Fighter Online
    DVD Suite
    Everest Poker (Remove Only)
    Fraps
    Full Tilt Poker
    Futuremark SystemInfo
    Google Chrome
    Holdem Manager
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    iPhone Configuration Utility
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 18
    K-Lite Codec Pack 4.9.0 (Basic)
    LG ODD Auto Firmware Update
    Megaupload Toolbar
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 3.5 SP1
    Microsoft Office Professional Edition 2003
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    mkv2vob
    MobileMe Control Panel
    Mozilla Firefox (3.6)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NVIDIA Display Control Panel
    NVIDIA Drivers
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    OpenAL
    Pacific Poker
    Pando Media Booster
    PartyPoker
    PC Connectivity Solution
    Peggle Deluxe 1.0
    PhotoRazor
    PKR
    Poker Tracker Version 2.17.03j
    PokerStars
    PostgreSQL 8.3
    PowerDVD
    PowerProducer
    PunkBuster Services
    QuickTime
    Real Alternative 1.9.0
    Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
    S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005]
    Samsung Master
    SAMSUNG Mobile Composite Device Software
    Samsung Mobile Modem Device Software
    SAMSUNG Mobile Modem Driver Set
    SAMSUNG Mobile Modem V2 Software
    Samsung Mobile phone USB driver Software
    SAMSUNG Mobile USB Download Driver Software
    SAMSUNG Mobile USB Modem 1.0 Software
    SAMSUNG Mobile USB Modem Software
    Samsung New PC Studio
    SAMSUNG SYMBIAN USB Download Driver
    SAMSUNG USB Mobile Device Software
    SamsungConnectivityCableDriver
    Screwball Demo v1.0
    SolveigMM AVI Trimmer
    SopCast 3.0.3
    Stan James
    Steam
    SUPERAntiSpyware Free Edition
    System Requirements Lab
    Tales of Monkey Island - Launch of the Screaming Narwhal
    TeamSpeak 2 RC2
    The Lord of the Rings Online™: Shadows of Angmar™ v01.08.00.812
    The Witcher Enhanced Edition
    Trials 2 Second Edition v1.08
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Ventrilo Client
    Visual C++ 8.0 ATL (x86) WinSXS MSM
    Visual C++ 8.0 CRT (x86) WinSXS MSM
    VLC media player 1.0.5
    VobSub v2.23 (Remove Only)
    Vuze
    Vuze Toolbar
    Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
    Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
    Windows Media Encoder 9 Series
    Windows Media Player Firefox Plugin
    WinRAR archiver
    World of Warcraft
    Xfire (remove only)
    Xobni
    Xobni Core

    ==== End Of File ===========================


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    can you post DDS.txt again seems some of it is missing


  • Site Banned Posts: 5,676 ✭✭✭jayteecork


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by John at 12:52:11.68 on 22/03/2010
    Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_18
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.353.1033.18.3070.1800 [GMT 0:00]

    SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\lg_fwupdate\fwupdate.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\Pando Networks\Media Booster\PMB.exe
    C:\Program Files\Xfire\Xfire.exe
    C:\Users\John\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AskBarDis\bar\bin\AskService.exe
    C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\FsUsbExService.Exe
    C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
    C:\Windows\system32\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Xobni\XobniService.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\System32\alg.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\O2\O2 Broadband USB Modem\O2 Broadband\O2 Broadband.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe
    C:\Program Files\PokerStars\PokerStars.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\John\Desktop\dds.com
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
    BHO: Megaupload Toolbar: {a057a204-bacc-4d26-c39e-35f1d2a32ec8} - c:\progra~1\megaup~1\MEGAUP~1.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
    TB: Megaupload Toolbar: {a057a204-bacc-4d26-c39e-35f1d2a32ec8} - c:\progra~1\megaup~1\MEGAUP~1.DLL
    uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTProAgent.exe" -autorun
    uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
    uRun: [POEngine5]
    uRun: [Google Update] "c:\users\john\appdata\local\google\update\GoogleUpdate.exe" /c
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
    mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
    mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [NPSStartup]
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    StartupFolder: c:\users\john\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    TCP: {E7032F56-78EB-4FA9-9BDC-AFEDBEA895FE} = 62.40.32.33 8.8.8.8
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\xobni\Skype4COM.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\john\appdata\roaming\mozilla\firefox\profiles\3d1r9i9h.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
    FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\users\john\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-24 162640]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
    R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-4-20 464264]
    R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-4-20 234888]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-24 19024]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-2-24 51792]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-24 40384]
    R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-11-10 233472]
    R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2009-3-13 65536]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-2-21 240232]
    R2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2009-5-7 46824]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-24 40384]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-24 40384]
    R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-11-10 36608]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-11-25 25832]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-3-17 21504]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]
    S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2009-11-15 90112]
    S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2009-11-15 14976]
    S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2009-11-15 121856]

    =============== Created Last 30 ================

    2010-03-11 17:10:27 293376 ----a-w- c:\windows\system32\browserchoice.exe
    2010-03-11 17:08:18 24064 ----a-w- c:\windows\system32\nshhttp.dll
    2010-03-11 17:08:17 411648 ----a-w- c:\windows\system32\drivers\http.sys
    2010-03-11 17:08:17 30720 ----a-w- c:\windows\system32\httpapi.dll
    2010-03-05 00:11:22 41872 ----a-w- c:\windows\system32\xfcodec.dll
    2010-03-03 14:14:16 7773 ----a-w- c:\windows\system32\nvinfo.pb
    2010-03-03 14:14:16 68200 ----a-w- c:\windows\system32\OpenCL.dll
    2010-03-03 14:14:16 4503144 ----a-w- c:\windows\system32\nvwgf2um.dll
    2010-03-03 14:14:16 11570120 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2010-03-03 14:14:16 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
    2010-03-03 14:14:14 4029544 ----a-w- c:\windows\system32\nvcuda.dll
    2010-03-03 14:14:14 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
    2010-03-03 14:14:14 2009704 ----a-w- c:\windows\system32\nvcuvid.dll
    2010-03-03 14:14:14 15227496 ----a-w- c:\windows\system32\nvoglv32.dll
    2010-03-03 14:14:12 215656 ----a-w- c:\windows\system32\nvcod196.dll
    2010-03-03 14:14:12 215656 ----a-w- c:\windows\system32\nvcod.dll
    2010-03-03 14:14:12 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
    2010-03-01 13:00:13 87552 ----a-w- C:\BootSect.exe
    2010-03-01 12:29:00 0 d
    w- C:\pebuilder
    2010-03-01 12:00:09 0 d
    w- C:\usb_prep8
    2010-03-01 12:00:09 0 d
    w- C:\bootsect
    2010-03-01 10:51:31 0 d
    w- C:\Xp
    2010-02-27 11:41:34 0 d
    w- c:\program files\Bodog Poker
    2010-02-24 06:05:59 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2010-02-24 06:04:57 0 d
    w- c:\programdata\Alwil Software
    2010-02-24 04:12:09 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-02-24 04:11:44 471552 ----a-w- c:\windows\system32\secproc_isv.dll
    2010-02-24 04:11:44 471552 ----a-w- c:\windows\system32\secproc.dll
    2010-02-24 04:11:43 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
    2010-02-24 04:11:42 518144 ----a-w- c:\windows\system32\RMActivate.exe
    2010-02-24 04:11:42 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
    2010-02-24 04:11:42 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
    2010-02-24 04:11:42 332288 ----a-w- c:\windows\system32\msdrm.dll
    2010-02-24 04:11:42 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
    2010-02-24 04:11:42 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
    2010-02-24 04:11:38 1696256 ----a-w- c:\windows\system32\gameux.dll
    2010-02-24 04:11:37 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2010-02-24 04:11:37 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2010-02-21 23:26:02 66714 ----a-w- c:\windows\system32\NvwsApps.xml
    2010-02-21 23:26:02 275946 ----a-w- c:\windows\system32\NvApps.xml
    2010-02-21 23:26:00 985704 ----a-w- c:\windows\system32\nvsvc.dll
    2010-02-21 23:26:00 13683816 ----a-w- c:\windows\system32\nvcpl.dll
    2010-02-21 23:26:00 129640 ----a-w- c:\windows\system32\nvvsvc.exe
    2010-02-21 23:26:00 110696 ----a-w- c:\windows\system32\nvmctray.dll

    ==================== Find3M ====================

    2010-03-22 08:37:44 34805 ----a-w- c:\programdata\nvModes.dat
    2010-03-03 14:15:29 51200 ----a-w- c:\windows\inf\infpub.dat
    2010-03-03 14:15:29 143360 ----a-w- c:\windows\inf\infstrng.dat
    2010-03-03 14:15:27 143360 ----a-w- c:\windows\inf\infstor.dat
    2010-02-24 10:16:06 181632
    w- c:\windows\system32\MpSigStub.exe
    2010-02-22 05:18:39 9386088 ----a-w- c:\windows\system32\nvd3dum.dll
    2010-02-22 05:18:39 592488 ----a-w- c:\windows\system32\nvudisp.exe
    2010-02-22 05:18:39 1296488 ----a-w- c:\windows\system32\nvapi.dll
    2010-02-10 12:41:46 592488 ----a-w- c:\windows\system32\NVUNINST.EXE
    2010-01-31 07:48:11 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-01-12 04:03:33 182888 ----a-w- c:\windows\system32\nvcod189.dll
    2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-12-24 20:13:57 319456 ----a-w- c:\windows\DIFxAPI.dll
    2009-12-24 20:05:46 16608 ----a-w- c:\windows\gdrv.sys
    2009-10-28 21:48:37 665600 ----a-w- c:\windows\inf\drvindex.dat
    2009-03-17 07:49:57 174 --sha-w- c:\program files\desktop.ini
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2009-07-08 06:59:44 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
    2009-07-08 06:59:44 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
    2009-07-08 06:59:44 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
    2009-07-08 06:59:44 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2007-02-21 19:49:52 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

    ============= FINISH: 12:52:51.88 ===============


  • Advertisement
  • Site Banned Posts: 5,676 ✭✭✭jayteecork


    also, the file from gmer here:


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    hi

    Please download OTM
    • Save it to your desktop.
    • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      :Processes
      
      :Services
      
      :Reg
      
      :Files
      c:\windows\system32\browserchoice.exe
      
      :Commands
      [purity]
      [resethosts]
      [emptytemp]
      [CREATERESTOREPOINT]
      [EMPTYFLASH]
      [Reboot]
      
    • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTM and reboot your PC.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.




    Download ComboFix here :

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    RcAuto1.gif


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.


  • Site Banned Posts: 5,676 ✭✭✭jayteecork


    OTM crashed when I tried it.

    This is what I got from combofix:


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    delete this file

    c:\windows\system32\browserchoice.exe



    Download TFC to your desktop
    • Open the file and close any other windows.
    • It will close all programs itself when run, make sure to let it run uninterrupted.
    • Click the Start button to begin the process. The program should not take long to finish its job
    • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean





    Please download Malwarebytes' Anti-Malware from Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






    Go to Kaspersky website and perform an online antivirus scan.

    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
        Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases
      [*]Click on My Computer under Scan.
      [*]Once the scan is complete, it will display the results. Click on View Scan Report.
      [*]You will see a list of infected items there. Click on Save Report As....
      [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.


    5. Site Banned Posts: 5,676 ✭✭✭jayteecork


      ASJ112 wrote: »
      delete this file

      c:\windows\system32\browserchoice.exe



      How to delete?

      Even though I am admin it says i need permission to delete file.


    6. Advertisement
    7. Site Banned Posts: 1,167 ✭✭✭ASJ112


      boot into safe mode and delete the file

      do the other steps if you cant


    Advertisement