Boards.ie uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Click here to find out more x
Post Reply  
 
Thread Tools Search this Thread
20-03-2010, 14:35   #1
jayteecork
Banned
 
Join Date: Sep 2007
Location: The Mushroom Kingdom
Posts: 5,941
DCOM exploit constant attacks

Hi,
evey few minutes emmingly my avast gives me notice that it has blocked a "DCOM exploit".
This is becoming very annoying as it keeps popping up.
This is on my desktop only - my laptop which shares the same connection does not suffer this problem.

Could anyone know how I might get this stopped?
Thanks.
jayteecork is offline  
Advertisement
21-03-2010, 18:32   #2
endasmail
Registered User
 
endasmail's Avatar
 
Join Date: Nov 2008
Location: royal county
Posts: 1,140
am getting the same on my laptop
would also appreciate some help on the matter
endasmail is offline  
21-03-2010, 21:32   #3
ASJ112
Banned
 
Join Date: Jan 2010
Posts: 1,155
enda make your own topic for it, be easier then


Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.pif to run the tool.
  • When done, two DDS.txts will open.
  • Save both reports to your desktop.
---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.
ASJ112 is offline  
Thanks from:
22-03-2010, 14:56   #4
jayteecork
Banned
 
Join Date: Sep 2007
Location: The Mushroom Kingdom
Posts: 5,941
DDS (Ver_10-03-17.01) - NTFSx86
Run by John at 12:52:11.68 on 22/03/2010
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_18
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.353.1033.18.3070.1800 [GMT 0:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Xfire\Xfire.exe
C:\Users\John\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Xobni\XobniService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\O2\O2 Broadband USB Modem\O2 Broadband\O2 Broadband.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe
C:\Program Files\PokerStars\PokerStars.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\John\Desktop\dds.com
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 17/03/2009 06:17:34
System Uptime: 22/03/2010 08:37:08 (4 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | G31M-S2L
Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz | Socket 775 | 3000/333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 466 GiB total, 74.496 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
K: is CDROM ()
L: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

7-Zip 4.65
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.1
Age of Conan - Hyborian Adventures
Aliens versus Predator Classic 2000
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
AVI Splitter
Betfair Poker
Bodog Poker
Bonjour
Borderlands
Boylepoker
Cake Poker
ConvertXtoDVD 3.5.2.137
Crysis WARHEAD(R)
Crysis(R)
Diablo II
Doom 3
Dragon Age: Origins
Dungeon Fighter Online
DVD Suite
Everest Poker (Remove Only)
Fraps
Full Tilt Poker
Futuremark SystemInfo
Google Chrome
Holdem Manager
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iPhone Configuration Utility
iTunes
Java Auto Updater
Java(TM) 6 Update 18
K-Lite Codec Pack 4.9.0 (Basic)
LG ODD Auto Firmware Update
Megaupload Toolbar
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 SP1
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
mkv2vob
MobileMe Control Panel
Mozilla Firefox (3.6)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
Pacific Poker
Pando Media Booster
PartyPoker
PC Connectivity Solution
Peggle Deluxe 1.0
PhotoRazor
PKR
Poker Tracker Version 2.17.03j
PokerStars
PostgreSQL 8.3
PowerDVD
PowerProducer
PunkBuster Services
QuickTime
Real Alternative 1.9.0
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005]
Samsung Master
SAMSUNG Mobile Composite Device Software
Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem Driver Set
SAMSUNG Mobile Modem V2 Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Download Driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
SAMSUNG SYMBIAN USB Download Driver
SAMSUNG USB Mobile Device Software
SamsungConnectivityCableDriver
Screwball Demo v1.0
SolveigMM AVI Trimmer
SopCast 3.0.3
Stan James
Steam
SUPERAntiSpyware Free Edition
System Requirements Lab
Tales of Monkey Island - Launch of the Screaming Narwhal
TeamSpeak 2 RC2
The Lord of the Rings Online™: Shadows of Angmar™ v01.08.00.812
The Witcher Enhanced Edition
Trials 2 Second Edition v1.08
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Ventrilo Client
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
VLC media player 1.0.5
VobSub v2.23 (Remove Only)
Vuze
Vuze Toolbar
Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
WinRAR archiver
World of Warcraft
Xfire (remove only)
Xobni
Xobni Core

==== End Of File ===========================
jayteecork is offline  
22-03-2010, 17:50   #5
ASJ112
Banned
 
Join Date: Jan 2010
Posts: 1,155
can you post DDS.txt again seems some of it is missing
ASJ112 is offline  
Advertisement
22-03-2010, 23:02   #6
jayteecork
Banned
 
Join Date: Sep 2007
Location: The Mushroom Kingdom
Posts: 5,941
DDS (Ver_10-03-17.01) - NTFSx86
Run by John at 12:52:11.68 on 22/03/2010
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_18
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.353.1033.18.3070.1800 [GMT 0:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Xfire\Xfire.exe
C:\Users\John\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Xobni\XobniService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\O2\O2 Broadband USB Modem\O2 Broadband\O2 Broadband.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe
C:\Program Files\PokerStars\PokerStars.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\John\Desktop\dds.com
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Megaupload Toolbar: {a057a204-bacc-4d26-c39e-35f1d2a32ec8} - c:\progra~1\megaup~1\MEGAUP~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Megaupload Toolbar: {a057a204-bacc-4d26-c39e-35f1d2a32ec8} - c:\progra~1\megaup~1\MEGAUP~1.DLL
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTProAgent.exe" -autorun
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [POEngine5]
uRun: [Google Update] "c:\users\john\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NPSStartup]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
StartupFolder: c:\users\john\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
TCP: {E7032F56-78EB-4FA9-9BDC-AFEDBEA895FE} = 62.40.32.33 8.8.8.8
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\xobni\Skype4COM.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\john\appdata\roaming\mozilla\firefox\profiles\3d1r9i9h.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\john\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-24 162640]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-4-20 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-4-20 234888]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-24 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-2-24 51792]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-24 40384]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-11-10 233472]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2009-3-13 65536]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-2-21 240232]
R2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2009-5-7 46824]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-24 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-24 40384]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-11-10 36608]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-11-25 25832]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-3-17 21504]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2009-11-15 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2009-11-15 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2009-11-15 121856]

=============== Created Last 30 ================

2010-03-11 17:10:27 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-11 17:08:18 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-11 17:08:17 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-11 17:08:17 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-05 00:11:22 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-03-03 14:14:16 7773 ----a-w- c:\windows\system32\nvinfo.pb
2010-03-03 14:14:16 68200 ----a-w- c:\windows\system32\OpenCL.dll
2010-03-03 14:14:16 4503144 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-03-03 14:14:16 11570120 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-03-03 14:14:16 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-03-03 14:14:14 4029544 ----a-w- c:\windows\system32\nvcuda.dll
2010-03-03 14:14:14 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-03-03 14:14:14 2009704 ----a-w- c:\windows\system32\nvcuvid.dll
2010-03-03 14:14:14 15227496 ----a-w- c:\windows\system32\nvoglv32.dll
2010-03-03 14:14:12 215656 ----a-w- c:\windows\system32\nvcod196.dll
2010-03-03 14:14:12 215656 ----a-w- c:\windows\system32\nvcod.dll
2010-03-03 14:14:12 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-03-01 13:00:13 87552 ----a-w- C:\BootSect.exe
2010-03-01 12:29:00 0 d-----w- C:\pebuilder
2010-03-01 12:00:09 0 d-----w- C:\usb_prep8
2010-03-01 12:00:09 0 d-----w- C:\bootsect
2010-03-01 10:51:31 0 d-----w- C:\Xp
2010-02-27 11:41:34 0 d-----w- c:\program files\Bodog Poker
2010-02-24 06:05:59 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-02-24 06:04:57 0 d-----w- c:\programdata\Alwil Software
2010-02-24 04:12:09 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 04:11:44 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 04:11:44 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 04:11:43 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 04:11:42 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 04:11:42 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 04:11:42 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 04:11:42 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 04:11:42 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 04:11:42 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 04:11:38 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 04:11:37 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-24 04:11:37 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-21 23:26:02 66714 ----a-w- c:\windows\system32\NvwsApps.xml
2010-02-21 23:26:02 275946 ----a-w- c:\windows\system32\NvApps.xml
2010-02-21 23:26:00 985704 ----a-w- c:\windows\system32\nvsvc.dll
2010-02-21 23:26:00 13683816 ----a-w- c:\windows\system32\nvcpl.dll
2010-02-21 23:26:00 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-02-21 23:26:00 110696 ----a-w- c:\windows\system32\nvmctray.dll

==================== Find3M ====================

2010-03-22 08:37:44 34805 ----a-w- c:\programdata\nvModes.dat
2010-03-03 14:15:29 51200 ----a-w- c:\windows\inf\infpub.dat
2010-03-03 14:15:29 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-03-03 14:15:27 143360 ----a-w- c:\windows\inf\infstor.dat
2010-02-24 10:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-22 05:18:39 9386088 ----a-w- c:\windows\system32\nvd3dum.dll
2010-02-22 05:18:39 592488 ----a-w- c:\windows\system32\nvudisp.exe
2010-02-22 05:18:39 1296488 ----a-w- c:\windows\system32\nvapi.dll
2010-02-10 12:41:46 592488 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-01-31 07:48:11 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-12 04:03:33 182888 ----a-w- c:\windows\system32\nvcod189.dll
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-24 20:13:57 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-12-24 20:05:46 16608 ----a-w- c:\windows\gdrv.sys
2009-10-28 21:48:37 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-03-17 07:49:57 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-07-08 06:59:44 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-07-08 06:59:44 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-07-08 06:59:44 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-07-08 06:59:44 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2007-02-21 19:49:52 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 12:52:51.88 ===============
jayteecork is offline  
22-03-2010, 23:04   #7
jayteecork
Banned
 
Join Date: Sep 2007
Location: The Mushroom Kingdom
Posts: 5,941
also, the file from gmer here:
Attached Files
File Type: txt root.txt (23.2 KB, 22 views)
jayteecork is offline  
22-03-2010, 23:20   #8
ASJ112
Banned
 
Join Date: Jan 2010
Posts: 1,155
hi

Please download OTM
  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:
    :Processes
    
    :Services
    
    :Reg
    
    :Files
    c:\windows\system32\browserchoice.exe
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.




Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
ASJ112 is offline  
Thanks from:
23-03-2010, 18:28   #9
jayteecork
Banned
 
Join Date: Sep 2007
Location: The Mushroom Kingdom
Posts: 5,941
OTM crashed when I tried it.

This is what I got from combofix:
Attached Files
File Type: txt combo.txt (23.1 KB, 21 views)
jayteecork is offline  
Advertisement
23-03-2010, 22:40   #10
ASJ112
Banned
 
Join Date: Jan 2010
Posts: 1,155
delete this file

c:\windows\system32\browserchoice.exe



Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean





Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
ASJ112 is offline  
24-03-2010, 10:50   #11
jayteecork
Banned
 
Join Date: Sep 2007
Location: The Mushroom Kingdom
Posts: 5,941
Quote:
Originally Posted by ASJ112 View Post
delete this file

c:\windows\system32\browserchoice.exe


How to delete?

Even though I am admin it says i need permission to delete file.
jayteecork is offline  
24-03-2010, 12:40   #12
ASJ112
Banned
 
Join Date: Jan 2010
Posts: 1,155
boot into safe mode and delete the file

do the other steps if you cant
ASJ112 is offline  
Post Reply

Quick Reply
Message:
Remove Text Formatting
Bold
Italic
Underline

Insert Image
Wrap [QUOTE] tags around selected text
 
Decrease Size
Increase Size
Please sign up or log in to join the discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search



Share Tweet