Hello - Free Antivirus Forum

Hello

BullGuard Antivirus Forum > Virus Removal > Removal Tools > Hello

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

nermeen
New Member

Date Joined Aug 2009
Total Posts : 8

Posted 8-22-2009 11:00 (GMT +1)

i just want you ta have a look at this
i used the programe that you usually recommend(fix)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:15 م, on 22/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\MP4 Player\mp4Player.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Anti Netcut\Anti NetCut.exe
C:\Program Files\JetAudio\JetAudio.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Documents and Settings\nermeen\My Documents\Downloads\Programs\HiJackThis_2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\WINDOWS\system32\igfxpers.exe"
O4 - HKLM\..\Run: [RTHDCPL] "RTHDCPL.EXE"
O4 - HKLM\..\Run: [Alcmtr] "ALCMTR.EXE"
O4 - HKLM\..\Run: [Advanced System Protector] "C:\Program Files\Systweak\Advanced System Protector\ASP.exe" /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: خدمة تحديث Google (gupdate1ca2134a455594) (gupdate1ca2134a455594) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

--
End of file - 6511 bytes

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16319

Posted 8-22-2009 12:36 (GMT +1)

Hello nermeen smile

Go to add/remove programs in controlpanel, and remove:
MP4P Player and AskSearch.

"MP4P Player allows you to view MP4 videos. Marked as undesirable due to the fact that it changes your homepage to a custom Google search engine, changes your browser's default search provider, and runs hidden in the background. Terms of use also state that it collects and tracks urls you visit in order to display relevant ads."

AskSearch is classified as malware, spyware, adware, or other potentially unwanted software.

Reboot, post new hijackthis log and tell if you have any problems with your computer ?

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

nermeen
New Member

Date Joined Aug 2009
Total Posts : 8

Posted 8-22-2009 8:42 (GMT +1)

thanks for your reply
i will easily uninstall mp4 player ,but it is not the case with ask search.simply i can not get rid of if .when i try to uninstall it i receive an error message.i is not the first time i can only remove it when i use a new windows.what should i do.moreover i have a lot of spywares on the computer which are really difficult to delete.thanks

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16319

Posted 8-23-2009 4:43 (GMT +1)

Ok.

Download This program.

and save it on the desktop. Then double click on it (Fix_download.exe).

You may have to allow the program to download files from the web!

The program download the necessary cleaning programs. Once the program
is downloaded, there will be a folder on your desktop named
Fix. – if the instructions not automatically opens, so
double-click "FIX_manual.htm" in Fix folder.

Please follow the instructions and copy the logs here, in this Topic.

Note : Fix_download.exe is detected by some antivirus programs as a "RiskTool" /infection; it is not a virus. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

If necessary, temporarily disable your anti-virus, real-time protection before downloading

Before you provide them, we ask that you remove any P2P/file sharing programs if you have any, and this includes Bit Torrent software, before we clean your computer.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

nermeen
New Member

Date Joined Aug 2009
Total Posts : 8

Posted 8-23-2009 4:53 (GMT +1)

thanks for your help

i am sorry to have to tell you that i downloaded this programe and it was infected with win32 trojan _gen(other) so is the system volume information,according to the scan by avast.it didnt even work ,when i tried i got an error message.what happened did it got infected the second it entered the computer???

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16319

Posted 8-23-2009 5:53 (GMT +1)

Seems your computer are pretty much messed up.

We´ll try this scanner then ->

Please download DDS: http://download.bleepingcomputer.com/sUBs/dds.scr

to your Desktop and doubleclick on DDs.scr to run it.

If your security software includes script blocking features, please disable these before you run this utility.

When the scan has finished, two logs will open.

Copy and paste both reports in this topic.

The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.

Before you provide them, we ask that you remove any P2P/file sharing programs if you have any, and this includes Bit Torrent software, before we clean your computer.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

nermeen
New Member

Date Joined Aug 2009
Total Posts : 8

Posted 8-23-2009 6:11 (GMT +1)

okay there are the logs .

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 23/08/2009 04:13:13 ص
System Uptime: 23/08/2009 05:44:58 ص (3 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | G31M-S2C
Processor: Intel(R) Celeron(R) D CPU 3.06GHz | Socket 775 | 3067/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 20 GiB total, 16.819 GiB free.
D: is FIXED (NTFS) - 95 GiB total, 4.376 GiB free.
E: is FIXED (NTFS) - 95 GiB total, 21.955 GiB free.
F: is FIXED (NTFS) - 88 GiB total, 82.29 GiB free.
G: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 23/08/2009 04:15:13 ص - Installed Windows Media Player 11
RP2: 23/08/2009 04:15:55 ص - Installed Windows XP Wudf01000.
RP3: 23/08/2009 04:17:53 ص - Installed Browser Configuration Utility
RP4: 23/08/2009 04:20:30 ص - Installed Windows XP KB888111WXPSP2.
RP5: 23/08/2009 04:20:57 ص - Installed Realtek High Definition Audio Driver
RP6: 23/08/2009 04:24:38 ص - Installed REALTEK GbE & FE Ethernet PCI-E NIC Driver
RP7: 23/08/2009 04:26:57 ص - Installed COWON Media Center - jetAudio Plus VX
RP8: 23/08/2009 04:31:30 ص - Installed SUPERAntiSpyware Free Edition

==== Installed Programs ======================

Adobe Flash Player 10 Plugin
AlienGUIse Theme Manager
Anti Netcut 2
avast! Antivirus
Browser Configuration Utility
COWON Media Center - jetAudio Plus VX
High Definition Audio Driver Package - KB888111
Hotfix for Windows XP (KB896344)
Intel(R) Graphics Media Accelerator Driver
Microsoft Choice Guard
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.2)
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Replay Media Catcher 3.02
ScanSpyware v3.7
Security Update for Windows Media Player (KB911564)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB911927)
SUPERAntiSpyware Free Edition
WebFldrs XP
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB892489
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

23/08/2009 04:14:57 ص, information: Windows File Protection [64032] - Windows File Protection is not active on this system.

==== End Of File ===========================

DDS (Ver_09-07-30.01) - NTFSx86
Run by Administrator at 8:02:53.36 on Sun 08/23/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1256.20.1033.18.1013.191 [GMT 3:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Anti Netcut\Anti NetCut.exe
E:\Install\برامج مهمة\very important\wlsetup-custom.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
D:\GAMES\silk road\Silkroad Arabic\sro_client.exe
D:\GAMES\silk road\Silkroad Arabic\sro_client.exe
C:\Program Files\JetAudio\JetAudio.exe
D:\GAMES\silk road\Silkroad Arabic\New Folder (2).exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Documents and Settings\Administrator\Desktop\ssss.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - c:\windows\system32\dvmurl.dll
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [antinetcut2] c:\program files\anti netcut\Anti NetCut.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\alienw~1.lnk - c:\program files\alienguise\alienwaredock\ObjectDock.exe
uPolicies-explorer: NoSMHelp = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoInstrumentation = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoInstrumentation = 1 (0x1)
IE: Download with IDM - e:\install\new folder\idm9\IEExt.htm
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\internet download manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\internet download manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\internet download manager\IEGetVL.htm
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: WB - c:\program files\alienguise\fastload.dll
AppInit_DLLs: wbsys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\yee0ff2l.default\
FF - component: c:\documents and settings\administrator\application data\idm\idmmzcc2\components\idmmzcc.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota",      5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history",     true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata",    true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords",   false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads",   true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies",     true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",       true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions",    true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history",                 true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata",                true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords",               false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads",               true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies",                 true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache",                   true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions",                true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",             false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",            false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs",    false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-8-23 78416]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-23 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-8-23 147640]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-8-23 250040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-8-23 348344]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]

=============== Created Last 30 ================

2009-08-23 07:07 3,072 a------- c:\windows\system32\drivers\audstub.sys
2009-08-23 07:06 57,472 a------- c:\windows\system32\drivers\redbook.sys
2009-08-23 07:05 74,240 a------- c:\windows\system32\usbui.dll
2009-08-23 07:04 <DIR> --d----- c:\program files\common files\ODBC
2009-08-23 07:03 5,632 a----r-- c:\windows\system32\kbdheb.dll
2009-08-23 07:03 <DIR> --d--r-- c:\documents and settings\all users\Documents
2009-08-23 07:02 <DIR> --d----- c:\windows\system32\CatRoot2
2009-08-23 07:02 <DIR> --d----- c:\windows\system32\CatRoot
2009-08-23 07:02 <DIR> --d----- C:\Documents and Settings
2009-08-23 07:01 1,735 a------- c:\windows\system32\$winnt$.inf
2009-08-23 06:50 <DIR> --d----- c:\program files\Microsoft
2009-08-23 06:40 <DIR> --d----- c:\program files\common files\Windows Live
2009-08-23 05:31 <DIR> --d----- c:\program files\common files\DVDVideoSoft
2009-08-23 05:28 <DIR> --d----- c:\program files\KB823980Scan
2009-08-23 05:23 <DIR> --d----- c:\program files\Anti Netcut
2009-08-23 04:41 <DIR> --d----- c:\program files\Replay Media Catcher
2009-08-23 04:38 <DIR> --d----- c:\program files\common files\Stardock
2009-08-23 04:38 <DIR> --d----- c:\program files\AlienGUIse
2009-08-23 04:36 <DIR> --d----- c:\program files\ScanSpyware v3.7
2009-08-23 04:35 <DIR> --d----- c:\program files\Internet Download Manager
2009-08-23 04:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-08-23 04:31 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-08-23 04:31 <DIR> --d----- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com
2009-08-23 04:31 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-08-23 04:30 <DIR> --d----- c:\program files\Yahoo!
2009-08-23 04:29 <DIR> --d----- c:\docume~1\admini~1\applic~1\IDM
2009-08-23 04:29 <DIR> --d----- c:\docume~1\admini~1\applic~1\DMCache
2009-08-23 04:27 <DIR> --d----- c:\docume~1\admini~1\applic~1\COWON
2009-08-23 04:26 <DIR> --d----- c:\program files\JetAudio
2009-08-23 04:26 <DIR> --d----- c:\program files\common files\COWON
2009-08-23 04:21 <DIR> --d----- c:\program files\Realtek
2009-08-23 04:17 <DIR> --d----- c:\program files\Browser Configuration Utility
2009-08-23 04:15 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-08-23 04:11 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-08-23 04:11 <DIR> --d----- c:\program files\Online Services
2009-08-23 04:10 <DIR> --d----- c:\program files\common files\MSSoap
2009-08-23 04:08 <DIR> --d----- c:\program files\Windows NT

==================== Find3M ====================

2009-08-23 06:43 237,568 a------- c:\windows\system32\rmc_rtspdl.dll
2009-08-23 06:43 156,672 a------- c:\windows\system32\rmc_fixasf.exe
2009-08-23 06:43 323,584 a------- c:\windows\system32\AUDIOGENIE2.DLL
2009-08-23 05:23 286,720 -------- c:\windows\Setup1.exe
2009-08-23 05:23 73,216 a------- c:\windows\ST6UNST.EXE
2009-08-23 04:25 16,608 a------- c:\windows\gdrv.sys
2009-08-23 04:09 21,640 a------- c:\windows\system32\emptyregdb.dat
2006-09-16 16:20 1,880,140 a------- c:\program files\Anti NetCut.CAB
2006-09-16 16:20 3,808 a------- c:\program files\SETUP.LST
1998-06-18 00:00 140,800 a------- c:\program files\setup.exe

============= FINISH: 8:03:15.84 ===============
i hope that is what you need ,thanks

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16319

Posted 8-23-2009 6:29 (GMT +1)

It is.

Please download combofix here ->

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Before Saving it to Desktop, please rename it to alg.exe to stop malware from disabling it.

Disable your AntiVirus and AntiSpyware applications, they may otherwise interfere with Combofix.

Now, please make sure no other programs are running, close all other windows.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall.
It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after
scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted.

Usually located in c:\combofix.txt, please post it to your next reply

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

nermeen
New Member

Date Joined Aug 2009
Total Posts : 8

Posted 8-23-2009 7:11 (GMT +1)

it seems like a very powerful programe can you please tell me what do you suspect.

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16319

Posted 8-23-2009 7:33 (GMT +1)

Infections

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

nermeen
New Member

Date Joined Aug 2009
Total Posts : 8

Posted 8-23-2009 1:09 (GMT +1)

hello again ,

can you please have a look at this it may be the problem.

Application Information

=======================

Application Version: ScanSpyware v3.7 build 3.7.0.8

Original Database: pests08-03-04.db

Updated Database: pests08-03-04.db

Current Date: Sunday, August 23, 2009 02:04:30 PM

__________________________________________________

Directories recognized:

=======================

__________________________________________________

Files recognized:

=================

[Gain.Gator]

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\setup.exe

[MySearch]

C:\WINDOWS\SET4.tmp

__________________________________________________

Registry keys recognized:

=========================

[C-Dilla]

HKEY_LOCAL_MACHINE\SOFTWARE\C07ft5Y

[MyWebSearch]

HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}

[MyWebSearch]

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}

[Download Accelerator Plus]

HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\ftp

[Download Accelerator Plus]

HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\http

__________________________________________________

Registry values recognized:

===========================

__________________________________________________

Cookies recognized:

===================

__________________________________________________

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16319

Posted 8-24-2009 3:24 (GMT +1)

No. I don´t trust ScanSpyware program as it is a Rogue program.

Still waiting for a combofix log.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

nermeen
New Member

Date Joined Aug 2009
Total Posts : 8

Posted 8-27-2009 4:20 (GMT +1)

hello
i don not know why you stopped answering but thanks any way with your help i had most of my problems solved except for one thing .in each scan i perform scan the antivirus detects a trojan horse on the system volume information restore . obviously it can not be deleted by the normal scan because i notice it every time .can you please tell me how dangerous it is and how can i remove it .
thanks again
waiting for your reply

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16319

Posted 8-27-2009 4:27 (GMT +1)

I DO NOT stopped answering, as I mention in my last reply, am I waiting for you to post a combofix log.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

nermeen
New Member

Date Joined Aug 2009
Total Posts : 8

Posted 8-27-2009 4:36 (GMT +1)

i am sorry i did not see it before,i will send you the log as soon as i have it.
thanks

by the way what does rogue program means

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16319

Posted 8-27-2009 5:30 (GMT +1)

No problem.

It means -> unreliable, untrustworthy

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

Forum Information

Currently it is Saturday, November 21, 2009 6:02 AM (GMT +1)
There are a total of 73.023 posts in 17.111 threads.
In the last 3 days there were 9 new threads and 75 reply posts. View Active Threads