You are not connected. Please login or register

SecuraGeek Forums » Malware/Threat Removal » bds/small.iuj another one

Goto page : Previous  1, 2, 3, 4, 5, 6

View previous topic View next topic Go down  Message [Page 6 of 6]

76 Re: bds/small.iuj another one on Sat Mar 27, 2010 12:06 pm

DragonMaster Jay


Site Owner
Site Owner
After going through the 4-6 month training, you will be allowed to join if you successfully complete it. It is a rough training, but once done, you will be able to help users remove malware from their computer.


..........................................................
DragonMaster Jay
Administrative Director SecuraGeek Association
Advanced Malware Analysts Group Owner


Kaspersky E-Store Kaspersky Anti-Virus 2012: Click Here

Contribute/donate to our site

77 Re: bds/small.iuj another one on Sat Mar 27, 2010 1:10 pm

ervinako


Member
Member
i'm just waitng for that site/// to approve me.

78 Re: bds/small.iuj another one on Sat Mar 27, 2010 1:23 pm

DragonMaster Jay


Site Owner
Site Owner
You should have received a PM from GeekPolice.net.

It has instructions on how to get started.


..........................................................
DragonMaster Jay
Administrative Director SecuraGeek Association
Advanced Malware Analysts Group Owner


Kaspersky E-Store Kaspersky Anti-Virus 2012: Click Here

Contribute/donate to our site

79 Re: bds/small.iuj another one on Sun Mar 28, 2010 1:04 am

ervinako


Member
Member
ComboFix 10-03-27.02 - NivreX 03/28/2010 12:52:48.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.153 [GMT 8:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared\00312646.dat
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\2.bin\CHROME.MANIFEST
c:\program files\MyWebSearch\bar\2.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\2.bin\F3DTactl.dll
c:\program files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HTmlmu.dll
c:\program files\MyWebSearch\bar\2.bin\F3HTtpct.dll
c:\program files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\2.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\2.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\2.bin\F3SCrctr.dll
c:\program files\MyWebSearch\bar\2.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\2.bin\INSTALL.RDF
c:\program files\MyWebSearch\bar\2.bin\M3AUXSTB.DLL
c:\program files\MyWebSearch\bar\2.bin\M3DLGHK.DLL
c:\program files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\2.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\2.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\2.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\2.bin\M3MSg.dll
c:\program files\MyWebSearch\bar\2.bin\M3OUtlcn.dll
c:\program files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSMLBTN.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSUABTN.DLL
c:\program files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\0030EC1B
c:\program files\MyWebSearch\bar\Cache\0030F5C0
c:\program files\MyWebSearch\bar\Cache\0030F8BE.bin
c:\program files\MyWebSearch\bar\Cache\0030FC58.bin
c:\program files\MyWebSearch\bar\Cache\0030FFA3.bin
c:\program files\MyWebSearch\bar\Cache\00310291.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\system32\drivers\fad.sys
c:\windows\system32\f3PSSavr.scr

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-28 )))))))))))))))))))))))))))))))
.

2010-03-27 16:13 . 2010-03-27 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-03-27 16:13 . 2010-03-27 17:18 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-03-27 16:12 . 2010-03-27 16:12 69232 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-27 16:06 . 2010-03-27 16:06 -------- d-----w- c:\program files\Bonjour
2010-03-27 15:57 . 2010-03-27 15:57 -------- d-----w- c:\program files\Common Files\Macrovision Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-27 17:20 . 2010-03-27 12:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-27 17:20 . 2010-03-27 12:18 -------- d-----w- c:\program files\SpywareBlaster
2010-03-27 16:10 . 2010-03-27 13:27 -------- d-----w- c:\program files\uTorrent
2010-03-27 16:09 . 2010-03-27 13:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2010-03-27 16:06 . 2010-03-27 08:29 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-27 13:39 . 2010-03-27 13:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Avira
2010-03-27 12:13 . 2010-03-27 08:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2010-03-27 12:02 . 2010-03-27 12:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2010-03-27 12:02 . 2010-03-27 12:01 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO
2010-03-27 12:00 . 2010-03-27 08:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Yahoo!
2010-03-27 12:00 . 2010-03-27 12:00 -------- d-----w- c:\program files\COMODO
2010-03-27 09:18 . 2010-03-27 09:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2010-03-27 09:16 . 2010-03-27 08:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Winamp
2010-03-27 09:03 . 2010-03-27 08:55 -------- d-----w- c:\program files\Winamp
2010-03-27 09:01 . 2010-03-27 09:01 -------- d-----r- c:\program files\Skype
2010-03-27 09:01 . 2010-03-27 09:01 -------- d-----w- c:\program files\Common Files\Skype
2010-03-27 09:01 . 2010-03-27 09:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-03-27 08:53 . 2010-03-27 08:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-27 08:48 . 2010-03-27 08:48 -------- d-----w- c:\program files\Microsoft Works
2010-03-27 08:48 . 2010-03-27 08:48 -------- d-----w- c:\program files\MSBuild
2010-03-27 08:46 . 2010-03-27 08:46 -------- d-----w- c:\program files\Microsoft.NET
2010-03-27 08:44 . 2010-03-27 08:44 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-03-27 08:39 . 2010-03-27 08:30 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-03-27 08:39 . 2010-03-27 08:39 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-03-27 08:39 . 2010-03-27 08:31 -------- d-----w- c:\program files\DivX
2010-03-27 08:39 . 2010-03-27 08:39 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-03-27 08:39 . 2010-03-27 08:39 57677 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-03-27 08:39 . 2010-03-27 08:39 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-03-27 08:34 . 2010-03-27 08:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-03-27 08:34 . 2010-03-27 08:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-27 08:34 . 2010-03-27 08:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-27 08:30 . 2010-03-27 08:39 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-03-27 08:30 . 2010-03-27 08:39 986904 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-03-27 08:07 . 2010-03-27 08:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-03-27 08:07 . 2010-03-27 08:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-03-27 08:07 . 2010-03-27 08:03 -------- d-----w- c:\program files\Yahoo!
2010-03-27 08:01 . 2010-03-27 08:01 5 ----a-w- c:\windows\system32\drivers\DELL_DIM_3000.MRK
2010-03-27 08:01 . 2010-03-27 08:01 5 ----a-w- c:\windows\system32\drivers\1028_DELL_DIM_3000.MRK
2010-03-27 07:47 . 2010-03-27 07:47 -------- d-----w- c:\program files\Avira
2010-03-27 07:47 . 2010-03-27 07:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-03-27 07:26 . 2010-03-27 06:50 -------- d-----w- c:\program files\RegShot
2010-03-27 07:25 . 2010-03-27 06:50 -------- d-----w- c:\program files\TaskSwitchXP
2010-03-27 07:25 . 2010-03-27 06:53 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-03-27 07:19 . 2010-03-27 07:19 -------- d-----w- c:\program files\Analog Devices
2010-03-27 07:19 . 2010-03-27 07:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-27 07:19 . 2010-03-27 07:03 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-27 07:17 . 2010-03-27 07:17 -------- d-----w- c:\program files\Intel
2010-03-27 07:05 . 2010-03-27 07:05 0 ----a-w- c:\windows\nsreg.dat
2010-03-27 06:54 . 2010-03-27 06:54 107132 ----a-w- c:\windows\UninstallFirefox.exe
2010-03-27 06:54 . 2010-03-27 06:53 5217 ----a-w- c:\windows\mozver.dat
2010-03-27 06:54 . 2010-03-27 06:54 -------- d-----w- c:\program files\Java
2010-03-27 06:54 . 2010-03-27 06:54 -------- d-----w- c:\program files\Common Files\Java
2010-03-27 06:52 . 2010-03-27 06:52 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-27 06:50 . 2010-03-27 06:50 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-27 06:50 . 2010-03-27 06:50 -------- d-----w- c:\program files\Unlocker
2010-03-27 06:50 . 2010-03-27 06:50 -------- d-----w- c:\program files\CCleaner
2010-03-23 10:40 . 2010-03-23 10:40 224808 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-03 09:54 . 2010-03-03 09:54 276648 ----a-w- c:\windows\system32\guard32.dll
2010-03-03 09:54 . 2010-03-03 09:54 86720 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-03-03 09:54 . 2010-03-03 09:54 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-03-03 09:54 . 2010-03-03 09:54 15376 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-03-01 01:05 . 2010-03-27 07:47 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-16 05:24 . 2010-03-27 07:47 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-07 08:07 . 2010-03-27 08:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 08:07 . 2010-03-27 08:34 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
.

------- Sigcheck -------


[-] 2005-11-28 . 9103FE3967CC3446A7BDE004ECA0B946 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll

c:\windows\System32\wscntfy.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-27 136176]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-03-19 5248312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-10 118784]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-03-23 1994640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"nlhr"="c:\windows\System32\AdvPack.Dll" [2004-08-04 99840]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"DisableCAD"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [3/23/2010 6:40 PM 224808]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [3/3/2010 5:54 PM 25160]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/27/2010 3:47 PM 135336]
.
Contents of the 'Scheduled Tasks' folder

2010-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1004336348-839522115-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-27 07:39]

2010-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1004336348-839522115-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-27 07:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZCfox000&ptb=C2QbcHhF.npyLASRMYdxJw
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xjwcbjjl.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - animeseason.com
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJPI150_05.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- File Associations -------
.
inifile=c:\windows\system32\NOTEPAD2.EXE %1
txtfile=c:\windows\system32\NOTEPAD2.EXE %1
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Free Download Manager - c:\program files\Free Download Manager\fdm.exe
HKU-Default-Run-TaskSwitchXP - c:\program files\TaskSwitchXP\TaskSwitchXP.exe
HKU-Default-Run-Free Download Manager - c:\program files\Free Download Manager\fdm.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-28 12:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2512)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2010-03-28 13:01:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-28 05:01

Pre-Run: 35,088,441,344 bytes free
Post-Run: 35,053,658,112 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - BABD2EFA38598E46946C0FB701DD89A1

80 Re: bds/small.iuj another one on Sun Mar 28, 2010 10:10 am

DragonMaster Jay


Site Owner
Site Owner
Topic is closed. You cannot run ComboFix w/o assistance of malware helper.


..........................................................
DragonMaster Jay
Administrative Director SecuraGeek Association
Advanced Malware Analysts Group Owner


Kaspersky E-Store Kaspersky Anti-Virus 2012: Click Here

Contribute/donate to our site

Ad Bot

View previous topic View next topic Back to top  Message [Page 6 of 6]

Goto page : Previous  1, 2, 3, 4, 5, 6

SecuraGeek Forums » Malware/Threat Removal » bds/small.iuj another one

Permissions in this forum:
You cannot reply to topics in this forum