Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Trojan.Gen2 removal

Started by Ami* , Apr 02 2012 01:58 AM

This topic is locked

2 replies to this topic

#1 Ami*

New Member

Members
1 posts

Posted 02 April 2012 - 01:58 AM

Hi all! Thanks for this forum. I'm followed the steps to remove the Trojan.Gen2 virus from my computer,and still have it. Please find below the related logs, the bottom one being the first, and the top, the last GMER log. I would greatly appreciate your advice on the next steps for removal.

N.B. I saved the ark.txt as GMERlog, attached.

...and...

DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11
Run by Jocelyn Morin at 19:00:07 on 2012-04-01
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.776 [GMT 2:00]
.
AV: Norton Internet Security 2006 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *Disabled*
FW: Norton Internet Security 2006 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Workspace\offSyncService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\YouSendIt\Express\YouSendIt.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Workspace\WorkspaceUpdate.exe
C:\Program Files\ManyCam\Bin\ManyCam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Belgacom\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Jocelyn Morin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jocelyn Morin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jocelyn Morin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jocelyn Morin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jocelyn Morin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jocelyn Morin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jocelyn Morin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navw32.exe
C:\Documents and Settings\Jocelyn Morin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Jocelyn Morin\My Documents\Downloads\Defogger.exe
C:\Program Files\Registry Mechanic\RegMech.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?AF=110000&babsrc=HP_ss&mntrId=c404da4200000000000000e018123456
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = socks=127.0.0.1:4021
uInternet Settings,ProxyOverride = local;*.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo2.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: CNavExtBho Class: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Internet Security 2006: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
TB: Norton AntiVirus: {c4069e3a-68f1-403e-b40e-20066696354b} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo2.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [YouSendIt.exe] c:\program files\yousendit\express\YouSendIt.exe -ui none
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [Starfield Updater] "c:\program files\workspace\WorkspaceUpdate.exe"
uRun: [ManyCam] "c:\program files\manycam\bin\ManyCam.exe" /silent
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Akamai NetSession Interface] "c:\documents and settings\jocelyn morin\local settings\application data\akamai\netsession_win.exe"
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Belgacom] "c:\program files\belgacom\bin\sprtcmd.exe" /P Belgacom
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Lexmark X1100 Series] "c:\program files\lexmark x1100 series\lxbkbmgr.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\jocely~1\startm~1\programs\startup\cyber-~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mbcame~1.lnk - c:\program files\pixela\everio mediabrowser\MBCameraMonitor.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mic273~1\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7B8A8262-15D0-49DD-97CC-F3F70DC03A4A} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 SMR250;Symantec SMR Utility Service 2.5.0;c:\windows\system32\drivers\SMR250.SYS [2012-4-1 83064]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2005-8-26 53896]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2005-9-17 191848]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2005-9-17 202088]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2005-9-17 169320]
R2 File Backup;File Backup Service;c:\program files\workspace\offSyncService.exe [2011-2-2 1215216]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-29 652360]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\NAVAPSVC.EXE [2005-10-7 139888]
R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [2010-6-10 35840]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2011-11-21 632792]
R2 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);c:\program files\belgacom\bin\sprtsvc.exe [2008-5-29 202016]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-12-25 1251720]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-3-25 106104]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2011-9-29 21632]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-29 20464]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120331.009\NAVENG.Sys [2012-4-1 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120331.009\NavEx15.Sys [2012-4-1 1576312]
R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2005-8-26 334984]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [2008-12-27 23096]
S3 MusCVideo;MusCVideo;c:\windows\system32\drivers\MusCVideo.sys [2008-12-27 3768]
S3 OMNUSB;Omnikey AG CardMan 2020 USB Smart Card Reader;c:\windows\system32\drivers\sccmusbm.sys [2010-4-21 23936]
S3 SAVScan;Symantec AVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2005-8-26 198368]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2012-04-01 16:14:09 -------- d-sha-r- C:\cmdcons
2012-04-01 16:11:05 98816 ----a-w- c:\windows\sed.exe
2012-04-01 16:11:05 518144 ----a-w- c:\windows\SWREG.exe
2012-04-01 16:11:05 256000 ----a-w- c:\windows\PEV.exe
2012-04-01 16:11:05 208896 ----a-w- c:\windows\MBR.exe
2012-04-01 09:58:06 83064 ----a-w- c:\windows\system32\drivers\SMR250.SYS
2012-04-01 09:58:06 -------- d-----w- c:\documents and settings\jocelyn morin\application data\SPE
2012-04-01 09:49:12 -------- d-----w- c:\windows\system32\NtmsData
2012-04-01 06:45:17 -------- d-----w- C:\Control Panel
2012-03-31 15:52:39 -------- d-----w- c:\documents and settings\jocelyn morin\application data\Adobe Mini Bridge CS5.1
2012-03-31 15:52:38 -------- d-----w- c:\documents and settings\jocelyn morin\application data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-03-29 14:17:41 -------- d-----w- c:\documents and settings\jocelyn morin\application data\Malwarebytes
2012-03-29 14:17:33 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-03-29 14:17:32 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 14:17:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-29 12:06:37 -------- d-----w- c:\documents and settings\jocelyn morin\application data\BabylonToolbar
2012-03-29 10:49:35 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-03-29 10:45:06 -------- d-----w- c:\documents and settings\jocelyn morin\local settings\application data\Microsoft Help
2012-03-29 10:44:34 -------- d-----w- c:\program files\Microsoft Expression
2012-03-19 11:50:45 -------- d-----w- c:\documents and settings\jocelyn morin\application data\com.adobe.dmp.contentviewer
2012-03-16 16:36:04 -------- d-----w- c:\program files\DealPly
2012-03-16 16:35:21 -------- d-----w- c:\program files\BabylonToolbar
2012-03-16 16:34:28 98304 ----a-w- c:\windows\system32\redmonnt.dll
2012-03-16 16:34:20 -------- d-----w- c:\program files\FoxTabPDFConverter
2012-03-16 16:34:12 -------- d-----w- c:\documents and settings\jocelyn morin\local settings\application data\Babylon
2012-03-16 16:34:11 -------- d-----w- c:\documents and settings\jocelyn morin\application data\Babylon
2012-03-16 16:34:11 -------- d-----w- c:\documents and settings\all users\application data\Babylon
2012-03-10 19:25:59 -------- d-----w- C:\adobeTemp
2012-03-10 18:53:57 -------- d-----w- c:\documents and settings\jocelyn morin\application data\PDAppFlex
2012-03-10 16:08:37 -------- d-----w- c:\documents and settings\jocelyn morin\application data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-03-10 12:25:27 -------- d-----w- c:\documents and settings\all users\application data\regid.1986-12.com.adobe
2012-03-10 10:33:51 -------- d-----w- c:\documents and settings\jocelyn morin\application data\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-03-10 10:33:42 -------- d-----w- c:\program files\Adobe Download Assistant
.
==================== Find3M ====================
.
2012-03-02 11:59:46 487666616 ----a-w- c:\program files\AcrobatPro_10_Web_WWEFD.exe
2012-02-22 11:02:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-22 11:02:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-26 08:01:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-04 00:48:42 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
.
============= FINISH: 19:03:50.14 ===============

....and...

ComboFix 12-04-01.01 - Jocelyn Morin 04/01/2012 18:16:53.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1159 [GMT 2:00]
Running from: c:\documents and settings\Jocelyn Morin\My Documents\Downloads\ComboFix.exe
AV: Norton Internet Security 2006 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Jocelyn Morin\Application Data\PriceGong
c:\documents and settings\Jocelyn Morin\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Jocelyn Morin\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Jocelyn Morin\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Jocelyn Morin\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Jocelyn Morin\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Jocelyn Morin\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Jocelyn Morin\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Jocelyn Morin\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Jocelyn Morin\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Jocelyn Morin\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Jocelyn Morin\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Jocelyn Morin\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Jocelyn Morin\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Jocelyn Morin\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Jocelyn Morin\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Jocelyn Morin\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Jocelyn Morin\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Jocelyn Morin\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Jocelyn Morin\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Jocelyn Morin\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Jocelyn Morin\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Jocelyn Morin\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Jocelyn Morin\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Jocelyn Morin\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Jocelyn Morin\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Jocelyn Morin\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Jocelyn Morin\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Jocelyn Morin\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Jocelyn Morin\WINDOWS
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\SET1B0.tmp
c:\windows\system32\SET1B2.tmp
c:\windows\system32\SET1B7.tmp
c:\windows\system32\SET1BB.tmp
c:\windows\system32\SET2B6.tmp
c:\windows\system32\SET2BB.tmp
c:\windows\system32\SET2BF.tmp
c:\windows\system32\SET2C2.tmp
c:\windows\system32\SET2C5.tmp
c:\windows\system32\SET2C6.tmp
c:\windows\system32\SET2C7.tmp
c:\windows\system32\SET2C8.tmp
c:\windows\system32\SET2CD.tmp
c:\windows\system32\SET2D7.tmp
c:\windows\system32\SET2F6.tmp
c:\windows\system32\SET2FB.tmp
c:\windows\system32\SET2FC.tmp
c:\windows\system32\SET2FD.tmp
c:\windows\system32\SET2FE.tmp
c:\windows\system32\SET2FF.tmp
c:\windows\system32\SET82.tmp
c:\windows\system32\SET89.tmp
c:\windows\system32\SET92.tmp
c:\windows\system32\SET95.tmp
c:\windows\system32\SET99.tmp
c:\windows\system32\SET9A.tmp
c:\windows\system32\SETA1.tmp
c:\windows\system32\SETA2.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-03-01 to 2012-04-01 )))))))))))))))))))))))))))))))
.
.
2012-04-01 09:58 . 2012-04-01 09:58 83064 ----a-w- c:\windows\system32\drivers\SMR250.SYS
2012-04-01 09:58 . 2012-04-01 09:58 -------- d-----w- c:\documents and settings\Jocelyn Morin\Application Data\SPE
2012-04-01 09:49 . 2012-04-01 09:55 -------- d-----w- c:\windows\system32\NtmsData
2012-04-01 06:45 . 2012-04-01 06:45 -------- d-----w- C:\Control Panel
2012-03-31 15:52 . 2012-03-31 15:52 -------- d-----w- c:\documents and settings\Jocelyn Morin\Application Data\Adobe Mini Bridge CS5.1
2012-03-31 15:52 . 2012-03-31 15:52 -------- d-----w- c:\documents and settings\Jocelyn Morin\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-03-29 14:17 . 2012-03-29 14:17 -------- d-----w- c:\documents and settings\Jocelyn Morin\Application Data\Malwarebytes
2012-03-29 14:17 . 2012-03-29 14:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-03-29 14:17 . 2012-03-29 14:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-29 14:17 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 10:49 . 2012-03-29 10:49 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-03-29 10:45 . 2012-03-29 10:45 -------- d-----w- c:\documents and settings\Jocelyn Morin\Local Settings\Application Data\Microsoft Help
2012-03-29 10:44 . 2012-03-29 10:49 -------- d-----w- c:\program files\Microsoft Expression
2012-03-29 10:44 . 2012-03-29 10:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2012-03-19 11:50 . 2012-03-19 11:50 -------- d-----w- c:\documents and settings\Jocelyn Morin\Application Data\com.adobe.dmp.contentviewer
2012-03-19 05:25 . 2012-03-19 05:25 -------- d-----w- c:\program files\Common Files\Skype
2012-03-16 16:36 . 2012-03-16 16:36 -------- d-----w- c:\program files\DealPly
2012-03-16 16:35 . 2012-03-16 16:35 -------- d-----w- c:\program files\BabylonToolbar
2012-03-16 16:35 . 2012-03-16 16:35 1491 ----a-w- C:\user.js
2012-03-16 16:34 . 2007-08-21 12:32 98304 ----a-w- c:\windows\system32\redmonnt.dll
2012-03-16 16:34 . 2012-03-16 16:34 -------- d-----w- c:\program files\FoxTabPDFConverter
2012-03-16 16:34 . 2012-03-16 16:34 -------- d-----w- c:\documents and settings\Jocelyn Morin\Local Settings\Application Data\Babylon
2012-03-16 16:34 . 2012-03-16 16:34 -------- d-----w- c:\documents and settings\Jocelyn Morin\Application Data\Babylon
2012-03-16 16:34 . 2012-03-16 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
2012-03-10 19:25 . 2012-03-10 19:25 -------- d-----w- C:\adobeTemp
2012-03-10 18:53 . 2012-03-10 18:53 -------- d-----w- c:\documents and settings\Jocelyn Morin\Application Data\PDAppFlex
2012-03-10 16:08 . 2012-03-10 16:08 -------- d-----w- c:\documents and settings\Jocelyn Morin\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-03-10 12:25 . 2012-03-29 15:09 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2012-03-10 10:33 . 2012-03-10 10:33 -------- d-----w- c:\documents and settings\Jocelyn Morin\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-03-10 10:33 . 2012-03-10 10:33 -------- d-----w- c:\program files\Adobe Download Assistant
2012-03-10 10:33 . 2012-03-10 10:33 -------- d-----w- c:\program files\Common Files\Adobe AIR
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-02 11:59 . 2012-03-02 11:06 487666616 ----a-w- c:\program files\AcrobatPro_10_Web_WWEFD.exe
2012-02-22 11:02 . 2012-02-22 11:02 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-22 11:02 . 2010-12-21 09:45 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-26 08:01 . 2011-06-16 05:11 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngin0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2010-10-18 3908192]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTo2.dll" [2011-05-09 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"YouSendIt.exe"="c:\program files\YouSendIt\Express\YouSendIt.exe" [2010-09-07 197632]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-02-23 740216]
"Starfield Updater"="c:\program files\Workspace\WorkspaceUpdate.exe" [2011-08-29 33984]
"ManyCam"="c:\program files\ManyCam\Bin\ManyCam.exe" [2011-12-12 1760328]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"Akamai NetSession Interface"="c:\documents and settings\Jocelyn Morin\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"nwiz"="nwiz.exe" [2006-07-20 1519616]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-11 53096]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-19 198160]
"Belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
c:\documents and settings\Jocelyn Morin\Start Menu\Programs\Startup\
Cyber-shot Viewer Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-1-20 155648]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2006-9-12 29696]
MBCameraMonitor.lnk - c:\program files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe [2009-10-21 541976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\devolo\\informer\\devinf.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 SMR250;Symantec SMR Utility Service 2.5.0;c:\windows\system32\drivers\SMR250.SYS [4/1/2012 11:58 AM 83064]
R2 File Backup;File Backup Service;c:\program files\Workspace\offSyncService.exe [2/2/2011 11:12 AM 1215216]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/29/2012 4:17 PM 652360]
R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [6/10/2010 2:32 PM 35840]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [11/21/2011 2:39 PM 632792]
R2 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);c:\program files\Belgacom\bin\sprtsvc.exe [5/29/2008 11:18 AM 202016]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/25/2012 4:24 PM 106104]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [9/29/2011 9:04 AM 21632]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/29/2012 4:17 PM 20464]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/29/2012 9:50 AM 158856]
S3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [12/27/2008 1:04 PM 23096]
S3 MusCVideo;MusCVideo;c:\windows\system32\drivers\MusCVideo.sys [12/27/2008 1:04 PM 3768]
S3 OMNUSB;Omnikey AG CardMan 2020 USB Smart Card Reader;c:\windows\system32\drivers\sccmusbm.sys [4/21/2010 6:46 AM 23936]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 2:37 PM 517096]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-31 c:\windows\Tasks\AdobeAAMUpdater-1.0-FAMILYROOM-Jocelyn Morin.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-03-10 16:42]
.
2012-03-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:57]
.
2012-03-09 c:\windows\Tasks\doxillionShakeIcon.job
- c:\program files\NCH Software\Doxillion\doxillion.exe [2012-03-09 19:40]
.
2012-04-01 c:\windows\Tasks\expresszipShakeIcon.job
- c:\program files\NCH Software\ExpressZip\expresszip.exe [2012-04-01 06:40]
.
2012-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3488350748-37108786-2640182253-1006Core.job
- c:\documents and settings\Jocelyn Morin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-06 16:30]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3488350748-37108786-2640182253-1006UA.job
- c:\documents and settings\Jocelyn Morin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-06 16:30]
.
2012-03-31 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Jocelyn Morin.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-10-06 10:13]
.
2012-04-01 c:\windows\Tasks\Norton Security Scan for Jocelyn Morin.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-01-17 14:47]
.
2011-08-29 c:\windows\Tasks\photostageSevenDays.job
- c:\program files\NCH Software\PhotoStage\photostage.exe [2011-08-29 12:06]
.
2011-08-29 c:\windows\Tasks\photostageShakeIcon.job
- c:\program files\NCH Software\PhotoStage\photostage.exe [2011-08-29 12:06]
.
2012-03-31 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-11-21 09:02]
.
2012-04-01 c:\windows\Tasks\User_Feed_Synchronization-{79F98339-8F4C-4DE9-8651-847C6DCE4AB3}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
2012-02-11 c:\windows\Tasks\videopadDowngrade.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2011-08-29 12:04]
.
2012-02-03 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2011-08-29 12:04]
.
2012-02-10 c:\windows\Tasks\wavepadDowngrade.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2011-08-29 12:05]
.
2012-02-02 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2011-08-29 12:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?AF=110000&babsrc=HP_ss&mntrId=c404da4200000000000000e018123456
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = socks=127.0.0.1:4021
uInternet Settings,ProxyOverride = local;*.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-workspacedesktop - c:\program files\Starfield\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-01 18:25
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-04-01 18:28:29
ComboFix-quarantined-files.txt 2012-04-01 16:28
.
Pre-Run: 135,314,341,888 bytes free
Post-Run: 139,451,121,664 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 15CC830CADB1B74A332AF2E75FDD76F3

Attached Files

attach.txt 22.84K 0 downloads
GMER log.log 38.9K 0 downloads

Back to top

BC Ads
BleepingComputer.com

#2 HelpBot

Bleepin' Binary Bot

Bots
7,166 posts

Gender:Male

Posted 08 April 2012 - 02:00 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image

In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/448518 <<< CLICK THIS LINK

If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image

If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
- Please do this even if you have previously posted logs for us.
- If you were unable to produce the logs originally please try once more.
- If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
- If you are unsure about any of these characteristics just post what you can and we will guide you.
Please tell us if you have your original Windows CD/DVD available.
Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
- DDS.scr
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

Back to top

#3 HelpBot

Bleepin' Binary Bot

Bots
7,166 posts

Gender:Male

Posted 08 April 2012 - 03:05 AM

You have stated that you no longer need help with this issue, therefore I am closing this topic. If that is not the case and you need or wish to continue with this topic, please send any Moderator a Personal Message (PM) that you would like this topic re-opened.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!