Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Repeat infections of Trojan.DNSChanger


  • This topic is locked This topic is locked
21 replies to this topic

#1 okiewild

okiewild

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 10 April 2009 - 05:55 PM

I've been getting blank pop-up windows when Windows XP starts up. The URL in the title bar keeps changing. Most recently it was p.media-servers.net and pop.fastclick.net. But it will change the next time. I have all my Windows security turned on including the firewall. Norton 360 Premier Edition is running but it never finds anything wrong on a scan. I ran MalwareBytes and it found and deleted six instances of DhcpNameServer (Trojan.DNSChanger). I restarted and there was a new pop-up as soon as the computer started and before I started any programs. Same old problem. Occasionally this bug will zap my browser's ability to display Web pages unless I happen to know the IP address.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Administrator at 17:34:02.86 on Fri 04/10/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3055.2478 [GMT -5:00]

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Outdated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: Norton 360 Premier Edition *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
FW: Norton 360 Premier Edition *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe
C:\Program Files\Norton 360 Premier Edition\Engine\3.0.0.135\ccSvcHst.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Ares\Ares.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = 192.168.2.1:80
uInternet Settings,ProxyOverride = *.local
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360 premier edition\engine\3.0.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360 premier edition\engine\3.0.0.135\IPSBHO.DLL
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360 premier edition\engine\3.0.0.135\coIEPlg.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: {58A83E4F-477A-4A3F-BF9B-B65BC2BD5598} - No File
TB: {E166B4A2-83E7-11D3-B4FD-004005A47AAA} - No File
TB: {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ares] "c:\program files\ares\Ares.exe" -h
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launch~1.lnk - c:\windows\installer\{d8e363a7-88b7-446d-b2c0-e26ce4dc8e54}\_2cd672ae.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winamp.lnk - c:\program files\winamp\winamp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: allmusic.com
Trusted Zone: bizatlarge.net
Trusted Zone: buysusa.com
Trusted Zone: careerbuilder.com
Trusted Zone: conexis.com
Trusted Zone: hrblock.com
Trusted Zone: keithpurtell.com
Trusted Zone: macromedia.com
Trusted Zone: microsoft.com\office
Trusted Zone: monster.com
Trusted Zone: moveonpac.org
Trusted Zone: networksolutions.com
Trusted Zone: opm.gov\*.usajobs
Trusted Zone: songwriterstipjar.com
Trusted Zone: state.mo.us
Trusted Zone: usaa.com
Trusted Zone: wikipedia.org
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15026/CTSUEng.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108172161156
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {A57B79D8-9501-42B7-BA9B-B961454712F2} - hxxps://www.jiwire.com/activeX/wlaninfo.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15026/CTPID.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360 premier edition\engine\3.0.0.135\CoIEPlg.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - No File
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages =

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\7ky188m3.default\
FF - prefs.js: browser.search.selectedEngine - Orbit Search (Powered By Google)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/advanced_search?hl=en
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdrmv2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdsplay.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwmsdrm.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll

============= SERVICES / DRIVERS ===============

R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.SYS [2001-10-29 23120]
R0 MrFilter;EasyWrite Driver;c:\windows\system32\drivers\MRFilter.sys [2006-9-13 12384]
R0 ppa;Iomega Parallel Port Filter Driver;c:\windows\system32\drivers\ppa.sys [2005-4-28 17792]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0300000.087\SymEFA.sys [2009-4-9 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0300000.087\BHDrvx86.sys [2009-4-9 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0300000.087\cchpx86.sys [2009-4-9 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090408.002\IDSXpx86.sys [2009-4-9 276344]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-4-9 101936]
S3 CamdDriverV32;CamdDriverV32;c:\windows\system32\drivers\CamdDriverV32.sys [2008-4-30 508544]
S3 CamdVideo32;CamdVideo32;c:\windows\system32\drivers\CamdVideo32.sys [2008-4-30 3768]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
S3 Dnpiesam;Dnpiesam; [x]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\ICDUSB2.sys [2005-4-26 39048]
S3 ma763004;M-Audio MobilePre USB;c:\windows\system32\drivers\MA763004.sys [2008-3-18 32000]
S3 MDFSYSNT;MDFSYSNT;c:\windows\system32\drivers\MDFSYSNT.SYS [2001-11-13 214192]
S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090410.003\NAVENG.SYS [2009-4-10 89104]
S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090410.003\NAVEX15.SYS [2009-4-10 876144]
S3 nvmd;Neuratron Ltd - Virtual Midi Port SvcDesc(WDM);c:\windows\system32\drivers\nvmd2k.sys [2007-5-2 7680]
S3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys --> c:\windows\system32\drivers\tbcspud.sys [?]
S3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys --> c:\windows\system32\drivers\tbcwdm.sys [?]
S3 vtdg46xx;vtdg46xx;\??\c:\progra~1\turtle~1\santac~1\contro~1\vtdg46xx.sys --> c:\progra~1\turtle~1\santac~1\contro~1\vtdg46xx.sys [?]

=============== Created Last 30 ================

2009-04-09 19:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-04-09 19:30 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-04-09 19:30 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-09 19:30 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-04-09 19:30 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-09 19:30 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-04-09 19:30 <DIR> --d----- c:\program files\Symantec
2009-04-09 19:29 <DIR> --d----- c:\windows\system32\drivers\N360
2009-04-09 19:29 <DIR> --d----- c:\program files\Norton 360 Premier Edition
2009-04-09 19:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCSettings
2009-04-09 19:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-04-09 19:17 <DIR> --d----- c:\program files\NortonInstaller
2009-04-09 19:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-04-04 00:36 <DIR> --d----- c:\program files\Easy SpyRemover
2009-04-03 17:30 <DIR> --d----- c:\program files\iTunes
2009-04-03 17:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-04-03 17:22 <DIR> --d----- c:\program files\Bonjour
2009-04-03 16:43 73,728 a------- c:\windows\system32\javacpl.cpl
2009-04-03 12:01 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-03 12:01 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-03 12:01 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-03 12:01 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-03 12:00 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-04-03 11:59 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-04-03 11:50 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-04-03 11:50 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-03-30 22:31 4,958,588 a------- c:\windows\{00000001-00000000-00000000-00001102-00000008-10211102}.BAK
2009-03-28 19:50 <DIR> --d----- c:\program files\SpywareBlaster
2009-03-25 19:25 <DIR> --d----- c:\program files\Trend Micro
2009-03-24 21:39 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-03-24 21:39 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-03-24 21:38 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-03-24 21:38 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-03-24 19:05 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-24 19:05 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-24 19:05 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-23 22:48 <DIR> --d----- c:\program files\common files\DivX Shared

==================== Find3M ====================

2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-14 20:24 180,224 a------- c:\windows\UninstallWSST.exe
2009-02-14 20:24 28,672 a------- c:\windows\system32\ssconfig.exe
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-01-26 20:35 129,784 -------- c:\windows\system32\pxafs.dll
2009-01-26 20:35 120,056 -------- c:\windows\system32\pxcpyi64.exe
2009-01-26 20:35 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-01-26 20:34 90,112 a------- c:\windows\system32\dpl100.dll
2009-01-26 20:34 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-01-26 20:34 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-01-26 20:34 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-01-26 20:34 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-01-26 20:34 684,032 a------- c:\windows\system32\DivX.dll
2009-01-16 00:02 249,856 -------- c:\windows\Setup1.exe
2009-01-16 00:02 73,216 a------- c:\windows\ST6UNST.EXE
2007-03-17 15:12 303,104 a------- c:\program files\common files\lame_enc.dll
2007-02-12 19:10 2,682,880 -------- c:\documents and settings\all users\VCREDI~3.EXE
2006-09-09 17:48 2,112 a------- c:\documents and settings\administrator\fet2_settings.dat
2008-09-27 23:35 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091520080922\index.dat
2008-09-27 23:35 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092720080928\index.dat

============= FINISH: 17:35:06.14 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:02:49 AM

Posted 24 April 2009 - 12:44 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 okiewild

okiewild
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 25 April 2009 - 06:18 PM

DDS (Ver_09-03-16.01) - NTFSx86
Run by Administrator at 18:12:01.73 on Sat 04/25/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3055.2165 [GMT -5:00]

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Outdated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: Norton 360 Premier Edition *On-access scanning disabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
FW: Norton 360 Premier Edition *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Norton 360 Premier Edition\Engine\3.0.0.135\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Norton 360 Premier Edition\Engine\3.0.0.135\ccSvcHst.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = 192.168.2.1:80
uInternet Settings,ProxyOverride = *.local
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program

files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search &

destroy\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360 premier

edition\engine\3.0.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360

premier edition\engine\3.0.0.135\IPSBHO.DLL
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat

7.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat

7.0\acrobat\AcroIEFavClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360 premier

edition\engine\3.0.0.135\coIEPlg.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: {58A83E4F-477A-4A3F-BF9B-B65BC2BD5598} - No File
TB: {E166B4A2-83E7-11D3-B4FD-004005A47AAA} - No File
TB: {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat

7.0\acrobat\AcroIEFavClient.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator

"c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launch~1.lnk -

c:\windows\installer\{d8e363a7-88b7-446d-b2c0-e26ce4dc8e54}\_2cd672ae.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\orbit.lnk - c:\program

files\orbitdownloader\orbitdm.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winamp.lnk - c:\program

files\winamp\winamp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows

desktop search\WindowsSearch.exe
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat

7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat

7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat

7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat

7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat

7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat

7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program

files\spybot - search & destroy\SDHelper.dll
Trusted Zone: allmusic.com
Trusted Zone: bizatlarge.net
Trusted Zone: buysusa.com
Trusted Zone: careerbuilder.com
Trusted Zone: conexis.com
Trusted Zone: hrblock.com
Trusted Zone: keithpurtell.com
Trusted Zone: macromedia.com
Trusted Zone: microsoft.com\office
Trusted Zone: monster.com
Trusted Zone: moveonpac.org
Trusted Zone: networksolutions.com
Trusted Zone: opm.gov\*.usajobs
Trusted Zone: songwriterstipjar.com
Trusted Zone: state.mo.us
Trusted Zone: usaa.com
Trusted Zone: wikipedia.org
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15026/CTSUEng.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -

hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108172161156
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {A57B79D8-9501-42B7-BA9B-B961454712F2} - hxxps://www.jiwire.com/activeX/wlaninfo.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} -

hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15026/CTPID.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360 premier

edition\engine\3.0.0.135\CoIEPlg.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll
SEH: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - No File
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program

files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages =

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\7ky188m3.default\
FF - prefs.js: browser.search.selectedEngine - Orbit Search (Powered By Google)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/advanced_search?hl=en
FF - component: c:\documents and settings\all users\application

data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application

data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdrmv2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdsplay.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwmsdrm.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-23 64160]
R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.SYS [2001-10-29 23120]
R0 MrFilter;EasyWrite Driver;c:\windows\system32\drivers\MRFilter.sys [2006-9-13 12384]
R0 ppa;Iomega Parallel Port Filter Driver;c:\windows\system32\drivers\ppa.sys [2005-4-28 17792]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0300000.087\SymEFA.sys

[2009-4-9 310320]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-4-10 11608]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0300000.087\BHDrvx86.sys

[2009-4-9 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0300000.087\cchpx86.sys [2009-4-9

482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application

data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090420.001\IDSXpx86.sys

[2009-4-24 276344]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-4-10

108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-4-10 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-4-10 55640]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe

[2009-3-9 951632]
R2 MobilePreInstallerService;MobilePre Installer;c:\program files\m-audio\mobilepre\install\MPInst.exe

[2008-3-18 49152]
R2 N360;Norton 360;c:\program files\norton 360 premier edition\engine\3.0.0.135\ccSvcHst.exe [2009-4-9

115560]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec

shared\eengine\EraserUtilRebootDrv.sys [2009-4-9 101936]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application

data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090425.005\NAVENG.SY

S [2009-4-25 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application

data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090425.005\NAVEX15.SY

S [2009-4-25 876144]
S3 CamdDriverV32;CamdDriverV32;c:\windows\system32\drivers\CamdDriverV32.sys [2008-4-30 508544]
S3 CamdVideo32;CamdVideo32;c:\windows\system32\drivers\CamdVideo32.sys [2008-4-30 3768]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
S3 Dnpiesam;Dnpiesam; [x]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\ICDUSB2.sys [2005-4-26 39048]
S3 ma763004;M-Audio MobilePre USB;c:\windows\system32\drivers\MA763004.sys [2008-3-18 32000]
S3 MDFSYSNT;MDFSYSNT;c:\windows\system32\drivers\MDFSYSNT.SYS [2001-11-13 214192]
S3 nvmd;Neuratron Ltd - Virtual Midi Port SvcDesc(WDM);c:\windows\system32\drivers\nvmd2k.sys [2007-5-2

7680]
S3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys -->

c:\windows\system32\drivers\tbcspud.sys [?]
S3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys -->

c:\windows\system32\drivers\tbcwdm.sys [?]
S3 vtdg46xx;vtdg46xx;\??\c:\progra~1\turtle~1\santac~1\contro~1\vtdg46xx.sys -->

c:\progra~1\turtle~1\santac~1\contro~1\vtdg46xx.sys [?]

=============== Created Last 30 ================

2009-04-24 08:12 15,688 a------- c:\windows\system32\lsdelete.exe
2009-04-23 23:37 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-04-23 23:37 <DIR> -cd-h---

c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-23 23:36 <DIR> --d----- c:\program files\Lavasoft
2009-04-16 22:55 <DIR> --dsh--- c:\documents and settings\administrator\PrivacIE
2009-04-16 22:52 <DIR> --dsh--- c:\documents and settings\administrator\IETldCache
2009-04-16 22:45 <DIR> -cd-h--- c:\windows\ie8
2009-04-14 22:52 <DIR> --d--r-- c:\program files\Norton Support
2009-04-10 20:18 <DIR> --d----- c:\documents and settings\administrator\MJRegWatcher
2009-04-10 18:16 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-04-10 18:16 <DIR> --d----- c:\program files\Avira
2009-04-10 18:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-04-09 19:31 <DIR> --d-----

c:\docume~1\alluse~1\applic~1\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-04-09 19:30 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-04-09 19:30 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-09 19:30 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-04-09 19:30 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-09 19:30 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-04-09 19:30 <DIR> --d----- c:\program files\Symantec
2009-04-09 19:29 <DIR> --d----- c:\windows\system32\drivers\N360
2009-04-09 19:29 <DIR> --d----- c:\program files\Norton 360 Premier Edition
2009-04-09 19:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCSettings
2009-04-09 19:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-04-09 19:17 <DIR> --d----- c:\program files\NortonInstaller
2009-04-09 19:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-04-04 00:36 <DIR> --d----- c:\program files\Easy SpyRemover
2009-04-03 17:30 <DIR> --d----- c:\program files\iTunes
2009-04-03 17:30 <DIR> --d-----

c:\docume~1\alluse~1\applic~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-04-03 17:22 <DIR> --d----- c:\program files\Bonjour
2009-04-03 16:43 73,728 a------- c:\windows\system32\javacpl.cpl
2009-04-03 12:01 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-03 12:01 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-03 12:01 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-03 12:01 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-03 12:00 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-04-03 11:59 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-04-03 11:50 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-04-03 11:50 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-03-30 22:31 4,958,588 a-------

c:\windows\{00000001-00000000-00000000-00001102-00000008-10211102}.BAK
2009-03-28 19:50 <DIR> --d----- c:\program files\SpywareBlaster

==================== Find3M ====================

2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-02-14 20:24 180,224 a------- c:\windows\UninstallWSST.exe
2009-02-14 20:24 28,672 a------- c:\windows\system32\ssconfig.exe
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-01-26 20:35 129,784 -------- c:\windows\system32\pxafs.dll
2009-01-26 20:35 120,056 -------- c:\windows\system32\pxcpyi64.exe
2009-01-26 20:35 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-01-26 20:34 90,112 a------- c:\windows\system32\dpl100.dll
2009-01-26 20:34 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-01-26 20:34 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-01-26 20:34 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-01-26 20:34 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-01-26 20:34 684,032 a------- c:\windows\system32\DivX.dll
2007-03-17 15:12 303,104 a------- c:\program files\common files\lame_enc.dll
2007-02-12 19:10 2,682,880 -------- c:\documents and settings\all users\VCREDI~3.EXE
2006-09-09 17:48 2,112 a------- c:\documents and settings\administrator\fet2_settings.dat
2008-09-27 23:35 32,768 a--sh--- c:\windows\system32\config\systemprofile\local

settings\history\history.ie5\mshist012008091520080922\index.dat
2008-09-27 23:35 32,768 a--sh--- c:\windows\system32\config\systemprofile\local

settings\history\history.ie5\mshist012008092720080928\index.dat

============= FINISH: 18:12:24.12 ===============

Attached Files



#4 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:02:49 AM

Posted 25 April 2009 - 09:02 PM

Howdy, my name is Hoov, and I will be helping you with your dilemma.

Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread.

Here is what I am asking you to do during the repair of your computer

*Tell me everything that you have done, if anything, to try and fix this problem.

*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it.

*Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

*Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.

Now onto trying to fix your computer.

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Download and scan with CCleaner
1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:
  • Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
  • Clean all the entries in the "Windows Explorer" section.
  • Clean all entries in the "System" section.
  • Clean all entries in the "Advanced" section.
  • Clean any others that you choose.

In the Applications Tab:
  • Clean all except cookies in the Firefox/Mozilla section if you use it.
  • Clean all in the Opera section if you use it.
  • Clean Sun Java in the Internet Section.
  • Clean any others that you choose.
4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

Update Malwarebytes' Anti-Malware and run a full scan instead of a quick scan. Post the log up with your next response.

* Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#5 okiewild

okiewild
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 02 May 2009 - 06:01 PM

Hoov-01
http://www.bleepingcomputer.com/forums/top...ml#entry1239035

Hoov:

Sorry for the slow response. Somehow I didn't get the notice that you had posted a message.
I have tried running Ad-aware, Malwarebytes, Norton 360 and Spybot. Usually Malwarebytes. The same six registry changes are found (Trojan.DNSChanger) and repeatedly found and removed, but they always come back on reboot.

I ran CCleaner as you instructed.

And here is the Malwarebytes log ….
Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 5.1.2600 Service Pack 3

5/2/2009 5:24:15 PM
mbam-log-2009-05-02 (17-23-54).txt

Scan type: Full Scan (C:\|)
Objects scanned: 232488
Time elapsed: 1 hour(s), 23 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.139 85.255.112.121 1.2.3.4 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1968ff9b-8fa9-46c8-bf1b-2edd19d00cc7}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.139 85.255.112.121 1.2.3.4 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.139 85.255.112.121 1.2.3.4 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{1968ff9b-8fa9-46c8-bf1b-2edd19d00cc7}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.139 85.255.112.121 1.2.3.4 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.139 85.255.112.121 1.2.3.4 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{1968ff9b-8fa9-46c8-bf1b-2edd19d00cc7}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.139 85.255.112.121 1.2.3.4 -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-------------------------------------------------

And here is the ComboFix log…

ComboFix 09-05-02.4 - Administrator 05/02/2009 17:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3055.2277 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Outdated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: Norton 360 Premier Edition *On-access scanning disabled* (Updated)
FW: Norton 360 Premier Edition *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Local Settings\TempRegsvr32.exe
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\mdm.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2009-04-02 to 2009-05-02 )))))))))))))))))))))))))))))))
.

2009-05-01 04:15 . 2009-05-01 04:15 -------- d-----w c:\program files\Ares backup
2009-04-24 13:12 . 2009-03-09 19:06 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-24 04:37 . 2009-03-09 19:06 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-24 04:37 . 2009-04-24 04:37 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-24 04:36 . 2009-04-24 04:36 -------- d-----w c:\program files\Lavasoft
2009-04-17 03:55 . 2009-04-17 03:55 -------- d-sh--w c:\documents and settings\Administrator\PrivacIE
2009-04-17 03:52 . 2009-04-17 03:52 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-17 03:52 . 2009-04-17 03:52 -------- d-sh--w c:\documents and settings\Administrator\IETldCache
2009-04-17 03:45 . 2009-04-17 03:49 -------- dc-h--w c:\windows\ie8
2009-04-15 03:52 . 2009-04-15 03:52 -------- d-----r c:\program files\Norton Support
2009-04-11 01:18 . 2009-04-11 01:18 -------- d-----w c:\documents and settings\Administrator\MJRegWatcher
2009-04-10 23:16 . 2009-02-13 16:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-10 00:31 . 2009-04-10 00:31 -------- d-----w c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-04-10 00:31 . 2009-04-10 00:31 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations
2009-04-10 00:30 . 2009-04-10 00:30 36400 ----a-r c:\windows\system32\drivers\SymIM.sys
2009-04-10 00:30 . 2009-04-10 00:30 60808 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-04-10 00:30 . 2009-04-10 00:30 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-10 00:30 . 2009-04-10 00:30 -------- d-----w c:\program files\Symantec
2009-04-10 00:29 . 2009-04-10 00:29 -------- d-----w c:\windows\system32\drivers\N360
2009-04-10 00:29 . 2009-04-10 00:29 -------- d-----w c:\program files\Norton 360 Premier Edition
2009-04-10 00:20 . 2009-04-10 00:20 -------- d-----w c:\documents and settings\All Users\Application Data\PCSettings
2009-04-10 00:17 . 2009-04-10 00:20 -------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-04-10 00:17 . 2009-04-10 00:28 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-04-10 00:17 . 2009-04-10 00:17 -------- d-----w c:\program files\NortonInstaller
2009-04-04 05:36 . 2009-04-05 18:56 -------- d-----w c:\program files\Easy SpyRemover
2009-04-03 22:30 . 2009-04-03 22:31 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-04-03 22:30 . 2009-04-03 22:31 -------- d-----w c:\program files\iTunes
2009-04-03 22:22 . 2009-04-03 22:22 -------- d-----w c:\program files\Bonjour
2009-04-03 17:01 . 2008-08-14 10:09 2145280 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-03 17:01 . 2008-08-14 10:11 2189184 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-03 17:01 . 2008-08-14 09:33 2023936 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-03 17:01 . 2008-08-14 09:33 2066048 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-03 17:00 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-04-03 16:59 . 2008-12-11 10:57 333952 -c----w c:\windows\system32\dllcache\srv.sys
2009-04-03 16:50 . 2008-10-15 16:34 337408 -c----w c:\windows\system32\dllcache\netapi32.dll
2009-04-03 16:50 . 2008-09-04 17:15 1106944 -c----w c:\windows\system32\dllcache\msxml3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-02 22:43 . 2008-04-16 01:27 -------- d-----w c:\program files\DNA
2009-05-02 22:42 . 2005-02-10 14:48 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-02 19:40 . 2008-06-04 01:54 -------- d-----w c:\program files\Mozilla Thunderbird
2009-05-02 19:16 . 2009-01-12 02:49 -------- d-----w c:\program files\Orbitdownloader
2009-05-02 19:07 . 2009-04-17 03:57 438 ---ha-w c:\windows\Tasks\User_Feed_Synchronization-{BA7CB6CD-0601-49EF-B37B-19A3F2AFBBB5}.job
2009-05-01 04:37 . 2009-04-25 22:18 472 ----a-w c:\windows\Tasks\Ad-Aware Update (Weekly).job
2009-04-25 01:28 . 2008-12-04 04:14 -------- d-----w c:\program files\Mp3tag
2009-04-24 04:49 . 2005-02-10 15:27 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-24 01:42 . 2008-12-21 03:51 -------- d-----w c:\program files\Winamp
2009-04-11 05:28 . 2009-02-22 03:08 400 ----a-w c:\windows\Tasks\NSSstub.job
2009-04-10 00:55 . 2005-02-11 00:38 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-10 00:30 . 2009-04-10 00:30 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-04-10 00:30 . 2009-04-10 00:30 7386 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-05 22:07 . 2007-04-09 01:15 298 ----a-w c:\windows\Tasks\AppleSoftwareUpdate.job
2009-04-03 22:30 . 2007-09-03 14:50 -------- d-----w c:\program files\Common Files\Apple
2009-04-03 22:30 . 2005-02-12 04:34 -------- d-----w c:\program files\iPod
2009-04-03 21:42 . 2005-02-26 01:21 -------- d-----w c:\program files\Java
2009-03-31 00:39 . 2009-03-29 00:50 -------- d-----w c:\program files\SpywareBlaster
2009-03-26 00:25 . 2009-03-26 00:25 -------- d-----w c:\program files\Trend Micro
2009-03-25 02:39 . 2009-03-25 02:39 -------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-03-25 02:39 . 2009-03-25 02:39 -------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-03-25 02:38 . 2009-03-25 02:38 -------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-03-25 02:38 . 2009-03-25 02:38 -------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2009-03-25 00:06 . 2009-03-25 00:05 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-24 03:49 . 2005-03-04 06:59 -------- d-----w c:\program files\DivX
2009-03-24 03:48 . 2009-03-24 03:48 -------- d-----w c:\program files\Common Files\DivX Shared
2009-03-22 18:45 . 2008-09-16 00:18 -------- d-----w c:\program files\QuickTime
2009-03-22 03:55 . 2006-11-20 04:19 -------- d-----w c:\program files\Ares
2009-03-09 10:19 . 2008-12-09 03:55 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 09:34 . 2004-08-04 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 09:34 . 2004-08-04 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 09:33 . 2004-08-04 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 09:33 . 2004-08-04 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 09:32 . 2004-08-04 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 09:32 . 2004-08-04 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 09:31 . 2004-08-04 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 09:31 . 2004-08-04 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 09:31 . 2004-08-04 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 09:22 . 2004-08-04 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-02-15 01:24 . 2009-02-15 01:24 28672 ----a-w c:\windows\system32\ssconfig.exe
2009-02-15 01:24 . 2009-02-15 01:24 180224 ----a-w c:\windows\UninstallWSST.exe
2009-02-11 15:19 . 2009-03-25 00:05 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 15:19 . 2009-03-25 00:05 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-09 11:13 . 2004-08-04 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2007-03-17 20:12 . 2007-10-19 20:38 303104 ----a-w c:\program files\Common Files\lame_enc.dll
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-04-01 03:47 . 2009-03-31 02:54 324976 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"ares"="c:\program files\Ares\Ares.exe" [2009-02-03 1004544]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-10 37888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2007-04-09 19968]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2007-04-09 19456]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave2"= serwvdrv.dll
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\DNA\\btdna.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\GigaTribe\\gigatribe.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\SpywareBlaster\\spywareblaster.exe"=
"c:\\Program Files\\SDP Multimedia\\SDP Downloader\\SDP.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:Shareaza
"6346:UDP"= 6346:UDP:Shareaza
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"3728:TCP"= 3728:TCP:Gigatribe

R3 CamdDriverV32;CamdDriverV32;c:\windows\system32\drivers\CamdDriverV32.sys [2008-04-17 508544]
R3 CamdVideo32;CamdVideo32;c:\windows\system32\DRIVERS\CamdVideo32.sys [2008-04-17 3768]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2008-06-28 99352]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2008-06-28 555032]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2008-06-28 100888]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2008-06-28 100888]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2008-06-28 566296]
R3 Dnpiesam;Dnpiesam; [x]
R3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\Drivers\ICDUSB2.sys [2002-11-29 39048]
R3 ma763004;M-Audio MobilePre USB;c:\windows\system32\drivers\MA763004.sys [2005-11-09 32000]
R3 MDFSYSNT;MDFSYSNT; [x]
R3 nvmd;Neuratron Ltd - Virtual Midi Port SvcDesc(WDM);c:\windows\system32\drivers\nvmd2k.sys [2006-02-08 7680]
R3 tbcspud;Santa Cruz Driver; [x]
R3 tbcwdm;Santa Cruz WDM Driver; [x]
R3 vtdg46xx;vtdg46xx; [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-09 64160]
S0 MDPMGRNT;MDPMGRNT; [x]
S0 MrFilter;EasyWrite Driver; [x]
S0 ppa;Iomega Parallel Port Filter Driver;c:\windows\system32\DRIVERS\ppa.sys [2001-08-17 17792]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0300000.087\SYMEFA.SYS [2009-04-10 00:30 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0300000.087\BHDrvx86.sys [2009-04-10 00:30 258608]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0300000.087\ccHPx86.sys [2009-04-10 00:30 482352]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090501.001\IDSxpx86.sys [2009-04-10 276344]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
S2 MobilePreInstallerService;MobilePre Installer;c:\program files\M-Audio\MobilePre\Install\MPInst.exe [2005-06-15 49152]
S2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\3.0.0.135\ccSvcHst.exe [2009-04-10 115560]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2008-06-28 99352]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2008-06-28 555032]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2008-06-28 566296]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-04-10 101936]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-05-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]

2009-04-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-04-11 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-02-22 03:08]

2006-03-04 c:\windows\Tasks\TASKMAN.job
- c:\windows\TASKMAN.EXE [2005-02-09 12:00]

2009-05-02 c:\windows\Tasks\User_Feed_Synchronization-{BA7CB6CD-0601-49EF-B37B-19A3F2AFBBB5}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
- - - - ORPHANS REMOVED - - - -

ShellIconOverlayIdentifiers-Mediafour Mac Volume Icons - (no file)
ShellExecuteHooks-{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - (no file)


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = 192.168.2.1:80
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
Trusted Zone: allmusic.com
Trusted Zone: bizatlarge.net
Trusted Zone: buysusa.com
Trusted Zone: careerbuilder.com
Trusted Zone: conexis.com
Trusted Zone: hrblock.com
Trusted Zone: keithpurtell.com
Trusted Zone: macromedia.com
Trusted Zone: microsoft.com\office
Trusted Zone: monster.com
Trusted Zone: moveonpac.org
Trusted Zone: networksolutions.com
Trusted Zone: opm.gov\*.usajobs
Trusted Zone: songwriterstipjar.com
Trusted Zone: state.mo.us
Trusted Zone: usaa.com
Trusted Zone: wikipedia.org
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ky188m3.default\
FF - prefs.js: browser.search.selectedEngine - Orbit Search (Powered By Google)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/advanced_search?hl=en
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdrmv2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdsplay.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwmsdrm.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-02 17:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1614895754-1604221776-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c9,33,da,92,7e,f0,a6,49,91,ac,4c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c9,33,da,92,7e,f0,a6,49,91,ac,4c,\

[HKEY_USERS\S-1-5-21-1614895754-1604221776-725345543-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3372)
c:\program files\Common Files\Mediafour\1033\MACVICON.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Iomega\System32\AppServices.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
c:\program files\Iomega\AutoDisk\ADService.exe
c:\windows\system32\searchindexer.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-05-02 17:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-02 22:51

Pre-Run: 36,676,186,112 bytes free
Post-Run: 36,633,522,176 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
345 --- E O F --- 2009-04-03 21:00

#6 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:02:49 AM

Posted 03 May 2009 - 02:34 PM

Did you remove the entries with Malwarebytes' Anti-Malware? The scan shows that you didn't. Combofix also removed some malware, so if you did remove Dns changer with Malwarebytes' Anti-Malware, scan again and see if they came back. If they do, do you have an external harddrive or other storage media like a thumbdrive that only occasionally gets connected to the computer, that wasn't when the scans were done? Are you behind a router with other computers on the LAN? Are they having any problems?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#7 okiewild

okiewild
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 03 May 2009 - 07:11 PM

I didn't remove the things Malwarebytes found because that requires a reboot which re-installs them. Don't have any occasional drives, but I am behind a router with two other computers. They are not having any problems.

#8 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:02:49 AM

Posted 03 May 2009 - 08:05 PM

To reset TeaTimer so that it does not remember any previous entries:

1. Edit the entries that TeaTimer uses to automatically "Allow" or "Deny" changes that were based on the use of "Remember this decision" as follows:

* Right click on the TeaTimer system tray icon and select Settings. This will bring up TeaTimer's "White & Black List". There are four (4) Buttons across the top of the "White & Black List":
o Allowed processes
o Blocked processes
o Allowed registry changes
o Blocked registry changes

Note: If you don't see all four buttons, try expanding the window to the right.

* The entries that you should review are in "Allowed registry changes" and "Blocked registry changes". You can delete entries by clicking on the scripted black "X" to the right of the entry that you want to delete and then clicking the "OK" button when you're done. This will in effect make TeaTimer forget what you told it to remember so that during future changes to these items TeaTimer will issue a pop-up dialog rather then just a notification pop-up.

2. Reset TeaTimers snapshot files:

* TeaTimer takes snapshots of Registry entries and compares these with the Registry at startup. Until these snapshots are updated you are likely to get pop-ups (at startup) of changes you made in the past. In other words, TeaTimer attempts to return the Registry to the state it was in when the snapshot was taken. This happens primarily when you reboot the system. To refresh TeaTimer's snapshot files:
o Right click Spybot's TeaTimer System Tray Icon > click Exit Spybot-S&D Resident.
+ TeaTimer closes.
+ TeaTimer's snapshot files are refreshed at this time.
o Restart TeaTimer:
+ Using Windows Explorer, navigate to C:\Program Files\Spybot - Search & Destroy.
+ Double click TeaTimer.exe to start it.

Now run a full scan with Malwarebytes' Anti-Malware and remove the entries, then reboot windows and then run a full scan again. This time the entries shouldn't be restored.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#9 okiewild

okiewild
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 05 May 2009 - 09:13 PM

Hoov:

Partial progress. But I'm stumped. Right after I followed your recommended procedure and restarted, the normal screen came up without pop-ups. Woo-hoo! Haven't seen that in months!

But then the next time I shut down the PC and then started it up again, there was a pop-up!?
Your thoughts and recommendations?

#10 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:02:49 AM

Posted 05 May 2009 - 09:46 PM

Even more curious. Open Spybot in advanced mode. Go to the tools section and then to the resident section, and then uncheck the Teatimer box. Then close Spybot, run Malwarebytes' Anti-Malware and remove everything it finds. Then reboot a couple times and see if it comes back.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#11 okiewild

okiewild
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 06 May 2009 - 02:33 PM

Very odd. After following the steps and restarting, no pop-up. Restart again, pop-up returns.

(Also, this bug blocks the update function within Spybot, and blocks my Web browser from going to their home page to find some kind of update work-around.)

#12 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:02:49 AM

Posted 06 May 2009 - 03:34 PM

Update Malwarebytes' Anti-Malware and do a full scan, post the log. And then run a scan with combofix as before and post the log. Also if you have a router, do a reset of the router, (disconnect it from the internet first) and reset the password to something secure, and then reconnect it to the internet. Also reset IE

1. In Internet Explorer 7, click the Tools menu, and then click Internet Options.
2. On the Advanced tab, click Reset.
3. In the Reset Internet Explorer Settings dialog box, click Reset.
4. When Internet Explorer 7 finishes restoring the default settings, click Close, and then click OK two times.
5. Close Internet Explorer 7. The changes take effect the next time that you open Internet Explorer 7.

The Reset Internet Explorer Settings feature restores the following items to their default settings:

* Home pages
* Search scopes
* Browsing history
* Form data
* Passwords
* Appearance settings
* Toolbars
* ActiveX controls

Additionally, the Reset Internet Explorer Settings feature disables all add-ins. However, it does not remove the add-ins.

and also reset Firefox.

Close all instances of FireFox.
Go to the start button, then to all programs, then to Mozilla FireFox, then click the Firefox Safe Mode option.

Now you will get a popup window.

Check the slections,

Disable all addons
Reset Toolbars and Controls
Reset all your user preferences to FireFox Defaults
Restore Default Search Engines.

Then click the Make changes button and run Firefox and see if it runs fine now. Let me know.

Then see if Spybot will connect and update, if it does update, run a full scan with it, and repair any problems.

Then reboot 2 times and see if the problem comes back.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#13 okiewild

okiewild
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 08 May 2009 - 01:56 PM

Hoov:

When you say "And then run a scan with combofix as before..." does that include tinkering with TeaTimer before (or after) running combofix?

#14 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:02:49 AM

Posted 08 May 2009 - 07:22 PM

You need to turn it off, yes.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#15 okiewild

okiewild
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 08 May 2009 - 11:28 PM

This is the first log for Malwarbytes, set for both the C drive and the storage D drive, which I decided could be a hiding place. Next post will be ComboFix, but I didn't find a way for it to do both drives.

Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 5.1.2600 Service Pack 3

5/8/2009 5:37:29 PM
mbam-log-2009-05-08 (17-37-29).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 387865
Time elapsed: 2 hour(s), 47 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.139 85.255.112.121 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1968ff9b-8fa9-46c8-bf1b-2edd19d00cc7}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.139 85.255.112.121 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.139 85.255.112.121 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{1968ff9b-8fa9-46c8-bf1b-2edd19d00cc7}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.139 85.255.112.121 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.139 85.255.112.121 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{1968ff9b-8fa9-46c8-bf1b-2edd19d00cc7}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.139 85.255.112.121 1.2.3.4 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by okiewild, 09 May 2009 - 11:21 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users