Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Total PC Defender Virus


  • This topic is locked This topic is locked
17 replies to this topic

#1 indygardengal

indygardengal

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 13 March 2010 - 10:40 AM

Have had this problems for a week after catching this Total PC Defender Virus. I am now running Comcast's Norton AV Suite and it didnt catch it nor can it clean it. I first noticed my Firefox browser being redirected, Now I cant update Spybot, Adaware, Malwarebytes, or Firefox. Norton is updating and running fine, but not catching it. Have just had Active Desktop Recovery pop up and that wont reset. Now noticing Lag and inability to process nearly anything, so Im rebooting alot. Had to open up IE to logon here as Firefox wont start.

Ive printed and read your instructions. Ran:
Defogger
D.D.S.
Gmer

Im really banging my head on my desk over this one. I would sincerely appreciate any help. Thank you in advance. Please ask any questions.

Sincerely, Tracy

___________________________

DDS (Ver_09-12-01.01) - NTFSx86
Run by Tracy at 8:42:19.96 on Sat 03/13/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1244 [GMT -5:00]

AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tracy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\3.8.0.41\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [stscgfx] rundll32.exe "c:\documents and settings\tracy\local settings\application data\stscgfx\stscgfx.dll", DllInit
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\vid.exe" -bootmode
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [EPSON Stylus Photo RX595 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticla.exe /fu "c:\docume~1\tracy\locals~1\temp\E_S181.tmp" /EF "HKCU"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mPolicies-system: EnableLUA = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 93.188.162.177,93.188.166.29
TCP: {510E6928-3D20-479F-A960-E7E1FC0BF188} = 93.188.162.177,93.188.166.29
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton security suite\engine\3.8.0.41\CoIEPlg.dll
Handler: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - c:\windows\system32\textwareilluminatorbaseProtocol.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tracy\applic~1\mozilla\firefox\profiles\ynkjgi4u.default\
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\tracy\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-8 64288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-3-1 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-3-1 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-3-1 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100310.001\IDSXpx86.sys [2010-3-10 329592]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1228208]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\3.8.0.41\ccSvcHst.exe [2010-3-1 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-3-4 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100312.037\NAVENG.SYS [2010-3-13 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100312.037\NAVEX15.SYS [2010-3-13 1324720]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-13 135664]
S3 PCIUtil;PCI Utility;\??\c:\docume~1\tracy\locals~1\temp\pciutil.sys --> c:\docume~1\tracy\locals~1\temp\PCIUtil.sys [?]

=============== Created Last 30 ================

2010-03-13 00:55:29 0 ----a-w- c:\documents and settings\tracy\defogger_reenable
2010-03-11 14:17:49 0 d-----w- c:\docume~1\tracy\applic~1\Malwarebytes
2010-03-11 14:17:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-11 14:17:32 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-11 14:17:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-11 14:17:30 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-11 13:25:32 0 d-----w- c:\program files\Trend Micro
2010-03-08 21:29:25 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-08 17:28:08 64288 ------w- c:\windows\system32\drivers\Lbd.sys
2010-03-08 17:15:59 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-06 20:22:18 2687512 ------w- c:\windows\system32\drivers\LV302V32.SYS
2010-03-06 20:21:51 199192 ------w- c:\windows\system32\lvci1201278.dll
2010-03-05 15:07:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Banner Maker Pro 7
2010-03-05 15:06:47 0 d-----w- c:\program files\Banner Maker Pro 7
2010-03-05 14:25:54 0 d-----w- c:\program files\Banner Maker Pro 8
2010-03-05 13:45:19 203324 ------w- c:\windows\XHeader Uninstaller.exe
2010-03-05 13:44:56 0 d-----w- c:\program files\XHeader
2010-03-05 13:44:56 0 d-----w- c:\program files\common files\Thraex Software
2010-03-02 00:52:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-03-01 12:52:39 26600 ------r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-01 12:52:39 107368 ------r- c:\windows\system32\GEARAspi.dll
2010-03-01 12:52:29 36400 ------r- c:\windows\system32\drivers\SymIM.sys
2010-03-01 12:52:20 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-03-01 12:52:20 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-03-01 12:52:20 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-03-01 12:52:20 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-03-01 12:52:20 0 d-----w- c:\program files\Symantec
2010-03-01 12:52:20 0 d-----w- c:\program files\common files\Symantec Shared
2010-03-01 12:50:40 0 d-----w- c:\windows\system32\drivers\N360
2010-03-01 12:50:39 0 d-----w- c:\program files\Norton Security Suite
2010-03-01 12:50:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-03-01 12:47:46 0 d-----w- c:\program files\NortonInstaller
2010-03-01 12:47:46 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-02-27 23:32:09 0 d-----w- c:\docume~1\tracy\applic~1\Facebook
2010-02-27 16:58:47 0 d-----w- c:\docume~1\tracy\applic~1\Flickr
2010-02-27 16:57:48 0 d-----w- c:\program files\Flickr Uploadr
2010-02-12 18:27:40 0 d-----w- c:\docume~1\tracy\applic~1\LimeWire
2010-02-12 18:27:29 0 d-----w- c:\program files\LimeWire

==================== Find3M ====================

2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 22:14:00 411368 ------w- c:\windows\system32\deploytk.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-10-16 12:16:21 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-12-01 20:26:00 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120120081202\index.dat

============= FINISH: 8:42:57.85 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:53 AM

Posted 14 March 2010 - 08:02 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 indygardengal

indygardengal
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 15 March 2010 - 12:01 PM

Thank you for your attention m0le. :} Since I posted my message I ran HitMan Pro and it allowed me to update my anti maleware programs and firefox. None of which were working. I have rerun the DDS and will post, but the GMER keeps locking up. I have no new GMER log to upload. I will not make any changes to my system from here on out unless you say so. I cant thank you enough for your help and I WILL be donating. Thanks again.

Tracy


DDS.txt


DDS (Ver_09-12-01.01) - NTFSx86
Run by Tracy at 10:31:15.89 on Mon 03/15/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1157 [GMT -4:00]

AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tracy\My Documents\My Downloads\Defogger.exe
C:\Documents and Settings\Tracy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\3.8.0.41\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\vid.exe" -bootmode
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [EPSON Stylus Photo RX595 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticla.exe /fu "c:\docume~1\tracy\locals~1\temp\E_S181.tmp" /EF "HKCU"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot
mPolicies-system: EnableLUA = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton security suite\engine\3.8.0.41\CoIEPlg.dll
Handler: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - c:\windows\system32\textwareilluminatorbaseProtocol.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tracy\applic~1\mozilla\firefox\profiles\ynkjgi4u.default\
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\tracy\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-8 64288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-3-1 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-3-1 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-3-1 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100312.001\IDSXpx86.sys [2010-3-14 329592]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1229232]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\3.8.0.41\ccSvcHst.exe [2010-3-1 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-3-4 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100314.003\NAVENG.SYS [2010-3-14 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100314.003\NAVEX15.SYS [2010-3-14 1324720]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-13 135664]
S3 PCIUtil;PCI Utility;\??\c:\docume~1\tracy\locals~1\temp\pciutil.sys --> c:\docume~1\tracy\locals~1\temp\PCIUtil.sys [?]

=============== Created Last 30 ================

2010-03-15 13:49:52 0 d-----w- c:\program files\Free Window Registry Repair
2010-03-14 21:43:29 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-14 21:31:37 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-14 20:41:03 538 ----a-w- c:\windows\system32\.crusader
2010-03-14 20:35:01 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-03-14 20:34:46 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-03-14 20:34:40 0 d-----w- c:\program files\Hitman Pro 3.5
2010-03-13 00:55:29 0 ----a-w- c:\documents and settings\tracy\defogger_reenable
2010-03-11 14:17:49 0 d-----w- c:\docume~1\tracy\applic~1\Malwarebytes
2010-03-11 14:17:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-11 14:17:32 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-11 14:17:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-11 14:17:30 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-11 13:25:32 0 d-----w- c:\program files\Trend Micro
2010-03-08 21:29:25 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-08 17:28:08 64288 ------w- c:\windows\system32\drivers\Lbd.sys
2010-03-08 17:15:59 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-06 20:22:18 2687512 ------w- c:\windows\system32\drivers\LV302V32.SYS
2010-03-06 20:21:51 199192 ------w- c:\windows\system32\lvci1201278.dll
2010-03-05 15:07:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Banner Maker Pro 7
2010-03-05 15:06:47 0 d-----w- c:\program files\Banner Maker Pro 7
2010-03-05 14:25:54 0 d-----w- c:\program files\Banner Maker Pro 8
2010-03-05 13:45:19 203324 ------w- c:\windows\XHeader Uninstaller.exe
2010-03-05 13:44:56 0 d-----w- c:\program files\XHeader
2010-03-05 13:44:56 0 d-----w- c:\program files\common files\Thraex Software
2010-03-02 00:52:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-03-01 12:52:39 26600 ------r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-01 12:52:39 107368 ------r- c:\windows\system32\GEARAspi.dll
2010-03-01 12:52:29 36400 ------r- c:\windows\system32\drivers\SymIM.sys
2010-03-01 12:52:20 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-03-01 12:52:20 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-03-01 12:52:20 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-03-01 12:52:20 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-03-01 12:52:20 0 d-----w- c:\program files\Symantec
2010-03-01 12:52:20 0 d-----w- c:\program files\common files\Symantec Shared
2010-03-01 12:50:40 0 d-----w- c:\windows\system32\drivers\N360
2010-03-01 12:50:39 0 d-----w- c:\program files\Norton Security Suite
2010-03-01 12:50:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-03-01 12:47:46 0 d-----w- c:\program files\NortonInstaller
2010-03-01 12:47:46 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-02-27 23:32:09 0 d-----w- c:\docume~1\tracy\applic~1\Facebook
2010-02-27 16:58:47 0 d-----w- c:\docume~1\tracy\applic~1\Flickr
2010-02-27 16:57:48 0 d-----w- c:\program files\Flickr Uploadr

==================== Find3M ====================

2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 22:14:00 411368 ------w- c:\windows\system32\deploytk.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-10-16 12:16:21 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-12-01 20:26:00 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120120081202\index.dat

============= FINISH: 10:31:53.68 ===============

Attached Files



#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:53 AM

Posted 15 March 2010 - 06:14 PM

There's nothing showing on any of the logs so let's try and shut down any remaining processes and see what comes out.

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


Then

Download and Run RKill

Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • Please post the resulting log in your next reply.

Finally please run Combofix

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Let me know how the PC is performing after Combofix has completed its run. smile.gif
Posted Image
m0le is a proud member of UNITE

#5 indygardengal

indygardengal
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 15 March 2010 - 08:50 PM

Thank you mOle. I ran exehelper, Rkill, then combo fix. Posted below are the logs. Loking good so far, but havent played around opening and using programs yet.

Tracy.

------------------
exeHelper by Raktor
Build 20091220
Run at 21:27:51 on 03/15/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

-------------------------------
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Tracy on 03/15/2010 at 21:29:59.


Processes terminated by Rkill or while it was running:


C:\Documents and Settings\Tracy\Desktop\rkill.pif


Rkill completed on 03/15/2010 at 21:30:02.

------------------------------------------------

ComboFix 10-03-15.04 - Tracy 03/15/2010 21:37:18.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1079 [GMT -4:00]
Running from: c:\documents and settings\Tracy\Desktop\ComFix.exe
AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\logs

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS


((((((((((((((((((((((((( Files Created from 2010-02-16 to 2010-03-16 )))))))))))))))))))))))))))))))
.

2010-03-15 13:49 . 2010-03-15 14:13 -------- d-----w- c:\program files\Free Window Registry Repair
2010-03-14 21:43 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-14 21:31 . 2010-03-14 21:31 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-14 20:35 . 2010-03-15 15:58 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-03-14 20:34 . 2010-03-14 20:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-03-14 20:34 . 2010-03-14 20:34 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-03-11 14:17 . 2010-03-11 14:17 -------- d-----w- c:\documents and settings\Tracy\Application Data\Malwarebytes
2010-03-11 14:17 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-11 14:17 . 2010-03-11 14:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-11 14:17 . 2010-03-13 02:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-11 14:17 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-11 13:25 . 2010-03-11 13:25 -------- d-----w- c:\program files\Trend Micro
2010-03-08 21:29 . 2010-03-14 21:31 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-08 17:28 . 2010-02-04 15:53 64288 ------w- c:\windows\system32\drivers\Lbd.sys
2010-03-08 17:15 . 2010-03-08 17:16 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-07 13:59 . 2010-03-07 13:59 -------- d-----w- c:\documents and settings\Tracy\Local Settings\Application Data\LogiShrd
2010-03-06 20:22 . 2009-04-30 22:55 2687512 ------w- c:\windows\system32\drivers\LV302V32.SYS
2010-03-06 20:21 . 2009-04-30 22:57 199192 ------w- c:\windows\system32\lvci1201278.dll
2010-03-06 20:20 . 2010-03-06 20:23 -------- d-----w- c:\program files\Logitech
2010-03-05 15:07 . 2010-03-05 15:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Banner Maker Pro 7
2010-03-05 15:06 . 2010-03-05 15:06 -------- d-----w- c:\program files\Banner Maker Pro 7
2010-03-05 14:26 . 2010-03-05 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-05 14:25 . 2010-03-05 14:56 -------- d-----w- c:\program files\Banner Maker Pro 8
2010-03-05 13:49 . 2010-03-05 13:55 -------- d-----w- c:\documents and settings\Tracy\Local Settings\Application Data\xheader-data
2010-03-05 13:45 . 2010-03-05 13:45 203324 ------w- c:\windows\XHeader Uninstaller.exe
2010-03-05 13:44 . 2010-03-05 13:44 -------- d-----w- c:\program files\XHeader
2010-03-05 13:44 . 2010-03-05 13:44 -------- d-----w- c:\program files\Common Files\Thraex Software
2010-03-02 00:52 . 2010-03-02 00:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-03-01 12:52 . 2010-03-01 12:51 26600 ------r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-01 12:52 . 2010-03-01 12:51 107368 ------r- c:\windows\system32\GEARAspi.dll
2010-03-01 12:52 . 2010-03-01 12:51 36400 ------r- c:\windows\system32\drivers\SymIM.sys
2010-03-01 12:52 . 2010-03-01 13:39 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-01 12:52 . 2010-03-01 12:52 -------- d-----w- c:\program files\Symantec
2010-03-01 12:52 . 2010-03-01 12:52 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-03-01 12:52 . 2010-03-01 12:52 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-03-01 12:50 . 2010-03-05 00:44 -------- d-----w- c:\windows\system32\drivers\N360
2010-03-01 12:50 . 2010-03-01 12:51 -------- d-----w- c:\program files\Norton Security Suite
2010-03-01 12:50 . 2010-03-01 12:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-03-01 12:47 . 2010-03-01 12:47 -------- d-----w- c:\program files\NortonInstaller
2010-03-01 12:47 . 2010-03-01 12:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-03-01 12:44 . 2010-03-01 12:44 128 ------w- c:\documents and settings\Tracy\Local Settings\Application Data\fusioncache.dat
2010-02-27 23:32 . 2010-02-27 23:32 -------- d-----w- c:\documents and settings\Tracy\Application Data\Facebook
2010-02-27 16:58 . 2010-02-27 16:58 -------- d-----w- c:\documents and settings\Tracy\Local Settings\Application Data\Flickr
2010-02-27 16:58 . 2010-02-27 16:58 -------- d-----w- c:\documents and settings\Tracy\Application Data\Flickr
2010-02-27 16:57 . 2010-02-27 16:58 -------- d-----w- c:\program files\Flickr Uploadr
2010-02-26 08:51 . 2010-02-26 08:51 -------- d-----w- c:\documents and settings\Tracy\Local Settings\Application Data\Temp
2010-02-25 02:41 . 2010-02-25 02:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-16 01:08 . 2008-04-27 05:25 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-03-15 21:05 . 2008-04-27 05:33 -------- d-----w- c:\program files\PeerGuardian2
2010-03-15 21:05 . 2008-04-27 05:37 -------- d-----w- c:\documents and settings\Tracy\Application Data\BitTorrent
2010-03-15 13:38 . 2008-04-27 13:57 -------- d-----w- c:\program files\CCleaner
2010-03-14 03:55 . 2009-11-26 17:16 -------- d-----w- c:\documents and settings\Tracy\Application Data\vlc
2010-03-13 02:46 . 2010-02-12 18:27 -------- d-----w- c:\documents and settings\Tracy\Application Data\LimeWire
2010-03-08 17:16 . 2008-04-27 05:20 -------- d-----w- c:\program files\Lavasoft
2010-03-06 20:22 . 2009-01-26 14:51 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-03-06 20:20 . 2009-01-26 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2010-03-05 14:36 . 2008-04-27 05:37 -------- d-----w- c:\documents and settings\Tracy\Application Data\DNA
2010-03-05 00:46 . 2009-01-26 15:16 -------- d-----w- c:\documents and settings\Tracy\Application Data\Skype
2010-03-05 00:44 . 2008-04-27 05:37 -------- d-----w- c:\program files\DNA
2010-03-02 21:35 . 2010-03-02 21:35 348160 ------w- c:\documents and settings\Tracy\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1004401f-n\msvcr71.dll
2010-03-02 21:35 . 2010-03-02 21:35 61440 ------w- c:\documents and settings\Tracy\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5432b3f6-n\decora-sse.dll
2010-03-02 21:35 . 2010-03-02 21:35 503808 ------w- c:\documents and settings\Tracy\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1004401f-n\msvcp71.dll
2010-03-02 21:35 . 2010-03-02 21:35 499712 ------w- c:\documents and settings\Tracy\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1004401f-n\jmc.dll
2010-03-02 21:35 . 2010-03-02 21:35 12800 ------w- c:\documents and settings\Tracy\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5432b3f6-n\decora-d3d.dll
2010-03-02 21:35 . 2008-04-27 14:15 -------- d-----w- c:\program files\Common Files\Java
2010-03-02 21:35 . 2008-04-27 14:16 -------- d-----w- c:\program files\Java
2010-03-01 12:52 . 2010-03-01 12:52 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-03-01 12:52 . 2010-03-01 12:52 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-03-01 12:51 . 2010-03-01 12:51 1291104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2010-03-01 12:51 . 2010-03-01 12:51 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2010-03-01 12:51 . 2010-03-01 12:51 776952 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2010-03-01 12:49 . 2008-09-07 14:49 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-02-27 23:32 . 2010-02-27 23:32 50354 ------w- c:\documents and settings\Tracy\Application Data\Facebook\uninstall.exe
2010-02-26 06:41 . 2010-02-26 06:41 847040 ------w- c:\documents and settings\Tracy\Application Data\Facebook\axfbootloader.dll
2010-02-26 06:41 . 2010-02-26 06:41 5582848 ------w- c:\documents and settings\Tracy\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-02-25 19:31 . 2010-02-25 19:31 1955624 ------w- c:\documents and settings\Tracy\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-02-13 18:37 . 2009-11-24 16:08 -------- d-----w- c:\program files\Google
2010-02-12 22:41 . 2010-03-16 01:43 558448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-02-12 19:06 . 2008-06-10 15:52 -------- d-----w- c:\documents and settings\Tracy\Application Data\Apple Computer
2010-02-12 18:27 . 2010-02-12 18:27 8192 ------w- c:\documents and settings\Tracy\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
2010-02-12 18:27 . 2010-02-12 18:27 20480 ------w- c:\documents and settings\Tracy\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
2010-02-12 18:27 . 2010-02-12 18:27 -------- d-----w- c:\program files\LimeWire
2010-02-11 17:27 . 2009-10-24 15:31 -------- d-----w- c:\documents and settings\Tracy\Application Data\WindSolutions
2010-02-11 17:27 . 2009-10-24 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\WindSolutions
2010-02-04 15:53 . 2010-03-08 17:15 2954656 -c----w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-04 13:49 . 2008-05-09 01:20 352024 ------w- c:\documents and settings\Tracy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-02 00:20 . 2010-03-16 01:43 165240 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2010-01-31 14:06 . 2008-04-27 03:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-31 14:06 . 2010-01-31 14:06 -------- d-----w- c:\program files\Ulead Systems
2010-01-22 08:18 . 2009-09-01 12:58 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 18:03 . 2010-01-20 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-01-20 18:03 . 2010-01-20 18:03 -------- d-----w- c:\documents and settings\Tracy\Application Data\Office Genuine Advantage
2009-12-31 16:50 . 2004-08-04 04:14 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-08-04 05:56 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 22:14 . 2009-02-12 18:06 411368 ------w- c:\windows\system32\deploytk.dll
2009-12-16 18:43 . 2008-04-27 03:18 343040 ----a-w- c:\windows\system32\mspaint.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-24 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-14 233472]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2009-12-18 624056]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-11-13 72192]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-03-14 5650240]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"<NO NAME>"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/8/2010 1:28 PM 64288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [3/1/2010 1:01 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [3/1/2010 1:01 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [3/1/2010 1:01 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSXpx86.sys [3/14/2010 7:42 PM 329592]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1229232]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [3/1/2010 1:01 PM 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/4/2010 12:42 PM 102448]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/13/2010 2:37 PM 135664]
S3 PCIUtil;PCI Utility;\??\c:\docume~1\Tracy\LOCALS~1\Temp\PCIUtil.sys --> c:\docume~1\Tracy\LOCALS~1\Temp\PCIUtil.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 22:56 451872 ------w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-03-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 21:31]

2010-03-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 18:37]

2010-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 18:37]

2010-03-16 c:\windows\Tasks\User_Feed_Synchronization-{B5413382-335F-4E51-B817-C25103B40CCB}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: internet
Trusted Zone: mcafee.com
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\documents and settings\Tracy\Application Data\Mozilla\Firefox\Profiles\ynkjgi4u.default\
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\Tracy\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-CmPCIaudio - CMICNFG3.cpl
SafeBoot-mcmscsvc
SafeBoot-MCODS



**************************************************************************

disk not found C:\

please note that you need administrator rights to perform deep scan
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(5952)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\Mixer.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Microsoft IntelliType Pro\dpupdchk.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-03-15 21:50:45 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-16 01:50

Pre-Run: 23,888,896,000 bytes free
Post-Run: 23,960,281,088 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 612024DA7A7BF49626991FB7C337F9D5


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:53 AM

Posted 15 March 2010 - 09:08 PM

Looks good. thumbup2.gif

Can you run an ESET online scan next please

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

Posted Image
m0le is a proud member of UNITE

#7 indygardengal

indygardengal
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 15 March 2010 - 09:09 PM

So far so good m0le. Browsers are working great and not redirecting. No lag in running programs. All this effort to find the problem showed me
how far behind I am in getting rid of unused programs and doing my general cleaning of hard drive. I want to say all is well and good and close this out......let me know. I know tomorrow Ill be giving the computer a workout and will really find out, but pretty much spent for tonight.

Again thanks for all your help. Please let me know know where to send brownies, flowers, or my sister's cousin's first born child. <grin>

Will be donating on payday.

Tracy

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:53 AM

Posted 15 March 2010 - 09:18 PM

Don't miss the ESET scan, I posted at the same time as you were posting I think.

It should be good and then we can do a clean-up. thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#9 indygardengal

indygardengal
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 15 March 2010 - 09:25 PM

I am running the ESET Scanner now. My IE locked up when trying to download it.....so all is not good yet. :{

Tracy

#10 indygardengal

indygardengal
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 16 March 2010 - 08:19 AM

Well I ran the scan and it took hours. It found 7 threats , BUT I forgot to save the text file. Duh!! It said it fixed them. Ill run the scan again. Im sorry. It was late and I wasnt thinking properly. :{

Tracy

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:53 AM

Posted 16 March 2010 - 01:39 PM

No problem, Tracy smile.gif
Posted Image
m0le is a proud member of UNITE

#12 indygardengal

indygardengal
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 16 March 2010 - 06:09 PM

Well the text file is lost and of course the threats didnt popup again with another scan. I remember seeing Trojan and bagel something, but cant recall WHERE they were located. Thought I would be working all day on the computer, but have been away and will do some work to find out if things are still acting up......so far so good. Let me know if theres anything else you want me to do.

Thank you m0le

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:53 AM

Posted 16 March 2010 - 06:14 PM

Okay, let's run a similar scan at BitDefender to be sure. This needs to be run with Internet Explorer.


First let's clear out the temp/cache/cookies

Please download ATF Cleaner by Atribune.
    Double-click ATF-Cleaner.exe to run the program.
    Under Main "Select Files to Delete" choose: Select All.
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

If you are using Firefox and this has caused page loading problems then please clear your private data. To do this go
to the Tools menu, select Clear Private Data, and then check Cache. Click Clear Private Data Now.

This could also be Clear Recent History or similar

Then close Firefox and then reopen it.


Then

To Clear the Java Runtime Environment (JRE) cache, do this:
  • Click Start > Settings > Control Panel.
  • Double-click the Java icon.
    -The Java Control Panel appears.
  • Click "Settings" under Temporary Internet Files.
    -The Temporary Files Settings dialog box appears.
  • Click "Delete Files".
    -The Delete Temporary Files dialog box appears.
    -There are three options on this window to clear the cache.
    • Delete Files
    • View Applications
    • View Applets
  • Click "OK" on Delete Temporary Files window.
    -Note: This deletes all the Downloaded Applications and Applets from the cache.
  • Click "OK" on Temporary Files Settings window.
  • Close the Java Control Panel.
You can also view these instructions along with screenshots here.


Now update Java

Old versions of Java are big doors to malware. JavaRa removes them and updates your version to the most current.

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

    Please make sure you turn on the Java Automatic Update Feature

    Then you will not have to remember to update it when Java introduces a new version.
    Java is updated very frequently, and the old versions are malware magnets.

    Note: This feature is available only on Windows XP, 2003, 2000 (SP2 or higher) and set by default for these operating systems.


Finally, the scan smile.gif

Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#14 indygardengal

indygardengal
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 16 March 2010 - 09:24 PM

My IE is not responding or working. :{

I have done all that you asked.
ATF cleaner
JavaRa -
BitDefender using Firefox, because IE wont work.

Bitdefender log: No Threats Yeah

------------------------------------------

BitDefender QuickScan Beta 32-bit v0.9.9.9
------------------------------------------

Scan date: Tue Mar 16 22:28:04 2010
Machine ID: 6CD9D7D1



No infection found.
---------------------


Processes
---------
<unsigned> FLEXnet Publisher (32 bit) 3692 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
<unsigned> LightScribe 1440 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
<unsigned> QuickBooks for Windows 1756 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

<verified> AcroTray - Adobe Acrobat Distiller help 2968 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
<verified> Apple Mobile Device Service 716 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
<verified> ArcSoft Connect 448 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
<verified> ArcSoft Connect 704 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
<verified> Bonjour 736 C:\Program Files\Bonjour\mDNSResponder.exe
<verified> Firefox 2208 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> Intel® Common User Interface 2788 C:\WINDOWS\system32\hkcmd.exe
<verified> Intel® Common User Interface 2888 C:\WINDOWS\system32\igfxpers.exe
<verified> Intel® Common User Interface 2880 C:\WINDOWS\system32\igfxsrvc.exe
<verified> Java™ Platform SE 6 U18 1384 C:\Program Files\Java\jre6\bin\jqs.exe
<verified> Logitech Webcam Software 1596 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
<verified> Microsoft IntelliPoint 3636 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
<verified> Microsoft IntelliPoint 1328 C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
<verified> Microsoft IntelliType Pro 3464 C:\Program Files\Microsoft IntelliType Pro\itype.exe
<verified> Microsoft® Windows® Operating System 3912 C:\WINDOWS\Explorer.EXE
<verified> Microsoft® Windows® Operating System 2392 C:\WINDOWS\System32\alg.exe
<verified> Microsoft® Windows® Operating System 1012 C:\WINDOWS\system32\csrss.exe
<verified> Microsoft® Windows® Operating System 2572 C:\WINDOWS\system32\ctfmon.exe
<verified> Microsoft® Windows® Operating System 1100 C:\WINDOWS\system32\lsass.exe
<verified> Microsoft® Windows® Operating System 1088 C:\WINDOWS\system32\services.exe
<verified> Microsoft® Windows® Operating System 932 C:\WINDOWS\System32\smss.exe
<verified> Microsoft® Windows® Operating System 1948 C:\WINDOWS\system32\spoolsv.exe
<verified> Microsoft® Windows® Operating System 484 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 660 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1716 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1568 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1468 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 1344 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1276 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 2064 C:\WINDOWS\system32\wbem\wmiapsrv.exe
<verified> Microsoft® Windows® Operating System 1044 C:\WINDOWS\system32\winlogon.exe
<verified> Mixer 2856 C:\WINDOWS\Mixer.exe
<verified> Nero BackItUp 1652 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
<verified> Realtek HD Audio Sound Effect Manager 2544 C:\WINDOWS\RTHDCPL.EXE
<verified> Symantec Security Technologies 1616 C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
<verified> Symantec Security Technologies 3560 C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
<verified> ThreatFire 744 C:\Program Files\ThreatFire\TFService.exe
<verified> ThreatFire 2156 C:\Program Files\ThreatFire\TFTray.exe
<verified> Windows Installer - Unicode 760 C:\WINDOWS\system32\msiexec.exe


Network activity
----------------
Process firefox.exe (2208) connected on port 80 (HTTP) - a96-17-229-115.deploy.akamaitechnologies.com
Process firefox.exe (2208) connected on port 80 (HTTP) - iw-in-f100.1e100.net
Process firefox.exe (2208) connected on port 80 (HTTP) - *.112.2o7.net
Process firefox.exe (2208) connected on port 80 (HTTP) - a173-223-76-20.deploy.akamaitechnologies.com

Process svchost.exe (1344) listens on ports: 135 (RPC)
Process QBCFMonitorService.exe (1756) listens on ports: 8019


Autoruns and critical files
---------------------------
<unsigned> QuickTime C:\Program Files\QuickTime\qttask.exe

<verified> AcroTray - Adobe Acrobat Distiller help C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
<verified> Ad-Aware Admin Application C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
<verified> Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
<verified> Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
<verified> ArcSoft Connect C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
<verified> Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
<verified> GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
<verified> Hitman Pro C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe
<verified> Intel® Common User Interface C:\WINDOWS\system32\hkcmd.exe
<verified> Intel® Common User Interface C:\WINDOWS\system32\igfxdev.dll
<verified> Intel® Common User Interface C:\WINDOWS\system32\igfxpers.exe
<verified> Intel® Common User Interface C:\WINDOWS\system32\igfxtray.exe
<verified> IntuitSyncManager C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe
<verified> Java™ Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
<verified> Logitech Vid C:\Program Files\Logitech\Logitech Vid\vid.exe
<verified> LWS.exe C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
<verified> Microsoft Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
<verified> Microsoft IntelliPoint C:\Program Files\Microsoft IntelliPoint\ipoint.exe
<verified> Microsoft IntelliType Pro C:\Program Files\Microsoft IntelliType Pro\itype.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
<verified> Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
<verified> Mixer C:\WINDOWS\Mixer.exe
<verified> Realtek HD Audio Sound Effect Manager C:\WINDOWS\RTHDCPL.EXE
<verified> ThreatFire C:\Program Files\ThreatFire\TFTray.exe
<verified> Windows® Internet Explorer C:\WINDOWS\system32\msfeedssync.exe
<verified> Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
<unsigned> Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
<unsigned> Broderbund Upload C:\Program Files\Internet Explorer\plugins\NPExpFTP.dll
<unsigned> Graphics Display Plugin C:\Program Files\Internet Explorer\plugins\NPEvery.dll
<unsigned> VLC Multimedia Plug-in C:\Program Files\VideoLAN\VLC\npvlc.dll

<verified> AcroIEHelper Library c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
<verified> Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
<verified> Adobe PDF Toolbar for IE c:\program files\adobe\acrobat 8.0\acrobat\acroiefavclient.dll
<verified> Adobe® Flash® Player ActiveX C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
<verified> BitDefender QuickScan C:\Documents and Settings\Tracy\Application Data\Mozilla\Firefox\Profiles/ynkjgi4u.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified> BitDefender QuickScan C:\Documents and Settings\Tracy\Application Data\Mozilla\Firefox\Profiles/ynkjgi4u.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> BitTorrent C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
<verified> DNA Plug-in C:\Program Files\DNA\plugins\npbtdna.dll
<verified> EPSON Web-To-Page c:\program files\epson\epson web-to-page\epson web-to-page.dll
<verified> Google Toolbar for Internet Explorer c:\program files\google\google toolbar\googletoolbar_32.dll
<verified> Google Update C:\Program Files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
<verified> GoogleToolbarNotifier c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
<verified> InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll
<verified> InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe
<verified> InstallShield Update Service C:\WINDOWS\Downloaded Program Files\isusweb.dll
<verified> Java Deployment Toolkit 6.0.180.7 C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
<verified> Java™ Platform SE 6 U18 c:\program files\java\jre6\bin\jp2ssv.dll
<verified> Java™ Platform SE 6 U18 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<verified> Messenger C:\Program Files\Messenger\msmsgs.exe
<verified> Microsoft Office 2003 C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
<verified> Microsoft® Windows Media Player Firefox C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
<verified> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> Norton Confidential c:\program files\norton security suite\engine\3.8.0.41\coieplg.dll
<verified> nppdf32.DEU C:\Program Files\Mozilla Firefox\plugins\nppdf32.DEU
<verified> nppdf32.FRA C:\Program Files\Mozilla Firefox\plugins\nppdf32.FRA
<verified> NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
<verified> RealPlayer Version Plugin C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
<verified> RealPlayer Version Plugin C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
<verified> RealPlayer™ G2 LiveConnect-Enabled P C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
<verified> RealPlayer™ G2 LiveConnect-Enabled P C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
<verified> sdhelper.dll c:\program files\spybot - search & destroy\sdhelper.dll
<verified> Shockwave for Director C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
<verified> Silverlight Plug-In C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll
<verified> Symantec Intrusion Detection c:\program files\norton security suite\engine\3.8.0.41\ipsbho.dll
<verified> Turner Media Plugin 1.0.0.10 C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
<verified> Windows Presentation Foundation C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
<verified> Yahoo! activeX Plug-in Bridge C:\Program Files\Yahoo!\Common\npyaxmpb.dll
<verified> Yahoo! Toolbar c:\program files\yahoo!\companion\installs\cpn\yt.dll


Scan
----
<unsigned> MD5: af120514060cb093243ebde7dfdc3296 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adistres.dll
<unsigned> MD5: 292f92469efb2fd402e00742c06d539d C:\Program Files\Bonjour\mdnsNSP.dll
<unsigned> MD5: fd08439a3b469ec87b20bd75819511b7 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll
<unsigned> MD5: 04c642bd6337263ffa95b8df48b46377 C:\Program Files\Common Files\Intuit\QuickBooks\CFScan.dll
<unsigned> MD5: 2241eaf40e472c471cb80cf6b97cca11 C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
<unsigned> MD5: 17996ca5c59259ae02ca95bd11d7beec C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
<unsigned> MD5: f5054c87e1035f7ece54b4ba7d32251f C:\Program Files\Common Files\LightScribe\LSLog.dll
<unsigned> MD5: d942f41c920ef342bca4800036a4e1fe C:\Program Files\Common Files\LightScribe\LSSProxy.dll
<unsigned> MD5: c215e09622118383b236dd56c2065183 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
<unsigned> MD5: d778107d7c2a19d7e7a884a9f0d79581 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
<unsigned> MD5: b6c33bc5e5497a5834202eaa69f2bb4d C:\Program Files\Internet Explorer\plugins\NPEvery.dll
<unsigned> MD5: dd165f4302b987948610d258f891f8b7 C:\Program Files\Internet Explorer\plugins\NPExpFTP.dll
<unsigned> MD5: f2f7b5173ba494fa23cd17e3e3027aa4 C:\Program Files\MagicISO\misosh.dll
<unsigned> MD5: 462e2f4886a0b389d4fda12a15f8219a C:\Program Files\Mozilla Firefox\freebl3.dll
<unsigned> MD5: 52d4d6ec27a57313ab9f90e242c3cfa4 C:\Program Files\Mozilla Firefox\nssdbm3.dll
<unsigned> MD5: a87b04299a14747bbcbe8cb4147612c2 C:\Program Files\Mozilla Firefox\softokn3.dll
<unsigned> MD5: 2d55c8aa289f2d6ec3d7722dc89ce625 C:\Program Files\PowerISO\PWRISOSH.DLL
<unsigned> MD5: 8cbd57d84729debee1e83cb5fa3e3d7a C:\Program Files\QuickTime\qttask.exe
<unsigned> MD5: 4db963e6585631b9829131fb5f2dd838 C:\Program Files\VideoLAN\VLC\npvlc.dll
<unsigned> MD5: 023707d932ba31314210e6844d33d500 C:\Program Files\WinRAR\RarExt.dll
<unsigned> MD5: f124f78e5fbf106fd61708d2ffc95469 C:\PROGRA~1\ZIPITF~1\ZFreeEx.dll
<unsigned> MD5: fc6427ffb3d95cf1bb9babe68baa8385 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
<unsigned> MD5: 3f46bc1429a8fd01f1808754310309d7 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll
<unsigned> MD5: b9a6dde053d32ae313e7fd295f14fc7f C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll
<unsigned> MD5: 4b423ddb78ab25bcd2ef9bb2f264cbd7 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
<unsigned> MD5: 1a7db7a00a4b0d8da24cd691a4547291 C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
<unsigned> MD5: 3e9a33113d663d8bd5ed38858e669652 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
<unsigned> MD5: 4928ab3a304ddf05c354de3807a4a66b C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
<unsigned> MD5: 686b224b4987c22b153fbb545fee9657 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
<unsigned> MD5: 9090454e6772f7cfbce240bf4dc5f7e8 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll


No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.01 MB sent, 0.22 KB recvd
Scanned 826 files and modules - 10 seconds



#15 indygardengal

indygardengal
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 16 March 2010 - 10:05 PM

I downloaded IE8. It removed older version and installed the latest, but it too is locking up. Theres a gremlin in my machine. :{




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users