Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search redirects and lots of Trojan horses blocked


  • This topic is locked This topic is locked
12 replies to this topic

#1 robynhaas

robynhaas

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 02 November 2010 - 09:41 AM

Running Windows XP on a Dell. My Norton 360 has been either blocking or identifying Trojan horse viruses. One of the recent files blocked was iexplorer.exe located in my temp folder. I've noticed that when I do searches in Google that instead of going to the link I click on, I'm taken to random pages or advertisements. I wasn't able to get dds.scr to run. The command screen opens and quickly disappears. I've disabled Norton Smart Firewall and Norton Antivirus Auto-protect prior to trying to run dds.scr.

I've attached the log from gmer. If someone can help me get the dds.scr to run and create a log, I would be grateful!

Thanks,

Robyn

Attached Files

  • Attached File  ark.txt   17.63KB   1 downloads

Edited by robynhaas, 02 November 2010 - 10:56 AM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:12 AM

Posted 09 November 2010 - 08:36 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    hlp.dat
    winlogon.exe
    wininit.exe
    explorer.exe
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 robynhaas

robynhaas
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 11 November 2010 - 04:10 PM

Thank you for responding! I tried running MalwareBytes since the original post. It seems to have found some problems but I'm not free of this virus yet. I've copied the results here:

OTL.txt:

----------------------------
OTL logfile created on: 11/11/2010 2:26:18 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Haas\My Documents\DownloadedSoftware\BleepingComputer
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 52.44 Gb Free Space | 70.39% Space Free | Partition Type: NTFS
Drive F: | 149.04 Gb Total Space | 128.53 Gb Free Space | 86.24% Space Free | Partition Type: NTFS
Drive G: | 495.11 Mb Total Space | 491.55 Mb Free Space | 99.28% Space Free | Partition Type: FAT32

Computer Name: OFFICE | User Name: Haas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/11 14:12:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Haas\My Documents\DownloadedSoftware\BleepingComputer\OTL.exe
PRC - [2010/09/02 14:00:28 | 000,235,472 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2010/09/02 13:48:16 | 000,108,496 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools Security\BDT\FGuard.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/25 18:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe
PRC - [2009/10/20 00:11:52 | 000,616,712 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2009/09/06 12:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2004/10/14 13:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe


========== Modules (SafeList) ==========

MOD - [2010/11/11 14:12:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Haas\My Documents\DownloadedSoftware\BleepingComputer\OTL.exe
MOD - [2010/09/20 13:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\asoehook.dll
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/11 23:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/11 23:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/02 14:00:28 | 000,235,472 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/08/30 07:03:22 | 001,145,816 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/08/26 10:39:46 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/15 12:02:36 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/25 18:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2009/09/06 12:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - [2010/11/01 21:23:03 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101101.054\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/11/01 21:23:01 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101101.054\NAVENG.SYS -- (NAVENG)
DRV - [2010/10/19 14:36:22 | 000,341,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101029.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/09/01 09:13:04 | 000,247,824 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/08/31 16:57:04 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101029.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/08/27 07:26:40 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/08/26 10:39:46 | 000,068,880 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/08/26 10:39:46 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/08/26 10:39:46 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010/08/18 12:51:26 | 000,237,632 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/07/27 07:08:33 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/07/26 00:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/07/26 00:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/07/16 13:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 13:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/05/05 22:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/28 23:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 21:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 20:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 20:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 18:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
DRV - [2010/02/03 19:40:47 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/07/21 10:30:48 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/03/06 10:51:14 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2006/05/10 14:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-18\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-21-448539723-362288127-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-448539723-362288127-725345543-1003\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-448539723-362288127-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-448539723-362288127-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:3.0.31.0
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:2.0.6
FF - prefs.js..keyword.URL: "http://search.fast-find.net/?sid=10101063100&s="

FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.search.order.1: "Google"
FF - user.js..keyword.URL: "http://search.fast-find.net/?sid=10101063100&s="

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\ [2010/07/30 10:30:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\ [2010/07/27 07:10:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2010/10/05 20:13:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/08 14:04:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/08 14:04:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2010/09/18 22:19:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins

[2010/09/18 22:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haas\Application Data\Mozilla\Extensions
[2010/09/18 22:19:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Haas\Application Data\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2010/11/01 22:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haas\Application Data\Mozilla\Firefox\Profiles\p50xqbmu.default\extensions
[2010/06/24 15:54:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Haas\Application Data\Mozilla\Firefox\Profiles\p50xqbmu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/20 19:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haas\Application Data\Mozilla\Firefox\Profiles\p50xqbmu.default\extensions\2020Player@2020Technologies.com
[2010/06/24 15:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haas\Application Data\Mozilla\Firefox\Profiles\p50xqbmu.default\extensions\firebug@software.joehewitt.com
[2010/09/18 22:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haas\Application Data\Mozilla\Sunbird\Profiles\z45avh9w.default\extensions
[2010/11/01 22:02:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/20 14:05:31 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/20 14:05:32 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2009/09/21 11:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
[2010/10/01 17:51:32 | 000,002,074 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2004/08/04 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-448539723-362288127-725345543-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Haas\Start Menu\Programs\Startup\restart_vs.lnk = D:\Viewsonic.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-448539723-362288127-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-448539723-362288127-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} http://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab (JordanUploader Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/29 15:52:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/10/07 10:49:31 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/10/29 21:35:30 | 000,000,072 | ---- | M] () - G:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/11/02 11:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Haas\Application Data\Malwarebytes
[2010/11/02 11:40:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/02 11:40:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/02 11:40:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/02 11:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/02 09:38:59 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/10/14 16:59:10 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/14 16:59:10 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/14 16:58:58 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/11 14:20:47 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/11 14:20:47 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/11 14:19:47 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/11/11 14:19:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/11 14:19:39 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/11 14:02:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\Updater.job
[2010/11/11 13:47:22 | 000,000,312 | -HS- | M] () -- C:\WINDOWS\tasks\XGTBWQS.job
[2010/11/11 13:47:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/03 20:33:33 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/11/03 20:33:33 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/11/03 20:33:33 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/11/03 20:33:33 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/11/03 20:33:33 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/11/03 20:33:33 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/11/03 20:33:33 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/11/03 20:33:33 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/11/02 22:30:05 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/02 14:14:39 | 080,811,620 | ---- | M] () -- C:\Documents and Settings\Haas\Desktop\regbackup2.reg
[2010/11/02 13:41:06 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/11/02 13:41:06 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/11/02 12:13:12 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/11/02 12:13:12 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/11/02 12:13:12 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/11/02 12:13:12 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/11/02 12:13:12 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/11/02 12:13:12 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/11/02 12:13:12 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/11/02 12:13:12 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/11/02 12:13:12 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/11/02 12:13:12 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/11/02 12:13:12 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/11/02 11:40:51 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/02 10:23:27 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/11/02 10:23:21 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/11/01 22:52:38 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/11/01 22:21:58 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Haas\defogger_reenable
[2010/11/01 21:38:21 | 000,663,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2010/10/17 22:59:54 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/17 14:43:11 | 000,000,334 | ---- | M] () -- C:\WINDOWS\LEXSTAT.INI
[2010/10/17 14:33:09 | 000,013,590 | ---- | M] () -- C:\WINDOWS\System32\235.js
[2010/10/17 14:20:00 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Haas\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/10/14 23:54:16 | 000,144,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/14 23:33:56 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/13 15:33:02 | 000,010,053 | ---- | M] () -- C:\WINDOWS\System32\234.js
[2010/10/13 08:40:38 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Haas\My Documents\baby shower.xls
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/02 14:14:25 | 080,811,620 | ---- | C] () -- C:\Documents and Settings\Haas\Desktop\regbackup2.reg
[2010/11/02 11:40:51 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/01 22:21:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Haas\defogger_reenable
[2010/10/27 17:30:39 | 000,561,778 | ---- | C] () -- C:\gx280a08.exe
[2010/10/17 14:33:09 | 000,013,590 | ---- | C] () -- C:\WINDOWS\System32\235.js
[2010/10/13 11:33:20 | 000,010,053 | ---- | C] () -- C:\WINDOWS\System32\234.js
[2010/10/13 08:40:37 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Haas\My Documents\baby shower.xls
[2010/10/05 20:13:01 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/10/04 20:01:46 | 000,067,072 | RHS- | C] () -- C:\WINDOWS\System32\mpnotifyt.dll
[2010/06/27 12:53:50 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Haas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/09 22:30:05 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2010/02/09 22:24:31 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2010/02/09 22:24:31 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2009/12/17 21:20:58 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/12/13 15:45:35 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2009/09/21 20:53:21 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/09/10 21:07:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/03 12:01:03 | 000,000,334 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2009/09/02 21:55:23 | 000,000,030 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2009/08/29 10:40:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 178 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A8E2C33
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84

< End of report >

----------------------------

Extras.txt

----------------------------
OTL Extras logfile created on: 11/11/2010 2:26:18 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Haas\My Documents\DownloadedSoftware\BleepingComputer
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 52.44 Gb Free Space | 70.39% Space Free | Partition Type: NTFS
Drive F: | 149.04 Gb Total Space | 128.53 Gb Free Space | 86.24% Space Free | Partition Type: NTFS
Drive G: | 495.11 Mb Total Space | 491.55 Mb Free Space | 99.28% Space Free | Partition Type: FAT32

Computer Name: OFFICE | User Name: Haas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\TEMP\alg.exe" = C:\WINDOWS\TEMP\alg.exe:*:Enabled:Application Layer Gateway Service -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\TEMP\alg.exe" = C:\WINDOWS\TEMP\alg.exe:*:Enabled:Application Layer Gateway Service -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0893078B-8A9A-84D6-D393-119B9B0B033A}" = CCC Help French
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0E2A60F7-2907-5718-FF16-7D8FAF70051E}" = CCC Help Chinese Standard
"{14FAE013-AE19-4FC9-B5BF-E56ADC01ECE6}" = CCC Help Turkish
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{17BB2784-6EE4-D7FF-FE63-58A3AD2B3708}" = CCC Help Russian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{233588CF-96D5-46AF-EF74-7EC382662791}" = Catalyst Control Center Graphics Full Existing
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{3260ECBC-9DDF-E7A3-0863-449473BC7BD5}" = CCC Help Chinese Traditional
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{39C6C229-CFFD-639E-229A-E463FCD87478}" = CCC Help German
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{48963B63-7A10-49D6-8B08-61E6132453D0}" = ViewSonic Monitor Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F11FC80-CE8C-1BD4-5C39-EBE5744E5135}" = CCC Help Portuguese
"{4FAB2BA7-E16C-95D2-F326-60A68409373F}" = Catalyst Control Center HydraVision Full
"{522C39C5-F781-49E5-AE1D-FE8A16B1A61A}" = Subversion
"{529AA9A8-5020-6CFB-A809-BC5943C87077}" = CCC Help Thai
"{53604297-26FD-516D-6FF7-1063BA64A0A4}" = Catalyst Control Center Graphics Light
"{53A19323-917A-4822-B27E-A57D1EF6E9FC}" = H&R Block Deluxe + Efile + State 2009
"{55BD3B0B-F054-9341-514F-295A5F7EA450}" = CCC Help Spanish
"{5A4FA9C8-ED56-08C3-153B-FC5C19256290}" = CCC Help Dutch
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C390D51-E5F0-4FCD-24C4-731ACAF34571}" = CCC Help Japanese
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6F29FA78-4E36-4888-A248-B324AE1396F8}" = H&R Block Kansas 2009
"{7AA8FA9A-1656-7DBD-633B-FE7A62BBED0C}" = CCC Help Czech
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}" = Apache HTTP Server 2.2.14
"{89C096A7-9A21-4402-9CD5-A09DA89551F0}" = PHP 5.2.11
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C22131B-8634-CECF-F0D1-A2ECC160B450}" = CCC Help Norwegian
"{8E49C988-C8F1-4197-AA6B-94E49751F5D7}" = Microsoft IntelliType Pro 6.3
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{90FBE4D0-2ACA-A8A8-2CC4-CFFBAE528504}" = CCC Help Finnish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C19FFB1-25FC-43FC-AC78-919E5E2A6DD0}" = TortoiseSVN 1.6.6.17493 (32 bit)
"{9D74375E-3012-E7D2-9229-B220C91F326A}" = Catalyst Control Center Core Implementation
"{9EE8BDCA-7505-4895-D91E-8108DD16292E}" = CCC Help English
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8AF8BD3-61B5-7945-4D1B-217421F604FC}" = CCC Help Hungarian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA46E1C5-A709-6D9B-D99D-92E4C6E042A9}" = CCC Help Korean
"{AA62A33C-9E5E-3913-7D88-7E58A8CB1493}" = CCC Help Greek
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B653F643-A1B4-9936-2DB6-FEA9A3110D8D}" = ccc-core-preinstall
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B71C4637-0247-78CE-6A3D-D61645CB8921}" = ccc-utility
"{BC2E7C0B-1AC6-5F6C-F31D-E1E72D8E0B5C}" = CCC Help Danish
"{BD01E97F-2A6A-495E-BE38-22C7B80F3CD7}" = Cheetah DVD Burner
"{BF8C7DA7-2DE6-ED67-6C82-6BE82F8BA8D3}" = Catalyst Control Center Graphics Full New
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C409F338-BB20-6C4A-F40D-20CA07AF714C}" = CCC Help Polish
"{C7DDA8E7-AD3D-4F51-AC1E-B0FF57002192}" = Microsoft IntelliPoint 6.3
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4B7B2DC-E688-A9D6-6EC0-56AE540E074C}" = Catalyst Control Center Localization All
"{D9CD701B-3F04-FC69-D974-F3A7F5E9BA30}" = CCC Help Swedish
"{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E213321B-1E88-B38D-DAB2-D8CB9355984A}" = Skins
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4148D8F-ED3A-3097-509C-04D5560220F9}" = ccc-core-static
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7E68997-E626-952B-A7BF-F72066CD5D77}" = Catalyst Control Center Graphics Previews Common
"{FA36C82B-464D-51F2-A6A1-0BC9140BE067}" = CCC Help Italian
"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows XP Signed Files
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Belarc Advisor" = Belarc Advisor 8.1
"Browser Defender_is1" = Browser Defender 3.0
"CAL" = Canon Camera Access Library
"CameraUserGuide-PSSD980IS_IXUS200IS" = Canon PowerShot SD980 IS_IXUS 200 IS Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Core FTP LE 2.1" = Core FTP LE 2.1
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"CSEHTMLVALIDATOR90_is1" = CSE HTML Validator Professional v9.03 Trial
"DVD-CLONER VI_is1" = DVD-CLONER V6.00 Build 978
"Flash Slideshow Maker Pro" = Flash Slideshow Maker Pro 4.74
"ie8" = Windows Internet Explorer 8
"Lexmark 640 Series" = Lexmark 640 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.5.13)" = Mozilla Firefox (3.5.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"N360" = Norton 360
"NVIDIA Drivers" = NVIDIA Drivers
"Pdf995" = Pdf995 (installed by H&R Block)
"PdfEdit995" = PdfEdit995 (installed by H&R Block)
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"Spyware Doctor" = Spyware Doctor 8.0
"SystemRequirementsLab" = System Requirements Lab
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinMerge_is1" = WinMerge 2.12.4
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-448539723-362288127-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"homeyNews" = Homey
"TWS Demo" = TWS Demo

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/2/2010 12:27:12 AM | Computer Name = OFFICE | Source = Application Error | ID = 1000
Description = Faulting application hexdump.exe, version 1.0.0.0, faulting module
hexdump.exe, version 1.0.0.0, fault address 0x00002c73.

Error - 11/2/2010 12:54:35 AM | Computer Name = OFFICE | Source = Application Error | ID = 1000
Description = Faulting application httpd.exe, version 2.2.14.0, faulting module
libapr-1.dll, version 1.3.9.0, fault address 0x00006d1c.

Error - 11/2/2010 11:44:56 AM | Computer Name = OFFICE | Source = Application Error | ID = 1000
Description = Faulting application drweb.exe, version 1.0.0.0, faulting module drweb.exe,
version 1.0.0.0, fault address 0x00001a21.

Error - 11/2/2010 2:14:53 PM | Computer Name = OFFICE | Source = Application Error | ID = 1000
Description = Faulting application httpd.exe, version 2.2.14.0, faulting module
libapr-1.dll, version 1.3.9.0, fault address 0x00006d1c.

Error - 11/2/2010 2:16:43 PM | Computer Name = OFFICE | Source = Application Error | ID = 1004
Description = Faulting application httpd.exe, version 2.2.14.0, faulting module
libapr-1.dll, version 1.3.9.0, fault address 0x00006d1c.

Error - 11/2/2010 3:42:39 PM | Computer Name = OFFICE | Source = Application Error | ID = 1000
Description = Faulting application httpd.exe, version 2.2.14.0, faulting module
libapr-1.dll, version 1.3.9.0, fault address 0x00006d1c.

Error - 11/2/2010 3:53:03 PM | Computer Name = OFFICE | Source = Application Error | ID = 1004
Description = Faulting application httpd.exe, version 2.2.14.0, faulting module
libapr-1.dll, version 1.3.9.0, fault address 0x00006d1c.

Error - 11/3/2010 10:33:38 PM | Computer Name = OFFICE | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not reliably determine the server's fully qualified domain name, using 127.0.0.1
for ServerName .

Error - 11/3/2010 10:35:22 PM | Computer Name = OFFICE | Source = Application Error | ID = 1000
Description = Faulting application httpd.exe, version 2.2.14.0, faulting module
libapr-1.dll, version 1.3.9.0, fault address 0x00006d1c.

Error - 11/11/2010 3:47:25 PM | Computer Name = OFFICE | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not reliably determine the server's fully qualified domain name, using 127.0.0.1
for ServerName .

[ System Events ]
Error - 11/2/2010 3:44:30 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7034
Description = The Apache2.2 service terminated unexpectedly. It has done this 1
time(s).

Error - 11/2/2010 4:09:05 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7034
Description = The WebClient service terminated unexpectedly. It has done this 1
time(s).

Error - 11/2/2010 4:09:08 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7034
Description = The TCP/IP NetBIOS Helper service terminated unexpectedly. It has
done this 1 time(s).

Error - 11/2/2010 4:09:08 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7031
Description = The Remote Registry service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.

Error - 11/2/2010 4:09:08 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7034
Description = The SSDP Discovery Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 11/3/2010 10:35:50 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7022
Description = The Apache2.2 service hung on starting.

Error - 11/3/2010 10:35:58 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7034
Description = The Apache2.2 service terminated unexpectedly. It has done this 1
time(s).

Error - 11/11/2010 3:48:38 PM | Computer Name = OFFICE | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 11/11/2010 3:49:36 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7022
Description = The Apache2.2 service hung on starting.

Error - 11/11/2010 3:49:36 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7034
Description = The Apache2.2 service terminated unexpectedly. It has done this 1
time(s).


< End of report >

----------------------------

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:12 AM

Posted 12 November 2010 - 04:25 AM

Hi,

please run ComboFix next:

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 robynhaas

robynhaas
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 12 November 2010 - 05:14 PM

Here is the combofix log. Thanks!

ComboFix 10-11-12.01 - Haas 11/12/2010 13:21:55.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1474 [GMT -6:00]
Running from: c:\documents and settings\Haas\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate
c:\documents and settings\Haas\Application Data\Start
c:\documents and settings\Haas\Application Data\Start\temp_20E5ACDA\flash.9.0.115.0.ocx
c:\program files\Mozilla Firefox\searchplugins\google_search.xml
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
((((((((((((((((((((((((( Files Created from 2010-10-12 to 2010-11-12 )))))))))))))))))))))))))))))))
.

2010-11-02 17:41 . 2010-11-02 17:41 -------- d-----w- c:\documents and settings\Haas\Application Data\Malwarebytes
2010-11-02 17:40 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-02 17:40 . 2010-11-02 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-02 17:40 . 2010-11-02 17:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-02 17:40 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-02 15:38 . 2010-11-02 15:38 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-10-27 23:30 . 2006-03-13 09:52 561778 ----a-w- C:\gx280a08.exe
2010-10-14 22:59 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-14 22:59 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-14 22:58 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-08 20:04 . 2009-10-22 02:19 398744 ----a-r- c:\windows\cpnprt2.cid
2010-10-08 20:04 . 2009-10-22 02:19 398744 ------w- c:\windows\system32\cpnprt2.cid
2010-09-18 17:23 . 2004-08-04 10:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 10:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 10:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 10:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-03 16:28 . 2010-10-05 18:47 87400 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-09-02 20:00 . 2010-10-06 02:13 739280 ----a-w- c:\windows\PCTBDRes.dll
2010-09-02 20:00 . 2010-10-06 02:13 1865680 ----a-w- c:\windows\PCTBDCore.dll
2010-09-01 16:21 . 2010-10-05 18:48 159296 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-09-01 15:13 . 2010-10-05 18:48 247824 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-09-01 11:51 . 2004-08-04 10:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-04 10:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-30 18:57 . 2010-10-06 02:13 767952 ----a-w- c:\windows\BDTSupport.dll
2010-08-27 13:26 . 2010-10-05 18:47 123968 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2010-08-27 13:26 . 2010-10-05 18:47 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-08-27 08:02 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-04 10:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 16:39 . 2010-10-06 02:12 68880 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-08-26 16:39 . 2010-10-06 02:12 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-08-26 16:39 . 2010-10-06 02:12 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-08-26 14:30 . 2010-10-06 02:13 2074 ----a-w- c:\windows\UDB.zip
2010-08-26 13:39 . 2004-08-04 10:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-09-03 12:48 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-04 10:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-23 14:36 . 2010-10-06 02:13 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-08-18 18:51 . 2010-10-05 18:48 237632 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-08-17 13:17 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-04 10:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-14 00:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-14 00:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-14 00:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-14 00:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-14 00:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-14 00:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-14 00:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-14 00:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-14 00:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-01-07 1496968]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-01-07 1468296]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-21 61440]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2010-09-02 108496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-11-16 113664]
Monitor Apache Servers.lnk - c:\program files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2009-9-28 41051]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [10/5/2010 12:48 PM 237632]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [10/5/2010 12:48 PM 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [10/5/2010 12:48 PM 656320]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [9/21/2010 2:45 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [9/21/2010 2:45 PM 173104]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [10/5/2010 8:12 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [10/5/2010 8:12 PM 68880]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101104.001\BHDrvx86.sys [11/3/2010 6:07 PM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [9/21/2010 2:45 PM 501888]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [10/5/2010 12:48 PM 247824]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [9/21/2010 2:45 PM 116784]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [10/5/2010 8:13 PM 235472]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccsvchst.exe [9/21/2010 2:44 PM 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/27/2010 7:51 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101111.001\IDSXpx86.sys [10/19/2010 2:36 PM 341880]
S2 Apache2.2;Apache2.2;c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [9/28/2009 10:41 PM 24645]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/18/2010 8:18 PM 136176]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [10/5/2010 12:47 PM 70536]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [10/5/2010 8:01 PM 366840]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [10/5/2010 8:12 PM 33552]
S3 ThreatFire;ThreatFire;c:\program files\PC Tools Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Security\TFEngine\TFService.exe service [?]
.
Contents of the 'Scheduled Tasks' folder

2010-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-19 02:17]

2010-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-19 02:17]

2010-11-12 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
FF - ProfilePath - c:\documents and settings\Haas\Application Data\Mozilla\Firefox\Profiles\p50xqbmu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.fast-find.net/?sid=10101063100&s=
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\PC Tools Security\BDT\Firefox\platform\WINNT_x86-msvc\components\libheuristic.dll
FF - plugin: c:\documents and settings\Haas\Application Data\Mozilla\Firefox\Profiles\p50xqbmu.default\extensions\2020Player@2020Technologies.com\plugins\NP2020Player.dll
FF - plugin: c:\program files\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.fast-find.net/?sid=10101063100&s=
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-12 13:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-448539723-362288127-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C7EC2FAA-CC00-8737-224C-F2C58580D7F1}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"nabgeijdmhbobjdampmdooglfeea"=hex:69,61,6d,6b,65,70,67,61,61,67,64,6e,61,63,
69,64,67,6a,00,00
"mahfcblelchmjegfifiocdomca"=hex:6a,61,65,68,69,6f,68,66,64,6d,6b,63,65,66,6f,
6e,70,6c,6c,6a,00,00
"fbehkoaenpmljimefmhlknniljgfclbgnodpppciedil"=hex:64,61,61,6c,6e,69,63,6f,00,
02

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C7EC2FAA-CC00-8737-224C-F2C58580D7F1}\InProcServer32*]
"gadghgfifkklfc"=hex:64,61,61,6c,6e,69,63,6f,00,02

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(824)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2010-11-12 13:49:06
ComboFix-quarantined-files.txt 2010-11-12 19:48

Pre-Run: 56,216,809,472 bytes free
Post-Run: 56,575,967,232 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 1C45AD178600C8DBC9B56119D343ED25

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:12 AM

Posted 14 November 2010 - 06:37 PM

Hi,

please run the following script:
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

firefox::
FF - ProfilePath - c:\documents and settings\Haas\Application Data\Mozilla\Firefox\Profiles\p50xqbmu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: keyword.URL - hxxp://search.fast-find.net/?sid=10101063100&s=

FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - prefs.js: keyword.URL - hxxp://search.fast-find.net/?sid=10101063100&s=


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

How is the PC doing?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 robynhaas

robynhaas
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 14 November 2010 - 11:44 PM

Things definitely seem better! In explorer, I couldn't view extensions of files even though I used to be able to see those. There wasn't a way to get to folder options when I was infected, but now I'm able to see more options and I can see all of my files and folders with the folder options I used to see. My Norton 360 hasn't been reacting and trying to block trojan horses.

ComboFix 10-11-12.01 - Haas 11/14/2010 22:11:19.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1456 [GMT -6:00]
Running from: c:\documents and settings\Haas\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Haas\Desktop\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((( Files Created from 2010-10-15 to 2010-11-15 )))))))))))))))))))))))))))))))
.

2010-11-12 19:53 . 2010-11-12 19:53 -------- d-----w- c:\documents and settings\Haas\Local Settings\Application Data\Symantec
2010-11-02 17:41 . 2010-11-02 17:41 -------- d-----w- c:\documents and settings\Haas\Application Data\Malwarebytes
2010-11-02 17:40 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-02 17:40 . 2010-11-02 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-02 17:40 . 2010-11-02 17:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-02 17:40 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-02 15:38 . 2010-11-02 15:38 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-10-27 23:30 . 2006-03-13 09:52 561778 ----a-w- C:\gx280a08.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-08 20:04 . 2009-10-22 02:19 398744 ----a-r- c:\windows\cpnprt2.cid
2010-10-08 20:04 . 2009-10-22 02:19 398744 ------w- c:\windows\system32\cpnprt2.cid
2010-09-18 17:23 . 2004-08-04 10:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 10:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 10:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 10:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-03 16:28 . 2010-10-05 18:47 87400 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-09-02 20:00 . 2010-10-06 02:13 739280 ----a-w- c:\windows\PCTBDRes.dll
2010-09-02 20:00 . 2010-10-06 02:13 1865680 ----a-w- c:\windows\PCTBDCore.dll
2010-09-01 16:21 . 2010-10-05 18:48 159296 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-09-01 15:13 . 2010-10-05 18:48 247824 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-09-01 11:51 . 2004-08-04 10:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-04 10:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-30 18:57 . 2010-10-06 02:13 767952 ----a-w- c:\windows\BDTSupport.dll
2010-08-27 13:26 . 2010-10-05 18:47 123968 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2010-08-27 13:26 . 2010-10-05 18:47 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-08-27 08:02 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-04 10:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 16:39 . 2010-10-06 02:12 68880 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-08-26 16:39 . 2010-10-06 02:12 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-08-26 16:39 . 2010-10-06 02:12 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-08-26 14:30 . 2010-10-06 02:13 2074 ----a-w- c:\windows\UDB.zip
2010-08-26 13:39 . 2004-08-04 10:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-09-03 12:48 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-04 10:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-23 14:36 . 2010-10-06 02:13 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-08-18 18:51 . 2010-10-05 18:48 237632 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-08-17 13:17 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-11-12_19.40.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-15 04:01 . 2010-11-15 04:01 16384 c:\windows\Temp\Perflib_Perfdata_7c0.dat
+ 2010-11-15 03:59 . 2010-11-15 03:59 16384 c:\windows\Temp\Perflib_Perfdata_7a4.dat
+ 2010-11-13 00:57 . 2010-11-15 04:02 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-08-30 00:25 . 2010-11-15 04:02 786432 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-30 00:25 . 2010-11-12 01:47 786432 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-30 00:25 . 2010-11-15 04:02 131072 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-08-30 00:25 . 2010-11-12 01:47 131072 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-14 00:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-14 00:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-14 00:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-14 00:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-14 00:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-14 00:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-14 00:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-14 00:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-14 00:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-01-07 1496968]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-01-07 1468296]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-21 61440]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2010-09-02 108496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-11-16 113664]
Monitor Apache Servers.lnk - c:\program files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2009-9-28 41051]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [10/5/2010 12:48 PM 237632]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [10/5/2010 12:48 PM 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [10/5/2010 12:48 PM 656320]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [9/21/2010 2:45 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [9/21/2010 2:45 PM 173104]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [10/5/2010 8:12 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [10/5/2010 8:12 PM 68880]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101104.001\BHDrvx86.sys [11/3/2010 6:07 PM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [9/21/2010 2:45 PM 501888]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [10/5/2010 12:48 PM 247824]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [9/21/2010 2:45 PM 116784]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [10/5/2010 8:13 PM 235472]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccsvchst.exe [9/21/2010 2:44 PM 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/27/2010 7:51 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101112.001\IDSXpx86.sys [10/19/2010 2:36 PM 341880]
S2 Apache2.2;Apache2.2;c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [9/28/2009 10:41 PM 24645]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/18/2010 8:18 PM 136176]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [10/5/2010 12:47 PM 70536]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [10/5/2010 8:01 PM 366840]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [10/5/2010 8:12 PM 33552]
S3 ThreatFire;ThreatFire;c:\program files\PC Tools Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Security\TFEngine\TFService.exe service [?]
.
Contents of the 'Scheduled Tasks' folder

2010-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-19 02:17]

2010-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-19 02:17]

2010-11-15 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
FF - ProfilePath - c:\documents and settings\Haas\Application Data\Mozilla\Firefox\Profiles\p50xqbmu.default\
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\PC Tools Security\BDT\Firefox\platform\WINNT_x86-msvc\components\libheuristic.dll
FF - plugin: c:\documents and settings\Haas\Application Data\Mozilla\Firefox\Profiles\p50xqbmu.default\extensions\2020Player@2020Technologies.com\plugins\NP2020Player.dll
FF - plugin: c:\program files\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-14 22:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-448539723-362288127-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C7EC2FAA-CC00-8737-224C-F2C58580D7F1}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"nabgeijdmhbobjdampmdooglfeea"=hex:69,61,6d,6b,65,70,67,61,61,67,64,6e,61,63,
69,64,67,6a,00,00
"mahfcblelchmjegfifiocdomca"=hex:6a,61,65,68,69,6f,68,66,64,6d,6b,63,65,66,6f,
6e,70,6c,6c,6a,00,00
"fbehkoaenpmljimefmhlknniljgfclbgnodpppciedil"=hex:64,61,61,6c,6e,69,63,6f,00,
02

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C7EC2FAA-CC00-8737-224C-F2C58580D7F1}\InProcServer32*]
"gadghgfifkklfc"=hex:64,61,61,6c,6e,69,63,6f,00,02

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(828)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(3808)
c:\windows\system32\WININET.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
Completion time: 2010-11-14 22:34:36
ComboFix-quarantined-files.txt 2010-11-15 04:34
ComboFix2.txt 2010-11-12 19:49

Pre-Run: 56,559,288,320 bytes free
Post-Run: 56,524,914,688 bytes free

- - End Of File - - 5332D159C67B3A86FBE6610CBA143DB0

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:12 AM

Posted 15 November 2010 - 04:20 AM

Hi,

can you give me an example of what Norton has been blocking?
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 robynhaas

robynhaas
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 16 November 2010 - 11:15 PM

Norton hasn't blocked anything since we started this clean-up process. Here is a log from Norton. Things seem to definitely be running better.

Category: Resolved Security Risks
Date & Time,Risk,Activity,Status,Recommended Action
11/11/2010 2:46 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
11/2/2010 10:41 AM,High,iexplorer.exe (Trojan Horse) detected by Auto-Protect,Quarantined,Resolved - No Action
11/2/2010 9:19 AM,High,iexplorer.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
11/2/2010 9:08 AM,High,iexplorer.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
11/2/2010 8:58 AM,High,iexplorer.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
11/2/2010 8:47 AM,High,iexplorer.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
11/2/2010 1:36 AM,High,tmp10.tmp (Downloader) detected by Virus scanner,Quarantined,Resolved - No Action
11/2/2010 1:36 AM,High,88.tmp (Trojan.Gen) detected by Virus scanner,Quarantined,Resolved - No Action
11/2/2010 1:35 AM,High,ynieg.dll (Trojan Horse) detected by Virus scanner,Quarantined,Resolved - No Action
11/2/2010 1:34 AM,High,b54wbiq.dll (Downloader) detected by Virus scanner,Quarantined,Resolved - No Action
11/2/2010 1:33 AM,High,raht4es.dll (Trojan Horse) detected by Virus scanner,Quarantined,Resolved - No Action
11/2/2010 1:14 AM,High,backup-20101005-133324-165.dll (Downloader) detected by Virus scanner,Quarantined,Resolved - No Action
11/2/2010 1:01 AM,High,iexplorer.exe (Trojan Horse) detected by Virus scanner,Quarantined,Resolved - No Action
11/1/2010 11:04 PM,High,20ab1f76-10a4e8a6 (Trojan.Zbot!gen10) detected by Virus scanner,Quarantined,Resolved - No Action
11/1/2010 10:25 PM,High,t1bxa.dll (Downloader) detected by Auto-Protect,Quarantined,Resolved - No Action
11/1/2010 10:23 PM,High,iexplorer.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
11/1/2010 10:15 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
11/1/2010 10:13 PM,High,iexplorer.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
11/1/2010 10:02 PM,High,iexplorer.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
11/1/2010 9:51 PM,High,iexplorer.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
11/1/2010 9:41 PM,High,iexplorer.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
11/1/2010 9:34 PM,High,iexplorer.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
11/1/2010 9:21 PM,High,iexplorer.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/17/2010 10:52 PM,High,3598142038.exe (Trojan Horse) detected by Download Insight,Quarantined,Resolved - No Action
10/17/2010 10:42 PM,High,1856741717.exe (Trojan Horse) detected by Download Insight,Quarantined,Resolved - No Action
10/17/2010 9:00 PM,High,1094292936.exe (Trojan Horse) detected by Download Insight,Quarantined,Resolved - No Action
10/17/2010 8:50 PM,High,3632821278.exe (Trojan Horse) detected by Download Insight,Quarantined,Resolved - No Action
10/17/2010 7:09 PM,High,2826204022.exe (Trojan Horse) detected by Download Insight,Quarantined,Resolved - No Action
10/17/2010 6:59 PM,High,1059022616.exe (Trojan Horse) detected by Download Insight,Quarantined,Resolved - No Action
10/17/2010 5:08 PM,High,3266036323.exe (Trojan Horse) detected by Download Insight,Quarantined,Resolved - No Action
10/17/2010 4:07 PM,High,3067131346.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/17/2010 2:25 PM,High,3928428880.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/14/2010 11:59 PM,High,568638472.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/14/2010 10:43 AM,High,3889038124.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/14/2010 10:33 AM,High,2138380420.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/14/2010 8:51 AM,High,846672564.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/14/2010 8:43 AM,High,638983610.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/14/2010 1:08 AM,High,2555796804.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/13/2010 2:15 PM,High,1420789490.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/13/2010 2:05 PM,High,3971349082.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/13/2010 12:34 PM,High,temp2.exe (temp2.exe) detected by SONAR,Quarantined,Resolved - No Action
10/13/2010 12:23 PM,High,3271047476.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/13/2010 12:13 PM,High,1526952272.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/13/2010 10:32 AM,High,838213166.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/13/2010 10:22 AM,High,3375022758.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/13/2010 10:09 AM,High,2167958650.exe (Trojan Horse) detected by Virus scanner,Quarantined,Resolved - No Action
10/13/2010 10:07 AM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
10/13/2010 9:36 AM,High,4203907198.exe (Trojan Horse) detected by Download Insight,Quarantined,Resolved - No Action
10/13/2010 9:33 AM,High,2715000948.exe (Trojan Horse) detected by Download Insight,Quarantined,Resolved - No Action
10/13/2010 8:29 AM,High,4203561994.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/13/2010 7:38 AM,High,1888540184.exe (Trojan Horse) detected by Download Insight,Quarantined,Resolved - No Action
10/13/2010 6:36 AM,High,1248540184.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/12/2010 9:12 PM,High,761737818.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/11/2010 10:38 PM,High,3892606176.exe (Trojan Horse) detected by Download Insight,Quarantined,Resolved - No Action
10/11/2010 9:37 PM,High,3560106176.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/10/2010 11:42 PM,High,544433844.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/10/2010 11:32 PM,High,3067337186.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/10/2010 10:42 PM,High,1180284126.exe (Trojan Horse) detected by Download Insight,Quarantined,Resolved - No Action
10/10/2010 9:40 PM,High,444971626.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/10/2010 7:07 PM,High,1435240506.exe (Trojan Horse) detected by Download Insight,Quarantined,Resolved - No Action
10/10/2010 6:57 PM,High,3974081348.exe (Trojan Horse) detected by Download Insight,Quarantined,Resolved - No Action
10/10/2010 5:17 PM,High,3757529742.exe (Trojan Horse) detected by Download Insight,Quarantined,Resolved - No Action
10/10/2010 4:14 PM,High,2045185992.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/10/2010 2:33 PM,High,966290636.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/10/2010 1:38 PM,High,1201236122.exe (Trojan Horse) detected by Download Insight,Quarantined,Resolved - No Action
10/10/2010 1:37 PM,High,654517372.exe (Trojan Horse) detected by Download Insight,Quarantined,Resolved - No Action
10/10/2010 12:33 PM,High,1404953418.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/9/2010 10:27 PM,High,247082714.exe (Trojan Horse) detected by Download Insight,Quarantined,Resolved - No Action
10/9/2010 9:25 PM,High,3556581260.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/9/2010 6:42 PM,High,17my1c.dll (Backdoor.Tidserv) detected by Auto-Protect,Quarantined,Resolved - No Action
10/9/2010 6:23 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
10/9/2010 6:17 PM,High,700313074.exe (Trojan Horse) detected by Download Insight,Quarantined,Resolved - No Action
10/9/2010 5:17 PM,High,273594324.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/9/2010 1:11 PM,High,1040625552.exe (Trojan Horse) detected by Download Insight,Quarantined,Resolved - No Action
10/9/2010 12:10 PM,High,678594302.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/9/2010 1:50 AM,High,1190643672.exe (Trojan Horse) detected by Download Insight,Quarantined,Resolved - No Action
10/9/2010 12:50 AM,High,1122206172.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/8/2010 7:27 PM,High,abi.exe (Trojan.FakeAV!gen29) detected by Auto-Protect,Quarantined,Resolved - No Action
10/8/2010 5:44 PM,Medium,tmp96.tmp (SecurityEssentialFraud) detected by Auto-Protect,Quarantined,Resolved - No Action
10/8/2010 5:42 PM,High,129826050.exe (Trojan Horse) detected by Download Insight,Quarantined,Resolved - No Action
10/8/2010 5:32 PM,High,2680073142.exe (Trojan Horse) detected by Download Insight,Quarantined,Resolved - No Action
10/8/2010 3:51 PM,High,2497115286.exe (Trojan Horse) detected by Download Insight,Quarantined,Resolved - No Action
10/8/2010 2:46 PM,High,3565363832.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/8/2010 2:07 PM,High,209938680.exe (Trojan Horse) detected by Download Insight,Quarantined,Resolved - No Action
10/8/2010 1:03 PM,High,1426312226.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/8/2010 12:58 PM,High,2738467022.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/8/2010 12:35 PM,High,2121181410.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/7/2010 9:53 PM,High,3973583232.exe (Trojan Horse) detected by Download Insight,Quarantined,Resolved - No Action
10/7/2010 9:02 PM,High,252867390.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/7/2010 8:51 PM,High,2985458232.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/7/2010 12:29 PM,High,2605981452.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/7/2010 12:19 PM,High,859854998.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/7/2010 10:38 AM,High,147990892.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/7/2010 10:28 AM,High,2699644234.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/7/2010 8:46 AM,High,1972780128.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/7/2010 8:36 AM,High,226966174.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/7/2010 8:25 AM,High,0.2144118460311033.exe (Adware.Lop) detected by Auto-Protect,Quarantined,Resolved - No Action
10/7/2010 7:46 AM,High,2150974160.exe (Trojan Horse) detected by Download Insight,Quarantined,Resolved - No Action
10/7/2010 6:46 AM,High,1707067910.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/6/2010 6:14 PM,High,hotfix.exe (Adware.Lop) detected by Auto-Protect,Quarantined,Resolved - No Action
10/6/2010 2:52 PM,High,1761624528.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/6/2010 2:42 PM,High,4287809120.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/6/2010 7:35 AM,High,ctfmon.exe (Trojan.FakeAV!gen32) detected by Auto-Protect,Blocked,Resolved - No Action
10/6/2010 12:23 AM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
10/6/2010 12:14 AM,High,1385309054.exe (Trojan Horse) detected by Download Insight,Quarantined,Resolved - No Action
10/6/2010 12:06 AM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
10/5/2010 11:12 PM,High,4148713850.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/5/2010 10:24 PM,High,1626173876.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/5/2010 10:14 PM,High,4173764718.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/5/2010 9:24 PM,High,2479524158.exe (Trojan Horse) detected by Download Insight,Quarantined,Resolved - No Action
10/5/2010 8:23 PM,High,1613117908.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/5/2010 7:42 PM,High,1588128802.exe (Trojan Horse) detected by Download Insight,Quarantined,Resolved - No Action
10/5/2010 6:49 PM,High,1488005256.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/5/2010 6:00 PM,High,127827196.exe (Trojan Horse) detected by Download Insight,Quarantined,Resolved - No Action
10/5/2010 3:06 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
10/5/2010 2:56 PM,High,1610883142.exe (Trojan Horse) detected by Download Insight,Quarantined,Resolved - No Action
10/5/2010 2:27 PM,High,3023357708.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/5/2010 2:26 PM,High,2133201458.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/5/2010 2:22 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
10/4/2010 11:37 PM,High,abg.exe (abg.exe) detected by SONAR,Quarantined,Resolved - No Action
10/4/2010 11:36 PM,High,1231489912.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/4/2010 10:47 PM,High,1537667234.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/4/2010 10:37 PM,High,4103226826.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/4/2010 10:37 PM,High,4071351826.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/4/2010 10:37 PM,High,4001508076.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/4/2010 9:48 PM,High,823811852.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/4/2010 9:24 PM,High,1663731904.exe (Trojan Horse) detected by Download Insight,Quarantined,Resolved - No Action
10/4/2010 9:14 PM,High,4072728996.exe (Trojan Horse) detected by Download Insight,Quarantined,Resolved - No Action
10/4/2010 9:06 PM,High,dkthd.exe (dkthd.exe) detected by SONAR,Removed,Resolved - No Action
10/4/2010 9:06 PM,High,dkthd.exe (dkthd.exe) detected by SONAR,Quarantined,Resolved - No Action
10/4/2010 9:05 PM,High,dkthd.exe (dkthd.exe) detected by SONAR,Quarantined,Resolved - No Action
10/4/2010 9:05 PM,High,xmuqper.exe (xmuqper.exe) detected by SONAR,Quarantined,Resolved - No Action
10/4/2010 9:04 PM,High,abj.exe (abj.exe) detected by SONAR,Quarantined,Resolved - No Action
10/4/2010 9:04 PM,High,abf.exe (abf.exe) detected by SONAR,Quarantined,Resolved - No Action
10/4/2010 9:04 PM,High,abf.exe (abf.exe) detected by SONAR,Quarantined,Resolved - No Action
10/4/2010 9:04 PM,High,abh.exe (abh.exe) detected by SONAR,Quarantined,Resolved - No Action
10/4/2010 9:03 PM,High,xmuqper.exe (xmuqper.exe) detected by SONAR,Quarantined,Resolved - No Action
10/4/2010 9:03 PM,High,xmuqper.exe (xmuqper.exe) detected by SONAR,Quarantined,Resolved - No Action
10/4/2010 8:12 PM,High,3043978996.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/4/2010 8:02 PM,High,1173477542.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/4/2010 8:01 PM,High,gdv8ri9w8avdwqw.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/4/2010 8:01 PM,High,940196292.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/4/2010 8:01 PM,High,vvqkfy[1].htm (Trojan.Gen) detected by Auto-Protect,Blocked,Resolved - No Action
10/4/2010 8:01 PM,High,vvqkfy[1].htm (Trojan.Gen) detected by Auto-Protect,Blocked,Resolved - No Action
10/4/2010 8:01 PM,High,f7kkmjfeb3z5673c.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/4/2010 8:01 PM,High,x4ra4ywo47az2xc.exe (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
10/4/2010 8:01 PM,High,vvqkfy[1].htm (Trojan.Gen) detected by Auto-Protect,Blocked,Resolved - No Action
10/4/2010 8:01 PM,High,vvqkfy[1].htm (Trojan.Gen) detected by Auto-Protect,Blocked,Resolved - No Action
10/4/2010 8:01 PM,High,wlgpqpig.exe (Trojan.Gen) detected by Auto-Protect,Blocked,Resolved - No Action
10/4/2010 8:01 PM,High,sornamwexc.tmp (Trojan.Gen) detected by Auto-Protect,Blocked,Resolved - No Action
10/4/2010 8:00 PM,High,awcesxrnmo.tmp (Trojan.FakeAV!gen30) detected by Auto-Protect,Blocked,Resolved - No Action
9/27/2010 5:31 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
9/20/2010 4:21 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
9/20/2010 3:40 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
9/20/2010 2:24 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
9/13/2010 11:20 AM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
9/6/2010 4:30 PM,High,swupdate.dll (Trojan.Gen) detected by Auto-Protect,Blocked,Resolved - No Action
9/5/2010 9:22 AM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
9/4/2010 7:23 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
8/31/2010 9:33 AM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
8/31/2010 8:57 AM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
8/29/2010 5:56 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
8/22/2010 3:24 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
8/21/2010 2:20 PM,High,Trojan Horse detected by Virus scanner,Quarantined,Resolved - No Action
8/21/2010 2:06 PM,High,Downloader detected by Virus scanner,Quarantined,Resolved - No Action
8/21/2010 2:06 PM,High,Downloader detected by Virus scanner,Quarantined,Resolved - No Action
8/21/2010 2:03 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
8/15/2010 12:48 AM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
8/12/2010 6:12 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
8/12/2010 5:44 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
8/12/2010 3:36 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
8/10/2010 10:12 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
8/10/2010 5:23 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
8/10/2010 4:53 PM,High,Trojan Horse detected by Virus scanner,Quarantined,Resolved - No Action
8/10/2010 4:53 PM,High,Trojan Horse detected by Virus scanner,Quarantined,Resolved - No Action
8/10/2010 4:53 PM,High,Trojan Horse detected by Virus scanner,Quarantined,Resolved - No Action
8/10/2010 4:53 PM,High,Trojan Horse detected by Virus scanner,Quarantined,Resolved - No Action
8/10/2010 4:53 PM,High,Trojan Horse detected by Virus scanner,Quarantined,Resolved - No Action
8/10/2010 4:53 PM,High,Trojan Horse detected by Virus scanner,Quarantined,Resolved - No Action
8/10/2010 4:47 PM,High,Trojan.Gen detected by Virus scanner,Quarantined,Resolved - No Action
8/10/2010 4:47 PM,High,Trojan.Gen detected by Virus scanner,Quarantined,Resolved - No Action
8/10/2010 4:42 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
8/3/2010 8:35 AM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
8/3/2010 8:17 AM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
7/27/2010 10:52 PM,High,17.exe (17.exe) detected by SONAR,Quarantined,Resolved - No Action
7/27/2010 10:52 PM,High,file.exe (file.exe) detected by SONAR,Quarantined,Resolved - No Action
7/25/2010 10:24 AM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
7/15/2010 8:21 PM,High,Downloader detected by Virus scanner,Quarantined,Resolved - No Action
7/15/2010 8:21 PM,High,Downloader detected by Virus scanner,Quarantined,Resolved - No Action
7/13/2010 11:50 PM,High,Trojan.Gen detected by Virus scanner,Quarantined,Resolved - No Action
7/13/2010 11:48 PM,High,Trojan.Gen detected by Virus scanner,Quarantined,Resolved - No Action
7/13/2010 11:43 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
7/5/2010 4:16 PM,High,Downloader detected by Virus scanner,Quarantined,Resolved - No Action
7/5/2010 3:30 PM,High,Downloader detected by Virus scanner,Quarantined,Resolved - No Action
7/5/2010 3:30 PM,High,Downloader detected by Virus scanner,Quarantined,Resolved - No Action
7/5/2010 3:30 PM,High,Downloader detected by Virus scanner,Quarantined,Resolved - No Action
7/5/2010 1:12 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
6/26/2010 8:57 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
6/19/2010 4:04 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
6/18/2010 6:03 PM,Medium,SpywareGuard2008 detected by Auto-Protect,Quarantined,Resolved - No Action
6/12/2010 1:24 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
6/4/2010 10:09 PM,Medium,SpywareGuard2008 detected by Auto-Protect,Quarantined,Resolved - No Action
6/3/2010 9:59 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
5/25/2010 8:53 PM,High,Downloader detected by Virus scanner,Quarantined,Resolved - No Action
5/25/2010 8:52 PM,High,Trojan.Mijapt detected by Virus scanner,Quarantined,Resolved - No Action
5/25/2010 8:52 PM,High,Trojan.Mijapt detected by Virus scanner,Quarantined,Resolved - No Action
5/25/2010 8:52 PM,High,Trojan.Mijapt detected by Virus scanner,Quarantined,Resolved - No Action
5/25/2010 8:52 PM,High,Trojan.Mijapt detected by Virus scanner,Quarantined,Resolved - No Action
5/25/2010 8:49 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
5/18/2010 6:38 PM,High,Trojan Horse detected by Virus scanner,Quarantined,Resolved - No Action
5/18/2010 6:38 PM,High,Trojan Horse detected by Virus scanner,Quarantined,Resolved - No Action
5/18/2010 6:38 PM,High,Trojan Horse detected by Virus scanner,Quarantined,Resolved - No Action
5/18/2010 6:34 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
5/11/2010 4:49 PM,High,Trojan Horse detected by Virus scanner,Quarantined,Resolved - No Action
5/11/2010 4:49 PM,High,Trojan Horse detected by Virus scanner,Quarantined,Resolved - No Action
5/11/2010 4:49 PM,High,Trojan Horse detected by Virus scanner,Quarantined,Resolved - No Action
5/11/2010 4:46 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
5/4/2010 2:59 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
4/25/2010 10:05 AM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
4/15/2010 11:35 AM,High,Trojan.ByteVerify detected by Virus scanner,Quarantined,Resolved - No Action
4/15/2010 11:35 AM,High,Trojan Horse detected by Virus scanner,Quarantined,Resolved - No Action
4/15/2010 11:31 AM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
4/7/2010 9:49 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
3/31/2010 4:11 PM,High,Downloader detected by Virus scanner,Quarantined,Resolved - No Action
3/31/2010 4:11 PM,High,Downloader detected by Virus scanner,Quarantined,Resolved - No Action
3/31/2010 4:11 PM,High,Downloader detected by Virus scanner,Quarantined,Resolved - No Action
3/31/2010 4:11 PM,High,Trojan Horse detected by Virus scanner,Quarantined,Resolved - No Action
3/31/2010 4:08 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
3/24/2010 1:15 PM,Low,Tracking Cookie detected by Virus scanner,Removed,Resolved - No Action
3/16/2010 8:58 PM,Low,Tracking Cookie detected by Virus scanner,Removed,Resolved - No Action
3/9/2010 4:27 PM,Low,Tracking Cookie detected by Virus scanner,Removed,Resolved - No Action
3/2/2010 2:28 PM,Low,Tracking Cookie detected by Virus scanner,Removed,Resolved - No Action
2/22/2010 9:18 PM,Low,Tracking Cookie detected by Virus scanner,Removed,Resolved - No Action
2/15/2010 3:28 PM,Low,Tracking Cookie detected by Virus scanner,Removed,Resolved - No Action
2/7/2010 11:07 PM,Low,Tracking Cookie detected by Virus scanner,Removed,Resolved - No Action
1/31/2010 4:32 PM,Low,Tracking Cookie detected by Virus scanner,Removed,Resolved - No Action
1/23/2010 9:51 PM,Low,Tracking Cookie detected by Virus scanner,Removed,Resolved - No Action
1/16/2010 7:22 PM,Low,Tracking Cookie detected by Virus scanner,Removed,Resolved - No Action
1/9/2010 5:48 PM,Low,Tracking Cookie detected by Virus scanner,Removed,Resolved - No Action
1/2/2010 4:11 PM,Low,Tracking Cookie detected by Virus scanner,Removed,Resolved - No Action
12/26/2009 12:56 PM,Low,Tracking Cookie detected by Virus scanner,Removed,Resolved - No Action
12/18/2009 7:32 PM,Low,Tracking Cookie detected by Virus scanner,Removed,Resolved - No Action
12/11/2009 5:49 PM,Low,Tracking Cookie detected by Virus scanner,Removed,Resolved - No Action
12/4/2009 2:41 PM,Low,Tracking Cookie detected by Virus scanner,Removed,Resolved - No Action
11/27/2009 12:56 PM,Low,Tracking Cookie detected by Virus scanner,Removed,Resolved - No Action
11/20/2009 11:10 AM,Low,Tracking Cookie detected by Virus scanner,Removed,Resolved - No Action
11/12/2009 11:06 PM,Low,Tracking Cookie detected by Virus scanner,Removed,Resolved - No Action
11/4/2009 11:05 PM,Low,Tracking Cookie detected by Virus scanner,Removed,Resolved - No Action
10/27/2009 11:19 PM,Low,Tracking Cookie detected by Virus scanner,Removed,Resolved - No Action
10/20/2009 8:35 PM,Low,Tracking Cookie detected by Virus scanner,Removed,Resolved - No Action
10/13/2009 12:39 PM,Low,Tracking Cookie detected by Virus scanner,Removed,Resolved - No Action
10/6/2009 11:00 AM,High,Trojan Horse detected by Virus scanner,Quarantined,Resolved - No Action
10/6/2009 11:00 AM,High,Trojan Horse detected by Virus scanner,Quarantined,Resolved - No Action
10/6/2009 11:00 AM,High,Trojan Horse detected by Virus scanner,Quarantined,Resolved - No Action
10/6/2009 10:38 AM,Low,Tracking Cookie detected by Virus scanner,Removed,Resolved - No Action
9/27/2009 10:20 PM,Low,Tracking Cookie detected by Virus scanner,Removed,Resolved - No Action
9/15/2009 10:45 PM,Low,Tracking Cookie detected by Virus scanner,Removed,Resolved - No Action

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:12 AM

Posted 17 November 2010 - 04:59 AM

Hi,

I'm happy to hear that.
Please run a scan with Eset to check for further leftovers:
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 robynhaas

robynhaas
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 18 November 2010 - 05:31 PM

Here is the log:

F:\Documents and Settings\Haas\My Documents\DownloadedSoftware\DVD-Cloner\Build 922\dcloner.exe probably a variant of Win32/TrojanDropper.Delf.HUYYLRH trojan deleted - quarantined

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:12 AM

Posted 22 November 2010 - 04:12 PM

Hi,

as a next step please update java:

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 22 (JDK or JRE)"
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u22-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Edited by myrti, 22 November 2010 - 04:20 PM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:12 AM

Posted 27 December 2010 - 07:55 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users