Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Really difficult problem still present


  • This topic is locked This topic is locked
24 replies to this topic

#1 kspoor

kspoor

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 26 January 2011 - 12:53 PM

http://www.bleepingcomputer.com/forums/topic374839.html/page__gopid__2109027#entry2109027

- - -

DDS.txt file


DDS (Ver_10-12-12.02) - NTFSx86
Run by Michele at 8:55:03.81 on Wed 01/26/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.94 [GMT -5:00]

AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Michele\Desktop\dds.scr
C:\WINDOWS\system32\wuauclt.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: microsoft.com\v4.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1295466263625
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
Notify: umuwrlcc - umuwrlcc.dll
Notify: vtutqpo - vtutqpo.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\michele\applic~1\mozilla\firefox\profiles\561hx8l8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\IPSFFPlgn
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-9-21 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-9-21 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\bashdefs\20110114.001\BHDrvx86.sys [2011-1-20 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-9-21 501888]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-1-19 98392]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-9-21 116784]
R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-8-25 91456]
R2 N360;Norton 360;c:\program files\norton 360\engine\4.3.0.5\ccsvchst.exe [2010-9-21 126392]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2010-9-30 1051968]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-2-6 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-13 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\ipsdefs\20110118.001\IDSXpx86.sys [2011-1-20 341944]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2010-2-25 10064]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2010-8-25 6016]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2010-8-25 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2010-8-25 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-8-25 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2010-8-25 9472]
S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20110119.037\NAVENG.SYS [2011-1-20 86008]
S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20110119.037\NAVEX15.SYS [2011-1-20 1360760]

=============== Created Last 30 ================

2011-01-25 15:50:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-25 15:49:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-25 15:49:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-20 19:08:41 98816 ----a-w- c:\windows\sed.exe
2011-01-20 19:08:41 89088 ----a-w- c:\windows\MBR.exe
2011-01-20 19:08:41 256512 ----a-w- c:\windows\PEV.exe
2011-01-20 19:08:41 161792 ----a-w- c:\windows\SWREG.exe
2011-01-20 19:08:04 -------- d-s---w- C:\ComboFix
2011-01-20 14:00:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-01-19 18:42:04 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-19 18:42:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-19 18:42:02 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-01-19 18:16:25 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2011-01-19 18:16:24 30016 ----a-w- c:\windows\system32\uxtuneup.dll
2011-01-19 18:15:32 -------- d-----w- c:\docume~1\michele\applic~1\TuneUp Software
2011-01-19 18:15:03 -------- d-----w- c:\program files\TuneUp Utilities 2010
2011-01-19 18:14:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\TuneUp Software
2011-01-19 18:14:21 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2011-01-19 13:52:39 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-01-19 13:52:39 27984 ----a-w- c:\windows\system32\sbbd.exe
2011-01-19 13:51:34 -------- d-----w- C:\VIPRERESCUE
2011-01-19 13:23:18 -------- d-----w- c:\docume~1\michele\applic~1\Malwarebytes
2011-01-19 13:22:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-01-19 13:19:35 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-01-19 13:19:35 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll

==================== Find3M ====================

2010-12-02 01:53:50 4704 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-12-02 01:53:47 104 --sh--r- c:\windows\system32\64ADFFF807.sys

============= FINISH: 8:56:26.46 ===============

- - -

GMER log

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-26 12:46:30
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD400VE-75HDT1 rev.11.07D11
Running: gmer.exe; Driver: C:\DOCUME~1\Michele\LOCALS~1\Temp\uwldypow.sys


---- System - GMER 1.0.15 ----

SSDT 81FB9268 ZwAlertResumeThread
SSDT 81FB9348 ZwAlertThread
SSDT 81FB9C58 ZwAllocateVirtualMemory
SSDT 8141C9D8 ZwAssignProcessToJobObject
SSDT 82080188 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xA960C210]
SSDT 8141CF80 ZwCreateMutant
SSDT 8141C7F8 ZwCreateSymbolicLinkObject
SSDT 81A3B340 ZwCreateThread
SSDT 8141CAB8 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xA960C490]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA960C9F0]
SSDT 81FB9E28 ZwDuplicateObject
SSDT 81FB9A78 ZwFreeVirtualMemory
SSDT 81FB90A8 ZwImpersonateAnonymousToken
SSDT 81FB9188 ZwImpersonateThread
SSDT 81C5D818 ZwLoadDriver
SSDT 81FB9978 ZwMapViewOfSection
SSDT 8141CEA0 ZwOpenEvent
SSDT 81FB9008 ZwOpenProcess
SSDT 81FB9D48 ZwOpenProcessToken
SSDT 8141CCE0 ZwOpenSection
SSDT 81FB9F18 ZwOpenThread
SSDT 8141C8E8 ZwProtectVirtualMemory
SSDT 81FB9428 ZwResumeThread
SSDT 81FB96C8 ZwSetContextThread
SSDT 81FB97A8 ZwSetInformationProcess
SSDT 8141CB98 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA960CC40]
SSDT 8141CDC0 ZwSuspendProcess
SSDT 81FB9508 ZwSuspendThread
SSDT 81A53430 ZwTerminateProcess
SSDT 81FB95E8 ZwTerminateThread
SSDT 81FB9898 ZwUnmapViewOfSection
SSDT 81FB9B68 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 25A8 80501DE0 4 Bytes CALL 06D15FAD
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD135 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E49D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4EF0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD135 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E49D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2256] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4EF0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2516] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2516] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2516] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2516] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2516] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2516] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2516] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E49D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2516] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2516] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \FileSystem\Fastfat \Fat A7B2BD20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\9Q1EVHV2\mckinley-pdsm[1].jpg 4808 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\9Q1EVHV2\mckinley-pd[1].jpg 17533 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\9Q1EVHV2\mq4m_myplaces[1].png 14152 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\9Q1EVHV2\mqa.module.gaspricestogglecontrol[1].css 56 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\9Q1EVHV2\shared[1].js 40729 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\9Q1EVHV2\shopping[1].png 1541 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\9Q1EVHV2\show_ads[1].js 52558 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\9Q1EVHV2\skater1[1].jpg 103724 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\9Q1EVHV2\spider[1].jpg 23431 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\9Q1EVHV2\sprite_locations[1].gif 4100 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\9Q1EVHV2\spr_apps_us[1].png 3882 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\9Q1EVHV2\stop_0[1].gif 597 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\9Q1EVHV2\support.product[1].css 2626 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\9Q1EVHV2\tamparetirementsm[1].jpg 5540 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\9Q1EVHV2\teenpilot_vmsm[1].jpg 1853 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\9Q1EVHV2\tips_y[1] 52 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\9Q1EVHV2\tips_Y[2] 52 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\9Q1EVHV2\promo_bar[1].htm 11401 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\9Q1EVHV2\p[1].gif 43 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\9Q1EVHV2\p_706712582=1[1].txt 0 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\9Q1EVHV2\p_706712582=8[1].txt 0 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\9Q1EVHV2\netflix_32x32_40288b13290091e401291eeac54f052c[1].png 3866 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\9Q1EVHV2\node_delta_bar_back[1].jpg 314 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\9Q1EVHV2\NOF_160x600_SubLoad[1].swf 65762 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\9Q1EVHV2\noscript[1].css 77 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\9Q1EVHV2\opry1[1].jpg 16602 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\9Q1EVHV2\yregbase_sec_ui_1_9[1].css 11776 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\9Q1EVHV2\q1444824056_6104[1].jpg 2491 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\9Q1EVHV2\q[1].gif 43 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\9Q1EVHV2\r8625b2w[1].css 774 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\9Q1EVHV2\RoutingVersion[1].txt 105 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\9Q1EVHV2\scotttrade_fullbutton[1].gif 2444 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\9Q1EVHV2\screen[1].css 63902 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\9Q1EVHV2\like_icon[1].gif 2041 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\9Q1EVHV2\loader.js[1].pre$locale=en_US&profile=dotcom2-mymqheader 74334 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\9Q1EVHV2\overlay_bg[1].png 26402 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\9Q1EVHV2\PhotoAlbum7[1].jpg 3308 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\9Q1EVHV2\pixel[1].gif 42 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\9Q1EVHV2\poles1[1].jpg 17666 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\9Q1EVHV2\volvo_s60_yahoo[1].jpg 2786 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\BEOJLMMG\ptosponsors[1].gif 4184 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\BEOJLMMG\tile150x200[1].png 8641 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\BEOJLMMG\tile_back[1].png 26440 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\BEOJLMMG\toparts-e7f1ef431f6f-sm[1].jpg 1080 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\BEOJLMMG\trans[1].gif 44 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\BEOJLMMG\twitter_20100602[1].gif 425 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\BEOJLMMG\uh_sprites_1.5-1.0.3[1].png 3058 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\BEOJLMMG\uh_sprites_1.5-1.0.3[2].png 3058 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\BEOJLMMG\google_custom_search_watermark[1].gif 1367 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\BEOJLMMG\virusresults[1].html 15984 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\BEOJLMMG\Vonage_Smile14.99_NC%20_160x600[1].swf 37426 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\BEOJLMMG\warstorm-banner-warstormblueguy120100908-1284168032507[1].png 5980 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\BEOJLMMG\wikibits[1].js 31311 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\BEOJLMMG\WORD_LOOKUP_DIALOG[1] 1656 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\BEOJLMMG\xd_receiver[2].htm 374 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\BEOJLMMG\ybang_logo_small[1].gif 444 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\BEOJLMMG\_all_adc_yui[1].js 78178 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\BEOJLMMG\UnisexFace8[1].swf 0 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\globe224[1].png 110699 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\greenbarX3[1].png 209 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\guy_envelope_ocean[1].gif 3177 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\Haiti_BG_2[2].png 75671 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\header-current-offer[1].jpg 5413 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\app_2_122753887736842_1500[1].gif 3230 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\app_2_2254487659_1473[1].gif 3649 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\app_4_2359239297_9159[1].gif 253 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\app_full_proxy[1].gif 3973 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\arrow-right[1].png 184 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\quant[1].js 5043 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\reset_2.0.0-b4[1].css 437 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\rs_right_sm[1].gif 767 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\screen[1].css 1972 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\cae3cf873ff386f7d1d06ff235003fae[1].png 9594 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\Card2_MQTraffic[1].png 21258 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\Card5_MQSend[1].png 3880 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\carfinder_20080114a[1].png 19651 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\plugins.combined.min[1].js 87017 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\portal-break[1].png 242 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\preview-br[1].gif 66 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\t640095384_10150208006915385_1503[1].jpg 5082 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\tn[1].jpg 4172 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\tn[2].jpg 3912 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\toparts-9e683a4f3ea7-sm[1].jpg 1352 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\blank[1] 43 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\blank[1].html 716 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\btn-buildprice-off[1].jpg 2842 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\btn-find-dealer-off[1].jpg 1237 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\BTN_play[1].png 4658 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\bz2c8vl5[1].png 151 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\marker[1].png 858 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\nothing[1].gif 44 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\No_Ordinary_Family_160x600_imu[1].swf 38833 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\om-min[1].js 18517 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\pg_569_ABSENCE%20REPORTING[1].doc 30720 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\mapCAWJ71H1.jpg 12278 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\map[4].jpg 10347 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\map[5].jpg 10409 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\map[9].jpg 11142 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\d0a01d726e8422a0ecfb1265908e5d82[1].png 7900 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\data[1].css 4946 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\data_sync[1].htm 26 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\ea1358ec48203a0d727a70833140916d[1].mp3 83908 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\eafd6f8389f76d8fa412bf42f7b404ed[1].png 11866 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\eec71b57d980d5826a4accd5b3739691[1].swf 8398 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\ejut8v2y[1].gif 1900 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\f338a0d55150ab2e2eae7c794c52ad49[1].png 13918 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\fbzbar_bg[1].png 37634 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\fcd468679c2ed8b0933788801f39b5f4[1].swf 41467 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\fd9f310bee2047fa[1].js 16755 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\FeatureLoader.js[1].php 18411 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\first_degree[1].php 20676 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\uploader-2_7[1].swf 6920 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\util[1].js 3106 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\Vector.combined.min[1].js 11384 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\ycw.v4c[1].js 3611 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\yellowBox[1].png 50076 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\combo[1] 51675 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\combo[2] 6533 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\combo[3] 39438 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\common[1].css 9659 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\common_bgs_20080305a[1].png 6074 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\crafting.xml[1].gz 0 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\first_degree[3].php 71079 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\first_degree[4].php 20676 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\fixH1Size[1].js 3701 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\fonts_2.0.0-b4[1].css 319 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\foresee-surveydef[1].js 7747 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\frontierville-banner-fr1daysalered20100928-12856930903828[1].png 3591 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\gallery-thumb-01[1].jpg 1554 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\gamePop_petville[1].png 4784 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\ga[1].js 25137 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\get_adobe_reader[1].png 2597 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\gift_confirm_gift[1].png 890 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\adchoice_1.1[1].png 300 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\addthis-mini[1].gif 924 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\aku19f0e[1].png 247 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\sprite_whats_new_tab[1].gif 1555 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\SpryDOMUtils[1].js 17605 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\SpryJSONDataSet[1].js 9751 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\startup[1].js 29350 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\strings[1].js 148690 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\swfobject[1].js 9759 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\ironman_600x550[1].swf 4505 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\itwitter[1].png 570 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\live[1].js 15345 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\loginsprite_2_18_2010[1].png 960 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\logo_farmville[1].png 18371 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\mapCA3IG7LT.jpg 11829 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\b2a70061936078ecea7e5e6047ec7ffb[1].swf 11488 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\ba87c64b1f20e3e7898b0dc28b2173a6_1[1].js 26829 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\bc_2.0.4[1].js 2040 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\bg-layout-b-overview-mid[1].jpg 645 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\exp_PROD_300x250_bnr_092410_r11[1].swf 56218 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\first_degree[2].php 71079 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\J5X4B97B\global[1].js 1784 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\overlay_background[1].png 318288 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\page-fade[1].png 253 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\parking[1].png 1461 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\pocket[1].css 2691 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\ai[1].htm 0 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\Somnapure_ArticleTest_StayAsleep_160x600[1].gif 19395 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\spacer[1].gif 43 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\sprite_dialog[1].gif 7738 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\sprite_header[1].gif 7678 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\sprite_ltdrk_20091211_ltr[1].png 3885 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\SpryData[1].js 83434 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\superads_iframe_content[1].htm 3873 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\tab-break[1].png 263 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\tab-normal-fade[1].png 254 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\test_domain[1].js 52 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\tn48[1].jpg 4752 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\toparts-4b30731c566b-sm[1].jpg 1126 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\uh_rsa-1.0.5[1].css 9971 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\uh_rsa-1.0.9[1].js 4496 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\video_med_post[1].swf 304020 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\virusresults[1].html 15983 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\reader_icon_special[1].jpg 20325 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\right-bar[1].gif 1336 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\rightcard_rebuild_160x600[1].swf 24897 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\rs_slight_left_sm[1].gif 757 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\safe_image[1].jpg 2492 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\scotttrade_orangebutton[1].gif 2306 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\screen[1].css 34783 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\screen[2].css 6378 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\map[5].jpg 16327 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\map[6].jpg 10460 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\marriage2-sm[1].jpg 5239 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\mqa.module.printfriendly[1].js 4716 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\mqa.module.splitpanecontrol[1].css 521 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\mqa.module.streetview360[1].js 28433 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\promoOutline_bg[1].png 2711 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\promo_bar[1].htm 11401 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\prototype[1].js 126176 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\word42[1].png 2420 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\XdCommReceiver[1].js 3386 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\XFBML[1] 211526 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\x_1[1].gif 159 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\yahoo_logo_us_061509[1].png 1750 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\ybang_22_111908[1].png 980 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\yfpad_fpad100621[1].js 5675 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\Nav_Spacer[1].gif 0 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\ProgramListDR_120x600_button_greyRed[1].swf 9952 bytes
File C:\Documents and Settings\Michele\Local Settings\Temporary Internet Files\Content.IE5\YE7VUNY0\Wikipedia-logo-v2-en[1].png 0 bytes
File C:\Documents and Settings\Zack\Local Settings\Temp\aolbartcache\1\0201E07826.gif 1890 bytes
File C:\Documents and Settings\Zack\Local Settings\Temp\aolbartcache\1\12FA0FCD2A0DCFF2FA224714044E3B8F.gif 1624 bytes
File C:\Documents and Settings\Zack\Local Settings\Temp\aolbartcache\1\163E029FD60F6AF4389DE757F06B4BF6.gif 1697 bytes
File C:\Documents and Settings\Zack\Local Settings\Temp\aolbartcache\1\19265621A9DE70C353CEB83089FE4998.gif 1842 bytes
File C:\Documents and Settings\Zack\Local Settings\Temp\aolbartcache\1\1B71064537B7C6A57AC8DC85D332FECF.jpeg 1562 bytes
File C:\Documents and Settings\Zack\Local Settings\Temp\aolbartcache\1\1FC950A189F6E01C49B395B98A2CD30A.gif 2231 bytes
File C:\Documents and Settings\Zack\Local Settings\Temp\aolbartcache\1\2B00000087.gif 6136 bytes
File C:\Documents and Settings\Zack\Local Settings\Temp\aolbartcache\1\2B000005E0.gif 1894 bytes
File C:\Documents and Settings\Zack\Local Settings\Temp\aolbartcache\1\2B000008CC.gif 3584 bytes
File C:\Documents and Settings\Zack\Local Settings\Temp\aolbartcache\1\2B00001380.gif 1922 bytes
File C:\Documents and Settings\Zack\Local Settings\Temp\aolbartcache\1\2B00001D85.gif 6372 bytes
File C:\Documents and Settings\Zack\Local Settings\Temp\aolbartcache\1\2B00001D9B.gif 1890 bytes
File C:\Documents and Settings\Zack\Local Settings\Temp\aolbartcache\1\2B00002B40.gif 2472 bytes
File C:\Documents and Settings\Zack\Local Settings\Temp\aolbartcache\1\2B00002F14.gif 6817 bytes
File C:\Documents and Settings\Zack\Local Settings\Temp\aolbartcache\1\2DFFD18C7C040F428B57D82F94635A0B.gif 3639 bytes
File C:\Documents and Settings\Zack\Local Settings\Temp\aolbartcache\1\378147E15AAA1714E8FEE9BA67696A05.gif 561 bytes
File C:\Documents and Settings\Zack\Local Settings\Temp\aolbartcache\1\6903B71BA308C73090ACD8973FC74CF4.gif 6035 bytes
File C:\Documents and Settings\Zack\Local Settings\Temp\aolbartcache\1\72B1E2E00A63DE6AB3CA20EC38D3877B.gif 2424 bytes
File C:\Documents and Settings\Zack\Local Settings\Temp\aolbartcache\1\791E64ECC90943AD17562C6AD2E28644.jpeg 1095 bytes
File C:\Documents and Settings\Zack\Local Settings\Temp\aolbartcache\1\83486C6BA406C1A494AC6A6F5EB0EFDB.gif 3636 bytes
File C:\Documents and Settings\Zack\Local Settings\Temp\aolbartcache\1\93052E10FCB6A3293880294D361EA707.gif 1756 bytes
File C:\Documents and Settings\Zack\Local Settings\Temp\aolbartcache\1\9993C25430C35EBF59C963F084AF6E5F.gif 6987 bytes
File C:\Documents and Settings\Zack\Local Settings\Temp\aolbartcache\1\9CCEB5E1C52F5988D10512E10C6B8288.gif 6834 bytes
File C:\Documents and Settings\Zack\Local Settings\Temp\aolbartcache\1\A9C3EC3AE24C73AE15975D1B33F5E5A0.gif 2804 bytes
File C:\Documents and Settings\Zack\Local Settings\Temp\aolbartcache\1\C63B2922FCFDF1B6FD6444B6D7CDB8FD.gif 4422 bytes
File C:\Documents and Settings\Zack\Local Settings\Temp\aolbartcache\1\39EEF6BA8AD639F31C27740202270F64.gif 3488 bytes
File C:\Documents and Settings\Zack\Local Settings\Temp\aolbartcache\1\39FE6446C597625235B85A127BF570DA.jpeg 2350 bytes
File C:\Documents and Settings\Zack\Local Settings\Temp\aolbartcache\1\3BEA714E9AD40A8A468FE167266B5369.gif 6142 bytes
File C:\Documents and Settings\Zack\Local Settings\Temp\aolbartcache\1\4CC1584D0530AE0A624F366FFB242500.gif 1034 bytes
File C:\Documents and Settings\Zack\Local Settings\Temp\aolbartcache\1\5AEDC87F9BBDCC068A2F9ABF20861218.gif 2451 bytes
File C:\Documents and Settings\Zack\Local Settings\Temp\aolbartcache\1\5EE39EC55F27C29BDCDB81BED944A8D4.jpeg 1703 bytes
File C:\Documents and Settings\Zack\Local Settings\Temp\aolbartcache\1\66E52E58CCF383B8FF82C13F25F81340.gif 5771 bytes
File C:\Documents and Settings\Zack\Local Settings\Temp\aolbartcache\1\D580136C0DD55B1BCF577E718FFD22CC.gif 6587 bytes
File C:\Documents and Settings\Zack\Local Settings\Temp\aolbartcache\1\D9F1CDFD260F76FFE6DADBC7012D9C82.gif 7099 bytes
File C:\Documents and Settings\Zack\Local Settings\Temp\aolbartcache\1\DE00FBC433258886F010B447D9E05384.gif 370 bytes
File C:\Documents and Settings\Zack\Local Settings\Temp\aolbartcache\1\EC1A69877AD13F5BD612B4C853CCD0F6.gif 3720 bytes
File C:\Documents and Settings\Zack\Local Settings\Temp\aolbartcache\1\F333C87BC48DEF23337065F4C9CA2873.gif 1680 bytes
File C:\Documents and Settings\Zack\Local Settings\Temp\aolbartcache\1\F8857D49CEB9252BCFF8EECD6790CD4B.gif 1186 bytes
File C:\Documents and Settings\Zack\Local Settings\Temp\aolbartcache\1\FD5B9D24D92F7B41D2CEE71090EA1B5E.gif 3654 bytes

---- EOF - GMER 1.0.15 ----


Any ideas? Hopefully there is something here you recognize... and can tell me how to KILL!

Thanks...

Attached Files



BC AdBot (Login to Remove)

 


#2 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 PM

Posted 31 January 2011 - 08:06 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks.

DR

#3 kspoor

kspoor
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 31 January 2011 - 01:46 PM

First - thank you for your assistance with this problem...

Windows XP sp3

Computer is extremely slow - especially during shut down - takes longer than 5 minutes to shut down.

I ran the following so far (before Bleeping Computer);

vipreRescue
MalwareBytes AntiMalware
TuneUtilities 2010

Each scan found items that needed to be cleaned - or removed, but still the computer is slow to shut down...

The biggest error that I have found is that although I can surf the internet I CAN NOT connect to Windows Update!

So I am assuming that something is still present making this computer useless.

During the GMER scan I received thsi error:

gmer.exe - Corrupt File
The file or directory C:\$Mft is corrupt and unreadable. Please run the Chkdsk utility.

I await your suggestions - Logs attached.

Attached Files



#4 kspoor

kspoor
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 31 January 2011 - 01:48 PM

DDS (Ver_10-12-12.02) - NTFSx86
Run by Michele at 10:41:53.50 on Mon 01/31/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.142 [GMT -5:00]

AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Michele\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: microsoft.com\v4.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1295466263625
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
Notify: umuwrlcc - umuwrlcc.dll
Notify: vtutqpo - vtutqpo.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\michele\applic~1\mozilla\firefox\profiles\561hx8l8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\IPSFFPlgn
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-9-21 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-9-21 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\bashdefs\20110114.001\BHDrvx86.sys [2011-1-20 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-9-21 501888]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-1-19 98392]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-9-21 116784]
R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-8-25 91456]
R2 N360;Norton 360;c:\program files\norton 360\engine\4.3.0.5\ccsvchst.exe [2010-9-21 126392]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2010-9-30 1051968]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-2-6 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-13 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\ipsdefs\20110118.001\IDSXpx86.sys [2011-1-20 341944]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2010-2-25 10064]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2010-8-25 6016]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2010-8-25 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2010-8-25 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-8-25 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2010-8-25 9472]
S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20110119.037\NAVENG.SYS [2011-1-20 86008]
S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20110119.037\NAVEX15.SYS [2011-1-20 1360760]

=============== Created Last 30 ================

2011-01-25 15:50:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-25 15:49:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-25 15:49:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-20 19:08:41 98816 ----a-w- c:\windows\sed.exe
2011-01-20 19:08:41 89088 ----a-w- c:\windows\MBR.exe
2011-01-20 19:08:41 256512 ----a-w- c:\windows\PEV.exe
2011-01-20 19:08:41 161792 ----a-w- c:\windows\SWREG.exe
2011-01-20 19:08:04 -------- d-s---w- C:\ComboFix
2011-01-20 14:00:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-01-19 18:42:04 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-19 18:42:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-19 18:42:02 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-01-19 18:16:25 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2011-01-19 18:16:24 30016 ----a-w- c:\windows\system32\uxtuneup.dll
2011-01-19 18:15:32 -------- d-----w- c:\docume~1\michele\applic~1\TuneUp Software
2011-01-19 18:15:03 -------- d-----w- c:\program files\TuneUp Utilities 2010
2011-01-19 18:14:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\TuneUp Software
2011-01-19 18:14:21 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2011-01-19 13:52:39 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-01-19 13:52:39 27984 ----a-w- c:\windows\system32\sbbd.exe
2011-01-19 13:51:34 -------- d-----w- C:\VIPRERESCUE
2011-01-19 13:23:18 -------- d-----w- c:\docume~1\michele\applic~1\Malwarebytes
2011-01-19 13:22:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-01-19 13:19:35 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-01-19 13:19:35 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll

==================== Find3M ====================

2010-12-02 01:53:50 4704 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-12-02 01:53:47 104 --sh--r- c:\windows\system32\64ADFFF807.sys

============= FINISH: 10:42:55.60 ===============

#5 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:08:32 AM

Posted 01 February 2011 - 05:34 AM

Hello and welcome to Bleeping Computer. :)

*Please enable topic reply notification, follow step # 4 -> Here.

*It is important not to make any further changes or run any other tools/updates unless instructed to. This may hinder the cleaning process of your machine.

*Please do not attach logs unless instructed.

*You must reply within 5 days otherwise this topic will be closed.


==================================

I can see on your log that you already run ComboFix, can you please post the contents of C:\Combofix.txt.


Note:

You should not be using Combofix unless instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for general public or personal use. Combofix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#6 kspoor

kspoor
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 01 February 2011 - 06:12 AM

I started ComboFix and quit it after realizing that it was WAY above what I knew to be able to fix a computer - found it on MajorGeeks - saw the warning about using at your own risk. Started it - terminated it and found BleepingComputer as a source to possibly help with my computer problems... I have been doing each and every step as instructed and not skipping anything.

From last week on I have done nothing with the computer - unless told to by your techs, per your instructions.

Thank you

#7 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:08:32 AM

Posted 01 February 2011 - 08:28 AM

Thanks for the feedback.


Now, please delete your copy of ComboFix (do not uninstall) then download and run a new copy:

Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.

Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Posted Image


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

  • Leave your computer alone while ComboFix is running.
  • ComboFix will restart your computer if malware is found; allow it to do so.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Please do not mouseclick combofix's window while its running because it may call it to stall.
  • ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#8 kspoor

kspoor
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 01 February 2011 - 09:39 AM

ComboFix 11-01-31.02 - Michele 02/01/2011 8:57.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.162 [GMT -5:00]
Running from: c:\documents and settings\Michele\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Live Safety Center.lnk
c:\documents and settings\Zack\Desktop\Live Safety Center.lnk
c:\documents and settings\Zack\Favorites\Online Security Guide.lnk
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\mbols~1
c:\windows\system32\umuwrlcc.dllbox

.
((((((((((((((((((((((((( Files Created from 2011-01-01 to 2011-02-01 )))))))))))))))))))))))))))))))
.

2011-01-25 15:50 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-25 15:49 . 2011-01-25 15:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-25 15:49 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-20 14:00 . 2011-01-20 14:00 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-01-19 18:42 . 2011-01-19 18:41 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-19 18:42 . 2011-01-19 18:41 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-01-19 18:42 . 2011-01-19 18:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-19 18:16 . 2010-09-30 22:15 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2011-01-19 18:16 . 2010-09-30 22:09 30016 ----a-w- c:\windows\system32\uxtuneup.dll
2011-01-19 18:15 . 2011-01-19 18:15 -------- d-----w- c:\documents and settings\Michele\Application Data\TuneUp Software
2011-01-19 18:15 . 2011-01-19 18:16 -------- d-----w- c:\program files\TuneUp Utilities 2010
2011-01-19 18:14 . 2011-01-19 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2011-01-19 18:14 . 2011-01-19 18:14 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2011-01-19 13:52 . 2010-11-09 18:56 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-01-19 13:52 . 2010-11-09 18:56 27984 ----a-w- c:\windows\system32\sbbd.exe
2011-01-19 13:51 . 2011-01-19 16:07 -------- d-----w- C:\VIPRERESCUE
2011-01-19 13:23 . 2011-01-19 13:23 -------- d-----w- c:\documents and settings\Michele\Application Data\Malwarebytes
2011-01-19 13:22 . 2011-01-19 13:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-19 13:19 . 2008-04-14 01:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-01-19 13:19 . 2008-04-14 01:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Wireless Manager UI]
c:\windows\system32\WLTRAY [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2005-08-31 17:06 106496 ----a-w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2005-09-01 23:24 684032 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 16:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2007-11-15 15:23 202544 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-12-06 07:05 127035 ----a-w- c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 15:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 22:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-07-19 16:06 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-07-19 16:10 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-07-19 16:09 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 16:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 16:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2005-09-09 01:20 8192 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2005-09-09 01:20 110592 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 08:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2006-11-07 19:49 1121280 ----a-w- c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2005-12-17 06:09 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-09-10 05:19 393216 ----a-w- c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2003-11-19 23:48 32881 ----a-w- c:\program files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-06-24 12:36 729178 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"LifeCamSetup"="D:\setupstb.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"MSKDetectorExe"=c:\program files\McAfee\SpamKiller\MSKDetct.exe /uninstall

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [9/21/2010 3:34 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [9/21/2010 3:34 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110114.001\BHDrvx86.sys [1/20/2011 8:46 AM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [9/21/2010 3:34 PM 501888]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [1/19/2011 8:52 AM 98392]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [9/21/2010 3:34 PM 116784]
R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [8/25/2010 9:25 PM 91456]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccsvchst.exe [9/21/2010 3:34 PM 126392]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [9/30/2010 5:12 PM 1051968]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/6/2008 4:55 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/13/2010 3:21 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110118.001\IDSXpx86.sys [1/20/2011 8:46 AM 341944]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2/25/2010 11:18 AM 10064]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [8/25/2010 9:24 PM 6016]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/25/2010 9:24 PM 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/25/2010 9:24 PM 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [8/25/2010 9:24 PM 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [8/25/2010 9:24 PM 9472]

--- Other Services/Drivers In Memory ---

*Deregistered* - uwldypow

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2011-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

2011-01-31 c:\windows\Tasks\User_Feed_Synchronization-{51462185-A12E-4EFA-98F0-E44EC62F0AF1}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 08:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
Trusted Zone: microsoft.com\v4.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www
FF - ProfilePath - c:\documents and settings\Michele\Application Data\Mozilla\Firefox\Profiles\561hx8l8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Notify-vtutqpo - vtutqpo.dll
MSConfigStartUp-b405b24e - c:\windows\system32\xoyvhntt.dll
MSConfigStartUp-BMb73681d2 - c:\windows\system32\wnoxhfib.dll
MSConfigStartUp-Dot1XCfg - c:\program files\Dot1XCfg\Dot1XCfg.exe
MSConfigStartUp-MCAgentExe - c:\progra~1\mcafee.com\agent\McAgent.exe
MSConfigStartUp-MCUpdateExe - c:\progra~1\mcafee.com\agent\McUpdate.exe
MSConfigStartUp-MPFExe - c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe
MSConfigStartUp-MPSExe - c:\progra~1\mcafee.com\mps\mscifapp.exe
MSConfigStartUp-MSKAGENTEXE - c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe
MSConfigStartUp-OASClnt - c:\program files\McAfee.com\VSO\oasclnt.exe
MSConfigStartUp-RegistryMechanic - c:\program files\Registry Mechanic\RegMech.exe
MSConfigStartUp-VirusScan Online - c:\program files\McAfee.com\VSO\mcvsshld.exe
MSConfigStartUp-VSOCheckTask - c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-01 09:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(444)
c:\windows\System32\BCMLogon.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2011-02-01 09:29:49
ComboFix-quarantined-files.txt 2011-02-01 14:29

Pre-Run: 7,143,927,808 bytes free
Post-Run: 7,683,063,808 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - C0DCAE61EF3D4C9330D2DB9C97736C4D

#9 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:08:32 AM

Posted 01 February 2011 - 10:23 AM

Any changes after that ComboFix run? Please run another DDS scan and post the new report. Thanks.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#10 kspoor

kspoor
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 01 February 2011 - 10:44 AM

Computer still taking over 7 minutes to do a reboot and get back to the user select screen.

Also getting a notification that I need to run Chkdsk as there are corrupt files or directories (this showed up during the GMER and ComboFix scans)

- - - new DDS LOG - - -


DDS (Ver_10-12-12.02) - NTFSx86
Run by Michele at 10:36:49.12 on Tue 02/01/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.130 [GMT -5:00]

AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Dell Support Center\HWDiag\bin\pcd.exe
C:\Documents and Settings\Michele\Desktop\dds.scr
C:\WINDOWS\system32\wuauclt.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: microsoft.com\v4.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1295466263625
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\michele\applic~1\mozilla\firefox\profiles\561hx8l8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\IPSFFPlgn
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-9-21 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-9-21 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\bashdefs\20110114.001\BHDrvx86.sys [2011-1-20 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-9-21 501888]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-1-19 98392]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-9-21 116784]
R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-8-25 91456]
R2 N360;Norton 360;c:\program files\norton 360\engine\4.3.0.5\ccsvchst.exe [2010-9-21 126392]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2010-9-30 1051968]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-2-6 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-13 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\ipsdefs\20110118.001\IDSXpx86.sys [2011-1-20 341944]
R3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~2\hwdiag\bin\PCD5SRVC.pkms [2007-12-5 20640]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2010-2-25 10064]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2010-8-25 6016]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2010-8-25 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2010-8-25 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-8-25 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2010-8-25 9472]
S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20110119.037\NAVENG.SYS [2011-1-20 86008]
S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20110119.037\NAVEX15.SYS [2011-1-20 1360760]

=============== Created Last 30 ================

2011-02-01 13:54:32 -------- d-sha-r- C:\cmdcons
2011-01-25 15:50:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-25 15:49:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-25 15:49:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-20 19:08:41 98816 ----a-w- c:\windows\sed.exe
2011-01-20 19:08:41 89088 ----a-w- c:\windows\MBR.exe
2011-01-20 19:08:41 256512 ----a-w- c:\windows\PEV.exe
2011-01-20 19:08:41 161792 ----a-w- c:\windows\SWREG.exe
2011-01-20 14:00:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-01-19 18:42:04 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-19 18:42:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-19 18:42:02 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-01-19 18:16:25 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2011-01-19 18:16:24 30016 ----a-w- c:\windows\system32\uxtuneup.dll
2011-01-19 18:15:32 -------- d-----w- c:\docume~1\michele\applic~1\TuneUp Software
2011-01-19 18:15:03 -------- d-----w- c:\program files\TuneUp Utilities 2010
2011-01-19 18:14:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\TuneUp Software
2011-01-19 18:14:21 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2011-01-19 13:52:39 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-01-19 13:52:39 27984 ----a-w- c:\windows\system32\sbbd.exe
2011-01-19 13:51:34 -------- d-----w- C:\VIPRERESCUE
2011-01-19 13:23:18 -------- d-----w- c:\docume~1\michele\applic~1\Malwarebytes
2011-01-19 13:22:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-01-19 13:19:35 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-01-19 13:19:35 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll

==================== Find3M ====================

2010-12-02 01:53:50 4704 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-12-02 01:53:47 104 --sh--r- c:\windows\system32\64ADFFF807.sys

============= FINISH: 10:38:58.65 ===============

Attached Files



#11 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:08:32 AM

Posted 01 February 2011 - 11:01 AM

Thanks, next steps will take time to complete so please be patient.


1. Please go to this link -> http://www.bleepingcomputer.com/tutorials/the-importance-of-disk-defragmentation/ and follow the steps to perform a Disk Defragmentation.


2. Please check volume for errors.
  • To check the volume for errors:
  • Click start and then My Computer.
  • Right click the drive C and select Properties.
  • Under Tools tab press Check Now...
  • Put a check mark in both items and press start.
  • If you get a message click Yes to schedule the disk check and click OK and then restart your computer to start the disk check. Please be patient and let the system run. In some cases it might take a couple of hours and you don't have to sit there the whole time.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#12 kspoor

kspoor
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 01 February 2011 - 02:49 PM

OK - now the computer is working WAY faster - ran defrag and scan disk - rebooted which happened very quickly... and I can connect to Windows Update - of which it has found 23 High Priority updates.

Thank you very much... you saved this computer from being blown out with a reinstall of WinXP.

What are your thoughts on VIPRE as a solution to protect the computer.

Trying to use the Norton removal tool to get rid of Norton 360 - seems to have stalled... might be in touch to fix that at a later time.



thanks again - Kspoor

#13 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:08:32 AM

Posted 01 February 2011 - 10:37 PM

Hi kspoor,

Glad to know that your problem was fixed, but let's make sure that there's no malware remnants.

Please use Internet Explorer to perform a BitDefender Online Virus and Malware Scan
  • Click on I Agree.
  • If an Active X warning box will appear Click on Install.
    Note: If you got the message:"Could not load the Online Scanner! Click here for other possible fixes", it means Internet Explorer has blocked the Active X being installed. Just above the page under the Internet Explorer toolbar you see this message:
    "This website wants to install the following add-on: "Bitdefender OnlineScanner v8' from 'BITDEFENDER LLC'. If you trust the website and the add-on and want to install it, click here..."
    Click on that and select: Install Active x.
  • Now Click On Start Scan. Please wait as it might take some time.
  • If it found anything when it finished click Click here to export the scan report
  • Give the report a name and save it. The file will be a .HTML file.
  • Please attach the file to your reply.
  • To attach the file press ADDREPLY, under the reply window press Browse... show the path to the file on your computer.
  • Highlight the file and click Open then press the green UPLOAD button.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#14 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:08:32 AM

Posted 02 February 2011 - 01:58 AM

What are your thoughts on VIPRE as a solution to protect the computer.

I haven't tried using VIPRE so I can't give you a definite answer about this, I'm sorry.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#15 kspoor

kspoor
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 02 February 2011 - 06:48 PM

I will run that online scanner first thing tomorrow - got blasted with snow/ice and had a no work day today (so I could not get near computer). 2 quick questions in the mean time:

How do I disable the Recovery Console that was installed with ComboFix? It shows up during boot and I am giving this computer back to the owner - don't want her thinking something is not right. Or do I just tell her to leave it alone till it boots up to the user select.

Any ideas what I can do to remove Norton 360 ver4? I tried using the Norton Removal Tool from their website (got the correct version for the product) - but the program stalls during the removal process - taking 93+% of processor use with it. Or do I just have to use this removal tool to get the job done correctly? This program might have been compromised by what was on the computer prior to your help cleaning it up - actually I know it was compromised because Norton kept saying everything was A-OK! (LIARS!!!!) hehehehe

Again - thank you, I will post the log first thing tomorrow AM...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users