Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox Google Redirect fsharproj


  • This topic is locked This topic is locked
19 replies to this topic

#1 mybleepingmachine

mybleepingmachine

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 26 August 2011 - 09:05 PM

Using Firefox & Google every couple of searches is redirected. Malware reported HKEY_CLASSES_ROOT\fsharproj but came back after the reboot.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_23
Run by Compaq_Administrator at 18:41:29 on 2011-08-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.246 [GMT -7:00]
.
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.8.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.8.0.5\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\webhelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.8.0.5\coIEPlg.dll
TB: {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SetDefPrt2] c:\program files\brother\brmfl06b\BrStDvPt.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [DMAScheduler] c:\program files\sonic\digitalmedia plus\digitalmedia archive\DMAScheduler.exe
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [DISCover] c:\program files\disc\DISCover.exe nogui
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\automa~1.lnk - c:\troopmaster software\automailer\AutoMailer.exe
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\dragon~1.lnk - c:\program files\nuance\naturallyspeaking9\program\natspeak.exe
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\palmon~1.lnk - c:\program files\palmone\register.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\minima~1.lnk - c:\program files\broderbund\mavis beacon teaches typing 12 standard\MiniMavis.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: trymedia.com
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://www.imgag.com/cp/install/Crusher.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - file:///E:/CDVIEWER/CdViewer.cab
DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} - hxxps://www.plaxo.com/activex/plx_upldr-2k-xp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{5FC2489D-15AD-4B21-BF99-54262B40C5BE} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\2e95sadk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20110801&q=
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npEModelPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1108000.005\symds.sys [2010-9-23 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1108000.005\symefa.sys [2010-9-23 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\bashdefs\20110812.001\BHDrvx86.sys [2011-8-15 815736]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1108000.005\cchpx86.sys [2010-9-23 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1108000.005\ironx86.sys [2010-9-23 116784]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.8.0.5\ccsvchst.exe [2010-9-23 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-27 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\ipsdefs\20110822.031\IDSXpx86.sys [2011-8-23 356280]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\virusdefs\20110825.018\NAVENG.SYS [2011-8-25 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\virusdefs\20110825.018\NAVEX15.SYS [2011-8-25 1576312]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\drivers\nielprt.sys --> c:\windows\system32\drivers\nielprt.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-24 135664]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-2-2 18560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-24 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-23 41272]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
.
=============== Created Last 30 ================
.
2011-08-25 03:29:49 -------- d-----w- c:\windows\system32\NtmsData
2011-08-24 04:41:00 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-24 04:40:54 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-24 02:52:46 -------- d-----w- c:\program files\ESET
2011-08-24 01:57:03 0 ---ha-w- c:\documents and settings\compaq_administrator\lqtxxvykhm.tmp
2011-08-22 00:44:45 94768 ----a-w- c:\windows\system32\drivers\26018403.sys
2011-08-21 22:52:29 -------- d-sh--r- C:\cmdcons
2011-08-20 05:30:36 98816 ----a-w- c:\windows\sed.exe
2011-08-20 05:30:36 518144 ----a-w- c:\windows\SWREG.exe
2011-08-20 05:30:36 256000 ----a-w- c:\windows\PEV.exe
2011-08-20 05:30:36 208896 ----a-w- c:\windows\MBR.exe
2011-08-17 23:47:11 -------- d-----w- c:\program files\Bonjour
2011-08-11 03:44:55 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-11 03:44:53 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-07 00:23:38 466944 ----a-w- c:\program files\mozilla firefox\plugins\NPcol400.dll
2011-08-07 00:23:35 -------- d-----w- c:\documents and settings\compaq_administrator\application data\Catalina Marketing Corp
2011-08-01 18:25:16 98304 ----a-w- c:\windows\system32\redmonnt.dll
2011-08-01 18:24:43 -------- d-----w- c:\program files\FoxTabPDFConverter
.
==================== Find3M ====================
.
2011-08-19 22:26:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 18:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 18:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-08 14:02:00 10496 ------w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 01:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-06 01:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-24 14:10:36 139656 ------w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:45:58 832512 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:45:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 18:45:57 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-06-21 18:45:57 17408 ------w- c:\windows\system32\corpol.dll
2011-06-21 11:47:20 389120 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-19 04:11:24 21840 ----atw- c:\windows\system32\SIntfNT.dll
2011-06-19 04:11:24 17212 ----atw- c:\windows\system32\SIntf32.dll
2011-06-19 04:11:24 12067 ----atw- c:\windows\system32\SIntf16.dll
2011-06-02 14:02:05 1858944 ------w- c:\windows\system32\win32k.sys
2007-02-12 04:37:37 4733440 ----a-w- c:\program files\ip1600x64190dej.exe
.
============= FINISH: 18:43:29.82 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:38 AM

Posted 31 August 2011 - 02:07 PM

Hello and welcome to Bleeping Computer.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Sorry for the delay in replying, the forum is very busy. If you still need help, please do the following:


Step # 1 Download and run DDS

Download DDS and save it to your desktop from here or here or here
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop. Post them back to your topic.


Step # 2: Download and Run Gmer

Please download gmer.zip from Gmer and save it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst


If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure that the 'Sections' button is ticked and the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER will produce a log.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.


In your next post/reply, I need to see the following:

1. The two DDS Logs (DDS and Attach.txt)
2. The GMER Log

Use multiple posts if you can't fit everything into one post.

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#3 mybleepingmachine

mybleepingmachine
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 01 September 2011 - 09:23 AM

gmer ran overnight. This morning there were window popups about unable to save data. Clicked through those then pressed save in gmer and again the unable to save data messages continued to pop up. I've included the dds logs below and will attempt the gmer again after work.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_23
Run by Compaq_Administrator at 18:37:39 on 2011-08-31
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.309 [GMT -7:00]
.
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.8.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.8.0.5\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\webhelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.8.0.5\coIEPlg.dll
TB: {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SetDefPrt2] c:\program files\brother\brmfl06b\BrStDvPt.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [DMAScheduler] c:\program files\sonic\digitalmedia plus\digitalmedia archive\DMAScheduler.exe
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [DISCover] c:\program files\disc\DISCover.exe nogui
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\automa~1.lnk - c:\troopmaster software\automailer\AutoMailer.exe
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\dragon~1.lnk - c:\program files\nuance\naturallyspeaking9\program\natspeak.exe
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\palmon~1.lnk - c:\program files\palmone\register.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\minima~1.lnk - c:\program files\broderbund\mavis beacon teaches typing 12 standard\MiniMavis.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: trymedia.com
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://www.imgag.com/cp/install/Crusher.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - file:///E:/CDVIEWER/CdViewer.cab
DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} - hxxps://www.plaxo.com/activex/plx_upldr-2k-xp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{5FC2489D-15AD-4B21-BF99-54262B40C5BE} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\2e95sadk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20110801&q=
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npEModelPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1108000.005\symds.sys [2010-9-23 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1108000.005\symefa.sys [2010-9-23 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\bashdefs\20110812.001\BHDrvx86.sys [2011-8-15 815736]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1108000.005\cchpx86.sys [2010-9-23 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1108000.005\ironx86.sys [2010-9-23 116784]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.8.0.5\ccsvchst.exe [2010-9-23 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-27 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\ipsdefs\20110826.030\IDSXpx86.sys [2011-8-26 356280]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\virusdefs\20110828.002\NAVENG.SYS [2011-8-28 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\virusdefs\20110828.002\NAVEX15.SYS [2011-8-28 1576312]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\drivers\nielprt.sys --> c:\windows\system32\drivers\nielprt.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-24 135664]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-2-2 18560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-24 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-23 41272]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
.
=============== Created Last 30 ================
.
2011-08-25 03:29:49 -------- d-----w- c:\windows\system32\NtmsData
2011-08-24 04:41:00 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-24 04:40:54 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-24 02:52:46 -------- d-----w- c:\program files\ESET
2011-08-24 01:57:03 0 ---ha-w- c:\documents and settings\compaq_administrator\lqtxxvykhm.tmp
2011-08-22 00:44:45 94768 ----a-w- c:\windows\system32\drivers\26018403.sys
2011-08-21 22:52:29 -------- d-sh--r- C:\cmdcons
2011-08-20 05:30:36 98816 ----a-w- c:\windows\sed.exe
2011-08-20 05:30:36 518144 ----a-w- c:\windows\SWREG.exe
2011-08-20 05:30:36 256000 ----a-w- c:\windows\PEV.exe
2011-08-20 05:30:36 208896 ----a-w- c:\windows\MBR.exe
2011-08-17 23:47:11 -------- d-----w- c:\program files\Bonjour
2011-08-11 03:44:55 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-11 03:44:53 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-07 00:23:38 466944 ----a-w- c:\program files\mozilla firefox\plugins\NPcol400.dll
2011-08-07 00:23:35 -------- d-----w- c:\documents and settings\compaq_administrator\application data\Catalina Marketing Corp
.
==================== Find3M ====================
.
2011-08-19 22:26:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 18:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 18:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-08 14:02:00 10496 ------w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 01:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-06 01:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-24 14:10:36 139656 ------w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:45:58 832512 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:45:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 18:45:57 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-06-21 18:45:57 17408 ------w- c:\windows\system32\corpol.dll
2011-06-21 11:47:20 389120 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-19 04:11:24 21840 ----atw- c:\windows\system32\SIntfNT.dll
2011-06-19 04:11:24 17212 ----atw- c:\windows\system32\SIntf32.dll
2011-06-19 04:11:24 12067 ----atw- c:\windows\system32\SIntf16.dll
2007-02-12 04:37:37 4733440 ----a-w- c:\program files\ip1600x64190dej.exe
.
============= FINISH: 18:39:11.29 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/20/2006 9:57:10 PM
System Uptime: 8/31/2011 6:30:13 PM (0 hours ago)
.
Motherboard: ASUSTek Computer INC. | | Amberine M
Processor: AMD Athlon™ 64 Processor 3500+ | Socket 939 | 2188/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 178 GiB total, 97.263 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 0.422 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
L: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A26103C&REV_10\4&FB75CB&0&18A4
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A26103C&REV_10\4&FB75CB&0&18A4
Service: RTL8023xp
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\9DD6C211D800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\9DD6C211D800
Service: NIC1394
.
==== System Restore Points ===================
.
RP385: 6/2/2011 7:35:03 AM - System Checkpoint
RP386: 6/3/2011 9:56:13 AM - System Checkpoint
RP387: 6/4/2011 2:21:36 PM - System Checkpoint
RP388: 6/5/2011 3:00:05 PM - System Checkpoint
RP389: 6/6/2011 3:06:23 PM - System Checkpoint
RP390: 6/7/2011 3:19:32 PM - System Checkpoint
RP391: 6/8/2011 7:21:32 PM - System Checkpoint
RP392: 6/10/2011 11:36:50 AM - System Checkpoint
RP393: 6/11/2011 5:57:37 PM - System Checkpoint
RP394: 6/12/2011 12:50:33 PM - Installed TurboCAD Deluxe 15
RP395: 6/14/2011 12:22:23 PM - System Checkpoint
RP396: 6/15/2011 12:28:18 PM - System Checkpoint
RP397: 6/16/2011 12:23:43 AM - Software Distribution Service 3.0
RP398: 6/17/2011 1:10:18 AM - System Checkpoint
RP399: 6/18/2011 1:20:05 PM - System Checkpoint
RP400: 6/19/2011 1:53:41 PM - System Checkpoint
RP401: 6/21/2011 7:48:26 AM - System Checkpoint
RP402: 6/22/2011 4:58:16 PM - System Checkpoint
RP403: 6/24/2011 5:16:13 PM - System Checkpoint
RP404: 6/25/2011 9:04:58 PM - System Checkpoint
RP405: 6/27/2011 2:09:15 PM - System Checkpoint
RP406: 6/28/2011 2:23:28 PM - System Checkpoint
RP407: 6/28/2011 10:26:31 PM - Software Distribution Service 3.0
RP408: 6/30/2011 3:52:35 PM - System Checkpoint
RP409: 7/2/2011 9:09:08 AM - System Checkpoint
RP410: 7/3/2011 12:12:33 PM - System Checkpoint
RP411: 7/4/2011 12:29:20 PM - System Checkpoint
RP412: 7/5/2011 10:56:11 PM - System Checkpoint
RP413: 7/7/2011 1:21:24 PM - System Checkpoint
RP414: 7/9/2011 5:18:48 PM - System Checkpoint
RP415: 7/10/2011 5:49:00 PM - System Checkpoint
RP416: 7/11/2011 7:21:44 PM - System Checkpoint
RP417: 7/13/2011 1:05:04 AM - Software Distribution Service 3.0
RP418: 7/15/2011 12:05:15 PM - System Checkpoint
RP419: 7/16/2011 12:05:22 PM - System Checkpoint
RP420: 7/17/2011 3:11:36 PM - System Checkpoint
RP421: 7/19/2011 10:22:57 AM - System Checkpoint
RP422: 7/20/2011 1:38:12 PM - System Checkpoint
RP423: 7/28/2011 5:08:54 PM - System Checkpoint
RP424: 7/29/2011 5:49:11 PM - System Checkpoint
RP425: 7/30/2011 7:15:29 PM - System Checkpoint
RP426: 8/1/2011 11:25:24 AM - Printer Driver FoxTab PDF Virtual Printer Installed
RP427: 8/2/2011 12:21:02 PM - System Checkpoint
RP428: 8/4/2011 10:48:11 AM - System Checkpoint
RP429: 8/9/2011 3:28:32 PM - System Checkpoint
RP430: 8/10/2011 3:35:32 PM - System Checkpoint
RP431: 8/10/2011 10:25:04 PM - Software Distribution Service 3.0
RP432: 8/13/2011 7:11:48 PM - System Checkpoint
RP433: 8/14/2011 12:58:36 PM - Installed Java™ 6 Update 23
RP434: 8/15/2011 6:16:32 PM - Removed Adobe Reader 8.1.2
RP435: 8/15/2011 6:20:54 PM - Installed Adobe Reader X (10.1.0).
RP436: 8/19/2011 10:31:12 PM - ComboFix created restore point
RP437: 8/20/2011 10:36:16 PM - System Checkpoint
RP438: 8/22/2011 8:30:27 AM - System Checkpoint
RP439: 8/23/2011 9:19:28 AM - System Checkpoint
RP440: 8/24/2011 9:23:51 AM - System Checkpoint
RP441: 8/25/2011 5:53:48 PM - Software Distribution Service 3.0
RP442: 8/26/2011 7:34:48 PM - System Checkpoint
RP443: 8/28/2011 2:01:16 AM - System Checkpoint
RP444: 8/29/2011 3:00:10 AM - System Checkpoint
RP445: 8/29/2011 7:43:39 AM - System Checkpoint
.
==== Installed Programs ======================
.
.
32 Bit HP CIO Components Installer
5 Card Slingo from Compaq (remove only)
8500A909_eDocs
8500A909_Help
8500A909a
ACLS-PALS (Palm) v 9.0.7 by Skyscape
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.0)
Adobe Shockwave Player 11.5
Adobe® Photoshop® Album Starter Edition 3.2
AGEIA PhysX v7.11.13
Agere Systems PCI-SV92PP Soft Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Archimedes (Palm) v 10.0.6 by Skyscape
Archimedes (Palm) v 10.0.8 by Skyscape
AstroPop Deluxe from Compaq (remove only)
ATI Control Panel
ATI Display Driver
Audible Download Manager
Aventail Access Manager
Barnyard Invasion from Compaq (remove only)
Bejeweled 2 Deluxe from Compaq (remove only)
Belkin Wireless Utility
Berlitz Before You Know It Flash Cards
Berlitz Learning System - Spanish
Bible To Go
Blackhawk Striker 2 from Compaq (remove only)
Blasterball 2 from Compaq (remove only)
Blasterball 2 Remix from Compaq (remove only)
Boggle Supreme from Compaq (remove only)
Bonjour
Bookworm Deluxe from Compaq (remove only)
Bounce Symphony from Compaq (remove only)
BPD_DSWizards
bpd_scan
BPDSoftware
BPDSoftware_Ini
Brother HL-4040CN
Brother MFL-Pro Suite
BufferChm
Canon iP1600
CCleaner
Chuzzle Deluxe from Compaq (remove only)
Click'N Design 3D
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Cricut DesignStudio
Crystal Maze from Compaq (remove only)
CueTour
Customer Experience Enhancement
Defraggler
Destination Component
DeviceDiscovery
DocProc
Dragon NaturallySpeaking 9
Easy Chef's Slow Cookin'
EasyChild
Enhanced Multimedia Keyboard Solution
eReader
ESET Online Scanner v3
FATE from Compaq (remove only)
Fax
FoxTab PDF Converter
FryesRN5 (Palm) v 7.0.4 by Skyscape
FullDPAppQFolder
Garmin Trip and Waypoint Manager v3
Garmin USB Drivers
Garmin WebUpdater
GemMaster Mystic
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
High Definition Audio Driver Package - KB888111
Hockenberry Wong's Essentials of Pediatric Nursing, 7e
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HOTLLAMA Media Player
HOTLLAMA Media Player - Update
HP Boot Optimizer
HP Customer Participation Program 12.0
HP DigitalMedia Archive
HP Document Manager 2.0
HP DVD Play 1.0
HP Game Console and games
HP Games 3.43.97
HP Imaging Device Functions 12.0
HP Photosmart Premier Software 6.0
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Support Overview
HP Update
HP Web Helper
HPDiagnosticAlert
HPProductAssistant
HpSdpAppCoreApp
ICD-9-CM (Palm) v 10.0.1 by Skyscape
ICD-9-CM (Palm) v 9.0.15 by Skyscape
Insaniquarium Deluxe from Compaq (remove only)
InstantShareAlert
InstantShareDevices
iPod for Windows 2006-06-28
iTunes
Java Auto Updater
Java™ 6 Update 23
JumpStart Spanish
Lemonade Tycoon 2 from Compaq (remove only)
Lexibox Deluxe from Compaq (remove only)
LightScribe 1.4.84.1
LightScribe Applications
LiveUpdate (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Mah Jong Quest from Compaq (remove only)
Malwarebytes' Anti-Malware version 1.51.1.1800
MarketResearch
Mavis Beacon Teaches Typing 12 Standard
MedStream 360° (Palm) v 10.0.6 by Skyscape
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Away Mode
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MobileMe Control Panel
Mozilla Firefox 6.0 (x86 en-US)
MPM
MSVCSetup
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NCLEX-RN 3500 - Individual Version
Netscape Browser (remove only)
Network
Norton Internet Security
Norton Security Scan
OCR Software by I.R.I.S. 12.0
Officejet Pro 8500 A909 Series
OptionalContentQFolder
Otto
palmOne
PhotoGallery
Polar Bowler from Compaq (remove only)
Polar Golfer from Compaq (remove only)
ProductContext
PS2
Puzzle Express from Compaq (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
QuickTime
QuickTime for Windows (32-bit)
Rainbow Fish
Rainbow fish and the Whale
RandMap
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Ricochet Lost Worlds from Compaq (remove only)
Safari
Scan
SCRABBLE from Compaq (remove only)
SCRABBLE Journey
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shooting Stars Pool from Compaq (remove only)
Shop for HP Supplies
Shrek 2 Ogre Bowler from Compaq (remove only)
SigmaTel MSCN Audio Player
SkinsHP1
Skype Toolbars
Skype™ 4.2
Slingo Deluxe from Compaq (remove only)
SmartDraw 2007
SmartWebPrinting
Snowboard SuperJam from Compaq (remove only)
SolidWorks eDrawings 2011
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Status
Super Granny from Compaq (remove only)
Symantec Technical Support Web Controls
Toolbox
Total Video Converter 3.11 070908
Tradewinds from Compaq (remove only)
TrayApp
TroopMaster 2009
TurboCAD Deluxe 15
TurboTax 2010
TurboTax 2010 waziper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
Typing Instructor for Kids II
Unload
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Driver Package - LeapFrog (FlyUsb) USB (06/15/2007 1.0.0.6)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Vista Upgrade Advisor
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
World of Warcraft
xImage
Zuma Deluxe from Compaq (remove only)
.
==== Event Viewer Messages From Past Week ========
.
8/29/2011 7:30:57 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
8/29/2011 7:30:57 AM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/29/2011 7:30:57 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
8/29/2011 7:28:23 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2
8/29/2011 7:24:02 AM, error: BROWSER [8007] - The browser was unable to update the service status bits. The data is the error.
8/29/2011 7:21:58 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls. Reference error message: Insufficient system resources exist to complete the requested service. .
8/29/2011 7:21:58 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\CRYPTUI.dll. Reference error message: The operation completed successfully. .
8/29/2011 7:21:48 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
8/29/2011 7:21:44 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\urlmon.dll. Reference error message: The operation completed successfully. .
8/29/2011 7:21:28 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: Insufficient system resources exist to complete the requested service. .
8/29/2011 7:21:28 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll. Reference error message: The operation completed successfully. .
8/29/2011 7:21:28 AM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\WINDOWS\WinSxS\Policies\x86_Policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-ww_b7353f75\9.0.30729.4148.policy" on line 0.
8/29/2011 7:19:14 AM, error: Srv [2019] - The server was unable to allocate from the system nonpaged pool because the pool was empty.
8/29/2011 5:17:57 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Norton Internet Security\Engine\17.8.0.5\NavShExt.dll. Reference error message: The operation completed successfully. .
8/29/2011 12:19:45 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'rnsystem.dat' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
8/28/2011 8:52:26 PM, error: System Error [1003] - Error code 1000007e, parameter1 c0000005, parameter2 804ef16e, parameter3 eecbac70, parameter4 eecba96c.
8/28/2011 6:36:00 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
8/28/2011 3:34:22 PM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
8/26/2011 6:48:53 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
8/25/2011 5:51:26 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2 iaStor IntelIde ViaIde
8/24/2011 9:19:00 PM, error: Removable Storage Service [111] - RSM could not load media in drive Drive 0 of library Disk drive.
8/24/2011 9:13:08 PM, error: Service Control Manager [7034] - The Net.Tcp Port Sharing Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

#4 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:38 AM

Posted 01 September 2011 - 01:27 PM

If you're unable to get a log from GMER let me know and we'll try another rootkit scanner in its place.

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#5 mybleepingmachine

mybleepingmachine
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 02 September 2011 - 09:32 AM

After work it ran and then the machine rebooted while it was running. Ran it again over night and still had the could not write to disk messages. I was able to save the log however and included it below.

Please let me know if I should run something else in addition to this.

Thank you!!

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-02 06:59:21
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3200826AS rev.3.03
Running: gmer.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\kxlyakow.sys


---- System - GMER 1.0.15 ----

SSDT 85D071E0 ZwAlertResumeThread
SSDT 85CE30C0 ZwAlertThread
SSDT 85D181D0 ZwAllocateVirtualMemory
SSDT 85D0F200 ZwAssignProcessToJobObject
SSDT 861062D8 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xF1DAD210]
SSDT 85C62150 ZwCreateMutant
SSDT 85D15008 ZwCreateSymbolicLinkObject
SSDT 85C989A8 ZwCreateThread
SSDT 860BC0C0 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xF1DAD490]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF1DAD9F0]
SSDT 86020B70 ZwDuplicateObject
SSDT 85D13008 ZwFreeVirtualMemory
SSDT 85C62008 ZwImpersonateAnonymousToken
SSDT 85D07120 ZwImpersonateThread
SSDT 860FDDB8 ZwLoadDriver
SSDT 85D13118 ZwMapViewOfSection
SSDT 85C62070 ZwOpenEvent
SSDT 85D05190 ZwOpenProcess
SSDT 86020A90 ZwOpenProcessToken
SSDT 860290C8 ZwOpenSection
SSDT 85D050A0 ZwOpenThread
SSDT 85D0F110 ZwProtectVirtualMemory
SSDT 85CE31A0 ZwResumeThread
SSDT 85D0D048 ZwSetContextThread
SSDT 85D0D128 ZwSetInformationProcess
SSDT 860BC1A0 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF1DADC40]
SSDT 860291A8 ZwSuspendProcess
SSDT 85D0B0A0 ZwSuspendThread
SSDT 861631A0 ZwTerminateProcess
SSDT 85D0B180 ZwTerminateThread
SSDT 85D0D008 ZwUnmapViewOfSection
SSDT 85D18100 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\palmOne\Hotsync.exe[2828] msvcrt.dll!??2@YAPAXI@Z 77C29CC5 5 Bytes JMP 0A93C080 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[2828] msvcrt.dll!??3@YAXPAX@Z 77C29CDD 5 Bytes JMP 0A93C0E0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[2828] msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 77C29D9F 5 Bytes JMP 0A93C110 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[2828] msvcrt.dll!_aligned_offset_malloc 77C29DAF 5 Bytes JMP 0A93BFE0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[2828] msvcrt.dll!_aligned_free 77C29E33 5 Bytes JMP 0A93C0E0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[2828] msvcrt.dll!_aligned_malloc 77C29E52 5 Bytes JMP 0A93BFC0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[2828] msvcrt.dll!_aligned_offset_realloc 77C29E6E 5 Bytes JMP 0A93C020 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[2828] msvcrt.dll!_aligned_realloc 77C29FC6 5 Bytes JMP 0A93C000 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[2828] msvcrt.dll!_expand 77C29FE5 5 Bytes JMP 0A93BFA0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[2828] msvcrt.dll!_heapadd 77C2BC9F 5 Bytes JMP 0A93C160 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[2828] msvcrt.dll!_heapchk 77C2BCB3 5 Bytes JMP 0A93C170 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[2828] msvcrt.dll!_heapset + 1 77C2BD83 4 Bytes JMP 0A93C191 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[2828] msvcrt.dll!_heapmin 77C2BD8C 5 Bytes JMP 0A93C260 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[2828] msvcrt.dll!_heapused 77C2BE3A 5 Bytes JMP 0A93C230 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[2828] msvcrt.dll!_heapwalk 77C2BE4D 5 Bytes JMP 0A93C1A0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[2828] msvcrt.dll!_msize 77C2BF6C 5 Bytes JMP 0A93BEB0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[2828] msvcrt.dll!calloc 77C2C0C3 5 Bytes JMP 0A93BE50 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[2828] msvcrt.dll!free 77C2C21B 5 Bytes JMP 0A93C0E0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[2828] msvcrt.dll!malloc 77C2C407 5 Bytes JMP 0A93BE10 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[2828] msvcrt.dll!realloc 77C2C437 5 Bytes JMP 0A93BE90 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\program files\real\realplayer\update\realsched.exe[4024] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[4068] kernel32.dll!FindResourceW 7C80BC6E 5 Bytes JMP 00421DB0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[4068] kernel32.dll!FindResourceA 7C80BF29 5 Bytes JMP 00421D70 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[4068] USER32.dll!LoadStringW 7E419E36 5 Bytes JMP 004222B0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[4068] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 00421E60 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[4068] USER32.dll!LoadBitmapW 7E420242 5 Bytes JMP 00422210 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[4068] USER32.dll!LoadBitmapA 7E42473C 5 Bytes JMP 00422170 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[4068] USER32.dll!LoadStringA 7E42C908 5 Bytes JMP 00422360 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[4068] USER32.dll!LoadIconW 7E42E8BC 5 Bytes JMP 00422080 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[4068] USER32.dll!LoadIconA 7E42E8F6 5 Bytes JMP 00421F90 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[4068] USER32.dll!LoadMenuW 7E42EB48 5 Bytes JMP 00421F30 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[4068] USER32.dll!CreateDialogParamA 7E43C7DB 5 Bytes JMP 00421DF0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[4068] USER32.dll!LoadMenuA 7E44FA83 5 Bytes JMP 00421ED0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe[2560] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 0039B390
IAT C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe[2560] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 0039B1A3
IAT C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe[2560] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00396BCE
IAT C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe[2560] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 003977A7
IAT C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe[2560] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 00399551
IAT C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe[2560] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00397F73
IAT C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe[2560] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 0039798C
IAT C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe[2560] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 00398DCC
IAT C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe[2560] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 0039AA37
IAT C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe[2560] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 0039AA67
IAT C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe[2560] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 0039B5AA
IAT C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe[2560] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 0039A791
IAT C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe[2560] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 003994E1
IAT C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe[2560] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 00398633
IAT C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe[2560] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00397D87
IAT C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe[2560] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 003982CF
IAT C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe[2560] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 0039B8D6
IAT C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe[2560] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 00398FCB
IAT C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe[2560] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 003993DD
IAT C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe[2560] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 00399B20
IAT C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe[2560] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 00399810
IAT C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe[2560] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 00399ACE
IAT C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe[2560] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 0039A10D
IAT C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe[2560] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 00399C18
IAT C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe[2560] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 00397B9B
IAT C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe[2560] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 00398588
IAT C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe[2560] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 0039AB12
IAT C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe[2560] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 003998D2
IAT C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe[2560] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 00399494
IAT C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe[2560] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 00399208
IAT C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe[2560] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 003995E1
IAT C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe[2560] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 0039B5B6
IAT C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe[2560] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 003997A7
IAT C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe[2560] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 0039B73B
IAT C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe[2560] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 0039B709
IAT C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe[2560] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 0039B85E
IAT C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe[2560] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 0039B8BA
IAT C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe[2560] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 0039B7A7

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B09DDDD2F08A314A8E8835C70A6D7AB\Usage@NatSpeak 1059171318

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB929338$\ntkrnlmp.exe 2135552 bytes executable
File C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe 2015232 bytes executable
File C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe.000 2056832 bytes executable
File C:\WINDOWS\$NtUninstallKB929338$\ntkrpamp.exe 2015232 bytes executable
File C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe 2135552 bytes executable
File C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe.000 2179328 bytes executable
File C:\WINDOWS\$NtUninstallKB929338$\spuninst 0 bytes
File C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe 213216 bytes executable
File C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.inf 13064 bytes
File C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.txt 1140 bytes
File C:\WINDOWS\$NtUninstallKB929338$\spuninst\updspapi.dll 371424 bytes executable
File C:\WINDOWS\$NtUninstallKB948881$\reg00001 0 bytes
File C:\WINDOWS\$NtUninstallKB948881$\spuninst 0 bytes

---- EOF - GMER 1.0.15 ----

#6 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:38 AM

Posted 02 September 2011 - 01:14 PM

If you have ComboFix.exe on your computer, please delete it. You'll be downloading and running the latest version of ComboFix. :)



Step # 1: Download and Run ComboFix

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#7 mybleepingmachine

mybleepingmachine
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 02 September 2011 - 06:10 PM

Combofix log:

ComboFix 11-09-02.04 - Compaq_Administrator 09/02/2011 15:34:08.8.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.360 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{632cf544-562f-4945-877e-41a67808625e}
c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{632cf544-562f-4945-877e-41a67808625e}\chrome\xulcache.jar
c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{632cf544-562f-4945-877e-41a67808625e}\defaults\preferences\xulcache.js
c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{632cf544-562f-4945-877e-41a67808625e}\install.rdf
c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{b4e775e5-d208-456a-96b9-612aee871dfb}
c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{b4e775e5-d208-456a-96b9-612aee871dfb}\chrome.manifest
c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{b4e775e5-d208-456a-96b9-612aee871dfb}\chrome\xulcache.jar
c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{b4e775e5-d208-456a-96b9-612aee871dfb}\defaults\preferences\xulcache.js
c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{b4e775e5-d208-456a-96b9-612aee871dfb}\install.rdf
c:\documents and settings\Compaq_Administrator\lqtxxvykhm.tmp
c:\windows\HPCPCUninstaller-6.3.2.116-5577497.exe
c:\windows\kb913800.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-08-02 to 2011-09-02 )))))))))))))))))))))))))))))))
.
.
2011-09-02 10:37 . 2011-09-02 10:37 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Tific
2011-09-02 10:36 . 2011-09-02 10:36 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Symantec
2011-08-25 03:29 . 2011-08-25 04:19 -------- d-----w- c:\windows\system32\NtmsData
2011-08-24 04:41 . 2011-07-07 02:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-24 04:40 . 2011-07-07 02:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-24 02:52 . 2011-08-24 02:52 -------- d-----w- c:\program files\ESET
2011-08-22 00:44 . 2011-08-22 00:44 94768 ----a-w- c:\windows\system32\drivers\26018403.sys
2011-08-17 23:47 . 2011-08-17 23:47 -------- d-----w- c:\program files\Bonjour
2011-08-16 01:11 . 2011-08-16 01:11 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-08-14 20:01 . 2011-08-14 20:01 -------- d-----w- c:\program files\Common Files\Java
2011-08-11 03:44 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-11 03:44 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-07 00:23 . 2011-08-07 00:23 466944 ----a-w- c:\program files\Mozilla Firefox\plugins\NPcol400.dll
2011-08-07 00:23 . 2011-08-07 00:23 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Catalina Marketing Corp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-19 22:26 . 2011-05-17 01:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2004-08-10 04:00 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 18:20 . 2011-07-12 18:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 18:20 . 2011-07-12 18:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-08 14:02 . 2004-08-10 04:00 10496 ------w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 01:37 . 2011-07-06 01:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-06 01:37 . 2011-07-06 01:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-24 14:10 . 2004-08-10 04:00 139656 ------w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:45 . 2004-08-10 04:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:45 . 2004-08-10 04:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 18:45 . 2004-08-10 04:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-06-21 18:45 . 2004-08-10 04:00 17408 ------w- c:\windows\system32\corpol.dll
2011-06-21 11:47 . 2004-08-10 04:00 389120 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-10 04:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-19 04:11 . 2011-06-11 06:24 21840 ----atw- c:\windows\system32\SIntfNT.dll
2011-06-19 04:11 . 2011-06-11 06:24 17212 ----atw- c:\windows\system32\SIntf32.dll
2011-06-19 04:11 . 2011-06-11 06:24 12067 ----atw- c:\windows\system32\SIntf16.dll
2007-02-12 04:37 . 2007-02-12 04:37 4733440 ----a-w- c:\program files\ip1600x64190dej.exe
2011-08-12 05:57 . 2011-05-08 20:00 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-20_05.58.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-02 22:09 . 2011-09-02 22:09 16384 c:\windows\Temp\Perflib_Perfdata_364.dat
+ 2011-09-02 22:07 . 2011-09-02 22:07 16384 c:\windows\Temp\Perflib_Perfdata_1d4.dat
+ 2007-01-29 08:58 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe
- 2007-01-29 08:58 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefPrt2"="c:\program files\Brother\Brmfl06b\BrStDvPt.exe" [2005-01-27 49152]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-10 188416]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"DISCover"="c:\program files\DISC\DISCover.exe" [2007-10-31 1095256]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-11-29 583048]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-05-24 273544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-20 421736]
.
c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\
AutoMailer.lnk - c:\troopmaster software\AutoMailer\AutoMailer.exe [2009-4-2 73728]
Dragon NaturallySpeaking.lnk - c:\program files\Nuance\NaturallySpeaking9\Program\natspeak.exe [2006-12-11 2332264]
palmOne Registration.lnk - c:\program files\palmOne\register.exe [2007-6-20 2367488]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2007-4-11 845408]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
MiniMavis.lnk - c:\program files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe [2006-12-20 2392064]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-10 27136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1108000.005\symds.sys [9/23/2010 6:35 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1108000.005\symefa.sys [9/23/2010 6:35 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110812.001\BHDrvx86.sys [8/15/2011 5:45 PM 815736]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1108000.005\cchpx86.sys [9/23/2010 6:35 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1108000.005\ironx86.sys [9/23/2010 6:35 PM 116784]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe [9/23/2010 6:34 PM 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/27/2011 10:12 PM 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110826.030\IDSXpx86.sys [8/26/2011 8:00 PM 356280]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2009 6:36 PM 135664]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2/2/2008 3:21 PM 18560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2009 6:36 PM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/23/2011 9:41 PM 41272]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2011-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 01:35]
.
2011-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 01:35]
.
2011-08-29 c:\windows\Tasks\Norton Security Scan for Compaq_Administrator.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2011-04-12 06:17]
.
2011-09-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1979422964-3157754486-3333795864-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]
.
2011-08-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1979422964-3157754486-3333795864-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]
.
2011-09-02 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2008-03-03 15:53]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
Trusted Zone: trymedia.com
TCP: DhcpNameServer = 192.168.2.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20110801&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-02 15:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1979422964-3157754486-3333795864-1008\Software\SecuROM\License information*]
"datasecu"=hex:15,60,0d,3d,56,80,92,41,61,e9,c0,ea,09,4f,05,7c,2d,0a,65,48,c6,
1d,9c,f7,0c,32,e5,53,eb,4a,93,bd,93,8e,0a,60,3a,46,67,bf,78,23,e5,5d,c1,8e,\
"rkeysecu"=hex:8c,f2,6b,31,b8,4c,0a,93,1d,be,11,a7,a6,19,5d,ea
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-09-02 15:51:45
ComboFix-quarantined-files.txt 2011-09-02 22:51
ComboFix2.txt 2011-08-23 01:32
ComboFix3.txt 2011-08-22 04:22
ComboFix4.txt 2011-08-22 03:55
ComboFix5.txt 2011-09-02 22:31
.
Pre-Run: 105,598,676,992 bytes free
Post-Run: 105,585,496,064 bytes free
.
- - End Of File - - 44EE529FFB7002D9B539E947F8CD8808

#8 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:38 AM

Posted 03 September 2011 - 12:52 AM

Step # 1 Update Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u27.
  • Click on the link to download Windows Offline Installation and save to your desktop. Do NOT use the Sun Download Manager.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Remove the following old versions of Java:

  • Java™ 6 Update 23

  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • From your desktop double-click on the download to install the newest version.




Step # 2 Run CCleaner

CCleaner will remove everything from the temp/temporary folders but please note that it will not make back ups!

  • Before first use, select Options > Advanced and UNCHECK Only delete files in Windows Temp folder older than 24 hours
  • Then select the items you wish to clean up.
  • In the Windows Tab:
  • Clean all entries in the Internet Explorer section except Cookies
  • Clean all the entries in the Windows Explorer section
  • Clean all entries in the System section
  • Clean all entries in the Advanced section
  • Clean any others that you choose
  • In the Applications Tab:
  • Clean all except cookies in the Firefox/Mozilla section if you use it
  • Clean all in the Opera section if you use it
  • Clean Sun Java in the Internet Section
  • Clean any others that you choose
  • Click the Run Cleaner button.
  • A pop up box will appear advising this process will permanently delete files from your system.
  • Click OK and it will scan and clean your system.
  • Click exit when done.
  • If it asks you to reboot at the end, click NO





Step # 3 Run Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware.
  • Before running a scan, click the Update tab, next click Check for Updates to download any updates, if available.
  • Next click the Scanner tab and select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • You can also access the log by doing the following:
  • Click on the Malwarebytes' Anti-Malware icon to launch the program.
  • Click on the Logs tab.
  • Click on the log at the bottom of those listed to highlight it.
  • Click Open.



In your next post/reply, I need to see the following:

1. MalwareBytes' Log
2. A fresh DDS Log

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#9 mybleepingmachine

mybleepingmachine
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 03 September 2011 - 06:59 PM

Updated Java
Ran CClean
Ran Malware

Malware reports nothing detected. I have not yet rebooted since performing the prior steps (did reboot following the Java update).

Logs below:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7645

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

9/3/2011 4:44:37 PM
mbam-log-2011-09-03 (16-44-37).txt

Scan type: Quick scan
Objects scanned: 187761
Time elapsed: 23 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_27
Run by Compaq_Administrator at 16:50:41 on 2011-09-03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.353 [GMT -7:00]
.
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.8.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.8.0.5\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\webhelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.8.0.5\coIEPlg.dll
TB: {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
mRun: [SetDefPrt2] c:\program files\brother\brmfl06b\BrStDvPt.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [DMAScheduler] c:\program files\sonic\digitalmedia plus\digitalmedia archive\DMAScheduler.exe
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [DISCover] c:\program files\disc\DISCover.exe nogui
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\automa~1.lnk - c:\troopmaster software\automailer\AutoMailer.exe
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\dragon~1.lnk - c:\program files\nuance\naturallyspeaking9\program\natspeak.exe
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\palmon~1.lnk - c:\program files\palmone\register.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\minima~1.lnk - c:\program files\broderbund\mavis beacon teaches typing 12 standard\MiniMavis.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: trymedia.com
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://www.imgag.com/cp/install/Crusher.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - file:///E:/CDVIEWER/CdViewer.cab
DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} - hxxps://www.plaxo.com/activex/plx_upldr-2k-xp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{5FC2489D-15AD-4B21-BF99-54262B40C5BE} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\2e95sadk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20110801&q=
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npEModelPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1108000.005\symds.sys [2010-9-23 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1108000.005\symefa.sys [2010-9-23 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\bashdefs\20110812.001\BHDrvx86.sys [2011-8-15 815736]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1108000.005\cchpx86.sys [2010-9-23 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1108000.005\ironx86.sys [2010-9-23 116784]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.8.0.5\ccsvchst.exe [2010-9-23 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-27 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\ipsdefs\20110902.030\IDSXpx86.sys [2011-9-3 356280]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\drivers\nielprt.sys --> c:\windows\system32\drivers\nielprt.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-24 135664]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-2-2 18560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-24 135664]
S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\virusdefs\20110903.002\NAVENG.SYS [2011-9-3 86136]
S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\virusdefs\20110903.002\NAVEX15.SYS [2011-9-3 1576312]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
.
=============== Created Last 30 ================
.
2011-09-03 19:24:14 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-02 10:37:05 -------- d-----w- c:\documents and settings\compaq_administrator\application data\Tific
2011-09-02 10:36:40 -------- d-----w- c:\documents and settings\compaq_administrator\local settings\application data\Symantec
2011-08-25 03:29:49 -------- d-----w- c:\windows\system32\NtmsData
2011-08-24 04:41:00 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-24 04:40:54 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-24 02:52:46 -------- d-----w- c:\program files\ESET
2011-08-22 00:44:45 94768 ----a-w- c:\windows\system32\drivers\26018403.sys
2011-08-21 22:52:29 -------- d-sha-r- C:\cmdcons
2011-08-20 05:30:36 98816 ----a-w- c:\windows\sed.exe
2011-08-20 05:30:36 518144 ----a-w- c:\windows\SWREG.exe
2011-08-20 05:30:36 256000 ----a-w- c:\windows\PEV.exe
2011-08-20 05:30:36 208896 ----a-w- c:\windows\MBR.exe
2011-08-17 23:47:11 -------- d-----w- c:\program files\Bonjour
2011-08-11 03:44:55 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-11 03:44:53 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-07 00:23:38 466944 ----a-w- c:\program files\mozilla firefox\plugins\NPcol400.dll
2011-08-07 00:23:35 -------- d-----w- c:\documents and settings\compaq_administrator\application data\Catalina Marketing Corp
.
==================== Find3M ====================
.
2011-09-03 19:23:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-19 22:26:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 18:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 18:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-08 14:02:00 10496 ------w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 01:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-06 01:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-24 14:10:36 139656 ------w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:45:58 832512 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:45:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 18:45:57 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-06-21 18:45:57 17408 ------w- c:\windows\system32\corpol.dll
2011-06-21 11:47:20 389120 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-19 04:11:24 21840 ----atw- c:\windows\system32\SIntfNT.dll
2011-06-19 04:11:24 17212 ----atw- c:\windows\system32\SIntf32.dll
2011-06-19 04:11:24 12067 ----atw- c:\windows\system32\SIntf16.dll
2007-02-12 04:37:37 4733440 ----a-w- c:\program files\ip1600x64190dej.exe
.
============= FINISH: 16:51:48.59 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/20/2006 9:57:10 PM
System Uptime: 9/3/2011 12:10:40 PM (4 hours ago)
.
Motherboard: ASUSTek Computer INC. | | Amberine M
Processor: AMD Athlon™ 64 Processor 3500+ | Socket 939 | 2188/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 178 GiB total, 98.285 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 0.422 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
L: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A26103C&REV_10\4&FB75CB&0&18A4
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A26103C&REV_10\4&FB75CB&0&18A4
Service: RTL8023xp
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\9DD6C211D800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\9DD6C211D800
Service: NIC1394
.
==== System Restore Points ===================
.
RP402: 6/22/2011 4:58:16 PM - System Checkpoint
RP403: 6/24/2011 5:16:13 PM - System Checkpoint
RP404: 6/25/2011 9:04:58 PM - System Checkpoint
RP405: 6/27/2011 2:09:15 PM - System Checkpoint
RP406: 6/28/2011 2:23:28 PM - System Checkpoint
RP407: 6/28/2011 10:26:31 PM - Software Distribution Service 3.0
RP408: 6/30/2011 3:52:35 PM - System Checkpoint
RP409: 7/2/2011 9:09:08 AM - System Checkpoint
RP410: 7/3/2011 12:12:33 PM - System Checkpoint
RP411: 7/4/2011 12:29:20 PM - System Checkpoint
RP412: 7/5/2011 10:56:11 PM - System Checkpoint
RP413: 7/7/2011 1:21:24 PM - System Checkpoint
RP414: 7/9/2011 5:18:48 PM - System Checkpoint
RP415: 7/10/2011 5:49:00 PM - System Checkpoint
RP416: 7/11/2011 7:21:44 PM - System Checkpoint
RP417: 7/13/2011 1:05:04 AM - Software Distribution Service 3.0
RP418: 7/15/2011 12:05:15 PM - System Checkpoint
RP419: 7/16/2011 12:05:22 PM - System Checkpoint
RP420: 7/17/2011 3:11:36 PM - System Checkpoint
RP421: 7/19/2011 10:22:57 AM - System Checkpoint
RP422: 7/20/2011 1:38:12 PM - System Checkpoint
RP423: 7/28/2011 5:08:54 PM - System Checkpoint
RP424: 7/29/2011 5:49:11 PM - System Checkpoint
RP425: 7/30/2011 7:15:29 PM - System Checkpoint
RP426: 8/1/2011 11:25:24 AM - Printer Driver FoxTab PDF Virtual Printer Installed
RP427: 8/2/2011 12:21:02 PM - System Checkpoint
RP428: 8/4/2011 10:48:11 AM - System Checkpoint
RP429: 8/9/2011 3:28:32 PM - System Checkpoint
RP430: 8/10/2011 3:35:32 PM - System Checkpoint
RP431: 8/10/2011 10:25:04 PM - Software Distribution Service 3.0
RP432: 8/13/2011 7:11:48 PM - System Checkpoint
RP433: 8/14/2011 12:58:36 PM - Installed Java™ 6 Update 23
RP434: 8/15/2011 6:16:32 PM - Removed Adobe Reader 8.1.2
RP435: 8/15/2011 6:20:54 PM - Installed Adobe Reader X (10.1.0).
RP436: 8/19/2011 10:31:12 PM - ComboFix created restore point
RP437: 8/20/2011 10:36:16 PM - System Checkpoint
RP438: 8/22/2011 8:30:27 AM - System Checkpoint
RP439: 8/23/2011 9:19:28 AM - System Checkpoint
RP440: 8/24/2011 9:23:51 AM - System Checkpoint
RP441: 8/25/2011 5:53:48 PM - Software Distribution Service 3.0
RP442: 8/26/2011 7:34:48 PM - System Checkpoint
RP443: 8/28/2011 2:01:16 AM - System Checkpoint
RP444: 8/29/2011 3:00:10 AM - System Checkpoint
RP445: 8/29/2011 7:43:39 AM - System Checkpoint
RP446: 8/31/2011 6:59:29 PM - System Checkpoint
RP447: 9/1/2011 9:49:07 PM - System Checkpoint
RP448: 9/3/2011 12:05:47 PM - Removed Java™ 6 Update 15
RP449: 9/3/2011 12:07:40 PM - Removed palmOne
RP450: 9/3/2011 12:23:45 PM - Installed Java™ 6 Update 27
.
==== Installed Programs ======================
.
.
32 Bit HP CIO Components Installer
5 Card Slingo from Compaq (remove only)
8500A909_eDocs
8500A909_Help
8500A909a
ACLS-PALS (Palm) v 9.0.7 by Skyscape
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.0)
Adobe Shockwave Player 11.5
Adobe® Photoshop® Album Starter Edition 3.2
AGEIA PhysX v7.11.13
Agere Systems PCI-SV92PP Soft Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Archimedes (Palm) v 10.0.6 by Skyscape
Archimedes (Palm) v 10.0.8 by Skyscape
AstroPop Deluxe from Compaq (remove only)
ATI Control Panel
ATI Display Driver
Audible Download Manager
Aventail Access Manager
Barnyard Invasion from Compaq (remove only)
Bejeweled 2 Deluxe from Compaq (remove only)
Belkin Wireless Utility
Berlitz Before You Know It Flash Cards
Berlitz Learning System - Spanish
Bible To Go
Blackhawk Striker 2 from Compaq (remove only)
Blasterball 2 from Compaq (remove only)
Blasterball 2 Remix from Compaq (remove only)
Boggle Supreme from Compaq (remove only)
Bonjour
Bookworm Deluxe from Compaq (remove only)
Bounce Symphony from Compaq (remove only)
BPD_DSWizards
bpd_scan
BPDSoftware
BPDSoftware_Ini
Brother HL-4040CN
Brother MFL-Pro Suite
BufferChm
Canon iP1600
CCleaner
Chuzzle Deluxe from Compaq (remove only)
Click'N Design 3D
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Cricut DesignStudio
Crystal Maze from Compaq (remove only)
CueTour
Customer Experience Enhancement
Defraggler
Destination Component
DeviceDiscovery
DocProc
Dragon NaturallySpeaking 9
Easy Chef's Slow Cookin'
EasyChild
Enhanced Multimedia Keyboard Solution
eReader
ESET Online Scanner v3
FATE from Compaq (remove only)
Fax
FoxTab PDF Converter
FryesRN5 (Palm) v 7.0.4 by Skyscape
FullDPAppQFolder
Garmin Trip and Waypoint Manager v3
Garmin USB Drivers
Garmin WebUpdater
GemMaster Mystic
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
High Definition Audio Driver Package - KB888111
Hockenberry Wong's Essentials of Pediatric Nursing, 7e
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HOTLLAMA Media Player
HOTLLAMA Media Player - Update
HP Boot Optimizer
HP Customer Participation Program 12.0
HP DigitalMedia Archive
HP Document Manager 2.0
HP DVD Play 1.0
HP Game Console and games
HP Games 3.43.97
HP Imaging Device Functions 12.0
HP Photosmart Premier Software 6.0
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Support Overview
HP Update
HP Web Helper
HPDiagnosticAlert
HPProductAssistant
HpSdpAppCoreApp
ICD-9-CM (Palm) v 10.0.1 by Skyscape
ICD-9-CM (Palm) v 9.0.15 by Skyscape
Insaniquarium Deluxe from Compaq (remove only)
InstantShareAlert
InstantShareDevices
iPod for Windows 2006-06-28
iTunes
Java Auto Updater
Java™ 6 Update 27
JumpStart Spanish
Lemonade Tycoon 2 from Compaq (remove only)
Lexibox Deluxe from Compaq (remove only)
LightScribe 1.4.84.1
LightScribe Applications
LiveUpdate (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Mah Jong Quest from Compaq (remove only)
Malwarebytes' Anti-Malware version 1.51.1.1800
MarketResearch
Mavis Beacon Teaches Typing 12 Standard
MedStream 360° (Palm) v 10.0.6 by Skyscape
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Away Mode
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MobileMe Control Panel
Mozilla Firefox 6.0 (x86 en-US)
MPM
MSVCSetup
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NCLEX-RN 3500 - Individual Version
Netscape Browser (remove only)
Network
Norton Internet Security
Norton Security Scan
OCR Software by I.R.I.S. 12.0
Officejet Pro 8500 A909 Series
OptionalContentQFolder
Otto
PhotoGallery
Polar Bowler from Compaq (remove only)
Polar Golfer from Compaq (remove only)
ProductContext
PS2
Puzzle Express from Compaq (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
QuickTime
QuickTime for Windows (32-bit)
Rainbow Fish
Rainbow fish and the Whale
RandMap
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Ricochet Lost Worlds from Compaq (remove only)
Safari
Scan
SCRABBLE from Compaq (remove only)
SCRABBLE Journey
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shooting Stars Pool from Compaq (remove only)
Shop for HP Supplies
Shrek 2 Ogre Bowler from Compaq (remove only)
SigmaTel MSCN Audio Player
SkinsHP1
Skype Toolbars
Skype™ 4.2
Slingo Deluxe from Compaq (remove only)
SmartDraw 2007
SmartWebPrinting
Snowboard SuperJam from Compaq (remove only)
SolidWorks eDrawings 2011
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Status
Super Granny from Compaq (remove only)
Symantec Technical Support Web Controls
Toolbox
Total Video Converter 3.11 070908
Tradewinds from Compaq (remove only)
TrayApp
TroopMaster 2009
TurboCAD Deluxe 15
TurboTax 2010
TurboTax 2010 waziper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
Typing Instructor for Kids II
Unload
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Driver Package - LeapFrog (FlyUsb) USB (06/15/2007 1.0.0.6)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Vista Upgrade Advisor
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
World of Warcraft
xImage
Zuma Deluxe from Compaq (remove only)
.
==== Event Viewer Messages From Past Week ========
.
8/29/2011 7:30:57 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
8/29/2011 7:30:57 AM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/29/2011 7:30:57 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
8/29/2011 7:28:23 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2
8/29/2011 7:24:02 AM, error: BROWSER [8007] - The browser was unable to update the service status bits. The data is the error.
8/29/2011 7:21:58 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls. Reference error message: Insufficient system resources exist to complete the requested service. .
8/29/2011 7:21:58 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\CRYPTUI.dll. Reference error message: The operation completed successfully. .
8/29/2011 7:21:48 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
8/29/2011 7:21:44 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\urlmon.dll. Reference error message: The operation completed successfully. .
8/29/2011 7:21:28 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: Insufficient system resources exist to complete the requested service. .
8/29/2011 7:21:28 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll. Reference error message: The operation completed successfully. .
8/29/2011 7:21:28 AM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\WINDOWS\WinSxS\Policies\x86_Policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-ww_b7353f75\9.0.30729.4148.policy" on line 0.
8/29/2011 7:19:14 AM, error: Srv [2019] - The server was unable to allocate from the system nonpaged pool because the pool was empty.
8/29/2011 5:17:57 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Norton Internet Security\Engine\17.8.0.5\NavShExt.dll. Reference error message: The operation completed successfully. .
8/29/2011 12:19:45 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'rnsystem.dat' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
8/28/2011 8:52:26 PM, error: System Error [1003] - Error code 1000007e, parameter1 c0000005, parameter2 804ef16e, parameter3 eecbac70, parameter4 eecba96c.
8/28/2011 6:36:00 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
8/28/2011 3:34:22 PM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
.
==== End Of File ===========================

#10 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:38 AM

Posted 03 September 2011 - 11:19 PM

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Post the ESET Log in your next post/reply. Also, let me know how your computer is doing, any problems?

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#11 mybleepingmachine

mybleepingmachine
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 04 September 2011 - 01:02 AM

ESET error - "Can not get update. Is proxy configured?"

#12 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:38 AM

Posted 04 September 2011 - 11:59 AM

What browser did you run ESET in? If you ran it in Firefox, try running it in Internet Explorer. If you ran it in IE, try running it in Firefox.

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#13 mybleepingmachine

mybleepingmachine
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 04 September 2011 - 04:51 PM

Running in IE worked.

46 infected files found

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=b1263f672402ef4da516f7063dbe33a5
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-24 04:27:59
# local_time=2011-08-23 09:27:59 (-0700, US Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3584 16777175 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=117188
# found=7
# cleaned=7
# scan_time=5126
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{632cf544-562f-4945-877e-41a67808625e}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Compaq_Administrator\Desktop\GooredFix Backups\C\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{0972e3a8-6e54-472a-b059-7d1dae21ca4c}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Compaq_Administrator\Desktop\GooredFix Backups\C\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{70c66d4b-419e-4bb4-b858-eda487be48cc}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Compaq_Administrator\Desktop\GooredFix Backups\C\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{9ccfa2f1-b4b1-4351-9088-4dbd3cd57cb2}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Compaq_Administrator\Desktop\GooredFix Backups\C\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{c1a8e33d-c0b5-44ed-b06d-40cf8fe272bc}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\jcgoojanmikedolkbdpjlkmdffndodlh\contentscript.js Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Netscape\Netscape Browser\chrome\m3ntstbr.jar Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=41217
esets_scanner_update returned -1 esets_gle=1
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=1
# version=7
# iexplore.exe=7.00.6000.17099 (vista_gdr.110617-1500)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=b1263f672402ef4da516f7063dbe33a5
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-09-04 05:54:35
# local_time=2011-09-04 10:54:35 (-0700, US Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3584 16777191 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 82535 82535 0 0
# scanned=959
# found=0
# cleaned=0
# scan_time=377
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=7.00.6000.17099 (vista_gdr.110617-1500)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=b1263f672402ef4da516f7063dbe33a5
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-09-04 06:34:26
# local_time=2011-09-04 11:34:26 (-0700, US Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=freeze
# scanned=9558
# found=0
# cleaned=0
# scan_time=2197
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=7.00.6000.17099 (vista_gdr.110617-1500)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=b1263f672402ef4da516f7063dbe33a5
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-09-04 09:43:50
# local_time=2011-09-04 02:43:50 (-0700, US Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3584 16777191 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 86522 86522 0 0
# scanned=222925
# found=46
# cleaned=0
# scan_time=10143
C:\Documents and Settings\Compaq_Administrator\Desktop\GooredFix Backups\C\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{0972e3a8-6e54-472a-b059-7d1dae21ca4c}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Compaq_Administrator\Desktop\GooredFix Backups\C\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{70c66d4b-419e-4bb4-b858-eda487be48cc}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Compaq_Administrator\Desktop\GooredFix Backups\C\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{9ccfa2f1-b4b1-4351-9088-4dbd3cd57cb2}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Compaq_Administrator\Desktop\GooredFix Backups\C\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{c1a8e33d-c0b5-44ed-b06d-40cf8fe272bc}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\jcgoojanmikedolkbdpjlkmdffndodlh\contentscript.js Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\FoxTabPDFConverter\Uninstall\Uninstall.exe a variant of Win32/InstallCore.C application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{09a7ab6a-7200-41be-88b6-55b163b26ca1}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{09a7ab6a-7200-41be-88b6-55b163b26ca1}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{194c34dc-994b-4d0d-93b4-a209466551e5}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{194c34dc-994b-4d0d-93b4-a209466551e5}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{1e4e3707-7b4d-4853-a0ad-a1ddeff24fb6}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{1e4e3707-7b4d-4853-a0ad-a1ddeff24fb6}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{2e5b9718-726b-4a21-b262-9e858bd182ff}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{2e5b9718-726b-4a21-b262-9e858bd182ff}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{632cf544-562f-4945-877e-41a67808625e}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{6a4b837b-783c-44aa-a1e5-ffad0b216c8e}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{6a4b837b-783c-44aa-a1e5-ffad0b216c8e}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{b0b3f57f-60bb-4d5f-a566-b8978cf1cdc1}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{b0b3f57f-60bb-4d5f-a566-b8978cf1cdc1}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{b4e775e5-d208-456a-96b9-612aee871dfb}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{b4e775e5-d208-456a-96b9-612aee871dfb}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{bd105333-868e-4694-9637-a840543f2049}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{bd105333-868e-4694-9637-a840543f2049}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{c1382d3c-ce5a-45fb-b3c5-59bc57f4b6d5}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{c1382d3c-ce5a-45fb-b3c5-59bc57f4b6d5}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{cdeb1cf1-d87e-4fbb-940a-99aa9d316241}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{cdeb1cf1-d87e-4fbb-940a-99aa9d316241}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{e378b651-d838-4017-9fa6-b4b331acd4ff}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{e378b651-d838-4017-9fa6-b4b331acd4ff}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{efe6f9c0-6d90-4faa-b8a0-3ac618d5aa4d}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2e95sadk.default\extensions\{efe6f9c0-6d90-4faa-b8a0-3ac618d5aa4d}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP436\A0240947.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP436\A0240948.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP437\A0243393.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP437\A0243394.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP437\A0243395.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP437\A0243396.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP437\A0244472.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP439\A0245800.dll probably a variant of Win32/Adware.Softomate.AD application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP439\A0245832.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP439\A0245833.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP439\A0245834.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP439\A0245835.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP447\A0252087.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
D:\I386\APPS\APP04261\src\CompaqPresario_Spring06.exe a variant of Win32/AdInstaller application (unable to clean) 00000000000000000000000000000000 I
D:\I386\APPS\APP04261\src\HPPavillion_Spring06.exe a variant of Win32/AdInstaller application (unable to clean) 00000000000000000000000000000000 I

#14 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:38 AM

Posted 04 September 2011 - 11:21 PM

ESET found some infected System Restore points. They are harmless where they are and we'll be clearing them out and setting a new, clean one in an upcoming post. :)


How is your computer doing, any problems?

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#15 mybleepingmachine

mybleepingmachine
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 04 September 2011 - 11:49 PM

I've been keeping it off line not wanting anything else to get in.... I'll go kick the tires.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users