Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Blocking Virus?


  • This topic is locked This topic is locked
51 replies to this topic

#1 T_Campbell

T_Campbell

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 18 November 2011 - 03:48 PM

It all started with some fake anti-virus virus. I downloaded StopZilla and removed multiple infections. I also ran scans using Spybot, Malwarebytes, TDSSkiller, et al.. Now, I keep losing internet connection using both Firefox and IE. I can get online for about 5 minutes after booting up, but then the browser says
”Server Not Found” (although a pc on the same router is still online). I am also experiencing lock ups and have to power down each time.

StopZilla keeps finding 4 “Domains” infections (something about value=”DhcpNameServer”) on startup and TDSSkiller found redbook.sys in the wrong location a couple of times, but the last time it was removed it asked to reboot, and I haven’t seen it since – nor has it froze up since (knock on wood).

Additionally, I have been plagued by browser redirects for weeks now, but have tried everything to no avail. Also, Windows Security Center says Auto Updates is turned off, even though they are turned on. Not sure if that is an issue or not. Ya, it’s all boogered up.

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11
Run by Greg at 12:55:56 on 2011-11-18
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.281 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
C:\WINDOWS\system32\HPZipm12.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Sierra Wireless Inc\Network Adapter Manager\Network Adapter Manager.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\TrueSwitchAT&TMembers\TrueWizard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.discgolfatlanta.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uWindow Title = Windows Internet Explorer provided by Yahoo!
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
mSearchAssistant = hxxp://www.google.com/ie
uWinlogon: Shell=c:\documents and settings\greg.campbell\local settings\application data\e284bfea\X
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [dlcgmon.exe] "c:\program files\dell aio 810\dlcgmon.exe"
mRun: [AirCardEnabler] c:\program files\sierra wireless inc\network adapter manager\Network Adapter Manager.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\greg~1.cam\startm~1\programs\startup\trueas~1.lnk - c:\program files\trueswitchat&tmembers\TrueWizard.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: mswsock.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 192.168.0.101 HP0018FE93702D
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\greg.campbell\application data\mozilla\firefox\profiles\kpff31u1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\microsoft silverlight\2.0.30523.8\npctrlui.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2011-9-26 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2011-8-16 59080]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\newtech infosystems\backup now ez\BackupNowEZSvr.exe [2009-9-19 45312]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2011-9-26 61328]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
.
=============== Created Last 30 ================
.
2011-11-16 04:35:20 -------- d-----w- c:\program files\CCleaner
2011-11-14 00:51:47 -------- d-----w- c:\program files\STOPzilla!
2011-11-14 00:51:45 -------- d-----w- c:\program files\common files\iS3
2011-11-14 00:51:45 -------- d-----w- c:\documents and settings\all users\application data\STOPzilla!
2011-11-12 00:25:12 134184 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-11-12 00:25:10 68648 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-11-12 00:25:10 547880 ----a-r- c:\windows\system32\SZComp5.dll
2011-11-12 00:25:10 482344 ----a-r- c:\windows\system32\SZBase5.dll
2011-11-12 00:25:10 457768 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-11-12 00:25:10 30248 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-11-12 00:25:10 24616 ----a-r- c:\windows\system32\SZIO5.dll
2011-11-12 00:25:10 105512 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-11-12 00:25:10 101416 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-11-12 00:25:08 740392 ----a-r- c:\windows\system32\IS3Base5.dll
2011-11-12 00:25:08 392232 ----a-r- c:\windows\system32\IS3UI5.dll
2011-11-12 00:25:08 232488 ----a-r- c:\windows\system32\IS3Win325.dll
2011-11-07 23:35:27 -------- d-----w- c:\documents and settings\greg.campbell\local settings\application data\e284bfea
.
==================== Find3M ====================
.
2011-11-17 12:17:34 57472 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-09-26 16:21:00 61328 ----a-r- c:\windows\system32\drivers\SZKG.sys
2011-09-26 16:21:00 61328 ----a-r- c:\windows\system32\drivers\is3srv.sys
.
============= FINISH: 12:56:57.12 ===============

BC AdBot (Login to Remove)

 


#2 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:06:05 PM

Posted 23 November 2011 - 11:23 AM

Hello T_Campbell,

My name is ratman and and I will be helping you with your computer problems.

Please take note:
  • If you have since resolved the original problem you were having, I would appreciate you letting me know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and I will guide you.
  • Please tell me if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps I have recommended please try one more time and if unsuccessful alert us of such and I will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.


I need to see some information about what is happening in your machine. Please perform the following scan again:
  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


I also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log




In your next reply, please copy/paste the contents of the following:
  • DDS.txt
  • Attach.txt
  • GMER.Log

Edited by ratman, 23 November 2011 - 11:55 AM.

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#3 T_Campbell

T_Campbell
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 23 November 2011 - 12:32 PM

Yes, the problem is still occurring. Computer is not freezing up anymore since the fix of redbook.sys, but still seeing "domains" infection and only have limited internet access.

2.If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system. I am able to create logs.

3.Please tell me if you have your original Windows CD/DVD available. Yes, I do have the original CD

I am currently running GMER and will repost logs as soon as I can. Thanks for your help!!!

#4 T_Campbell

T_Campbell
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 23 November 2011 - 09:06 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11
Run by Greg at 20:51:31 on 2011-11-23
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.453 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
C:\WINDOWS\system32\HPZipm12.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Sierra Wireless Inc\Network Adapter Manager\Network Adapter Manager.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\TrueSwitchAT&TMembers\TrueWizard.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.discgolfatlanta.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uWindow Title = Windows Internet Explorer provided by Yahoo!
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
mSearchAssistant = hxxp://www.google.com/ie
uWinlogon: Shell=c:\documents and settings\greg.campbell\local settings\application data\e284bfea\X
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [dlcgmon.exe] "c:\program files\dell aio 810\dlcgmon.exe"
mRun: [AirCardEnabler] c:\program files\sierra wireless inc\network adapter manager\Network Adapter Manager.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\greg~1.cam\startm~1\programs\startup\trueas~1.lnk - c:\program files\trueswitchat&tmembers\TrueWizard.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: mswsock.dll
Trusted Zone: ebay.com\www
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1321973937875
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 192.168.0.101 HP0018FE93702D
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2011-9-26 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2011-8-16 59080]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\newtech infosystems\backup now ez\BackupNowEZSvr.exe [2009-9-19 45312]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2011-9-26 61328]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
.
=============== Created Last 30 ================
.
2011-11-16 04:35:20 -------- d-----w- c:\program files\CCleaner
2011-11-14 00:51:47 -------- d-----w- c:\program files\STOPzilla!
2011-11-14 00:51:45 -------- d-----w- c:\program files\common files\iS3
2011-11-14 00:51:45 -------- d-----w- c:\documents and settings\all users\application data\STOPzilla!
2011-11-12 00:25:12 134184 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-11-12 00:25:10 68648 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-11-12 00:25:10 457768 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-11-12 00:25:10 30248 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-11-12 00:25:10 105512 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-11-12 00:25:10 101416 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-11-12 00:25:08 740392 ----a-r- c:\windows\system32\IS3Base5.dll
2011-11-12 00:25:08 392232 ----a-r- c:\windows\system32\IS3UI5.dll
2011-11-12 00:25:08 232488 ----a-r- c:\windows\system32\IS3Win325.dll
2011-11-07 23:35:27 -------- d-----w- c:\documents and settings\greg.campbell\local settings\application data\e284bfea
.
==================== Find3M ====================
.
.
============= FINISH: 20:52:02.81 ===============

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-23 16:27:14
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK1234GSX rev.AH001D
Running: gmer.exe; Driver: C:\DOCUME~1\GREG~1.CAM\LOCALS~1\Temp\ufloiaod.sys


---- System - GMER 1.0.15 ----

SSDT szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.) ZwTerminateProcess [0xF75D24DA]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2FCC 80504838 2 Bytes [DA, 24]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2164] USER32.dll!SetWindowLongA 7E41D60D 5 Bytes JMP 10698DD9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2164] USER32.dll!SetWindowLongW 7E41D62B 5 Bytes JMP 10698D6B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2164] USER32.dll!GetWindowInfo 7E41E77C 5 Bytes JMP 104C7187 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2164] USER32.dll!TrackPopupMenu 7E4650EE 5 Bytes JMP 104C7781 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3728] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 5 Bytes JMP 00E11000 C:\Program Files\Common Files\ArcSoft\Bin\ACDbgRpt.dll (ArcSoft Connect Crash Report/ArcSoft Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \FileSystem\Fastfat \Fat A7D6BC8A

AttachedDevice \FileSystem\Fastfat \Fat szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB41617$\2257251495 0 bytes
File C:\WINDOWS\$NtUninstallKB41617$\3800350698 0 bytes
File C:\WINDOWS\$NtUninstallKB41617$\3800350698\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB41617$\3800350698\L 0 bytes
File C:\WINDOWS\$NtUninstallKB41617$\3800350698\L\pdmzmplg 57472 bytes
File C:\WINDOWS\$NtUninstallKB41617$\3800350698\loader.tlb 2632 bytes
File C:\WINDOWS\$NtUninstallKB41617$\3800350698\U 0 bytes
File C:\WINDOWS\$NtUninstallKB41617$\3800350698\U\$000000c0 0 bytes
File C:\WINDOWS\$NtUninstallKB41617$\3800350698\U\$800000cf 0 bytes
File C:\WINDOWS\$NtUninstallKB41617$\3800350698\U\@00000001 45968 bytes
File C:\WINDOWS\$NtUninstallKB41617$\3800350698\U\@000000c0 3072 bytes
File C:\WINDOWS\$NtUninstallKB41617$\3800350698\U\@000000cb 3072 bytes
File C:\WINDOWS\$NtUninstallKB41617$\3800350698\U\@000000cf 1536 bytes
File C:\WINDOWS\$NtUninstallKB41617$\3800350698\U\@80000000 23040 bytes
File C:\WINDOWS\$NtUninstallKB41617$\3800350698\U\@800000c0 35840 bytes
File C:\WINDOWS\$NtUninstallKB41617$\3800350698\U\@800000cb 24064 bytes
File C:\WINDOWS\$NtUninstallKB41617$\3800350698\U\@800000cf 29184 bytes

---- EOF - GMER 1.0.15 ----

Attached Files



#5 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:06:05 PM

Posted 24 November 2011 - 11:34 AM

Hello T_Campbell,

Backdoor Warning

One or more of the identified infections (ZeroAccess) is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.

==================================================================

Trusted Zone Warning

Having trusted sites may not be a good idea. The reason why I say it's not a good idea is because the security settings for the internet is not extremely high and once you put a site in your trusted zone, basically almost anymore or thing, including hackers or other malicious software have full access to that site which can lead to hijacking that site and may even have access to your computer. Are you sure you trust a site to that degree?

It is recommended NOT to have ANY sites in your Trusted Zone unless the site requires it to function properly and you trust it very well. Other than that, it is not necessary for you to add any sites into the trusted zone. If you're not sure, and/or you do not need these in your trusted zone to facilitate access or you did not knowingly permit this access yourself, then please remove those sites from your trusted zone.

They can be accessed in Internet Explorer via Tools>>Internet Options>>Security>>Trusted Zone>>Sites. Remove if there are any there.

===================================================================

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#6 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:06:05 PM

Posted 27 November 2011 - 10:58 AM

Hi T_Campbell,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.





regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#7 T_Campbell

T_Campbell
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 27 November 2011 - 06:33 PM

I apologize. I have been away for the Thanksgiving holiday. I just got home and read your reply. I am on another pc now and am changing passwords as you recommend. I will run combofix tonight.

Thanks for your help!

Tania

#8 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:06:05 PM

Posted 27 November 2011 - 06:42 PM

Hi Tania,

Thanks for letting me know. I hope you had a good holiday.

I'll wait for your log.
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#9 T_Campbell

T_Campbell
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 27 November 2011 - 07:47 PM

A window prompts me to not run combofix in compatibility mode, then nothing happens. Did I do something wrong?

#10 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:06:05 PM

Posted 28 November 2011 - 05:41 AM

Hello T_Campbell,

I don't think you've done anything wrong. Sometimes malware tries to interfere with the tools we use.

I would like you to try uninstalling and the re-installing ComboFix:

Please rename ComboFix.exe to Uninstall.exe and double click on it.

====================================================================================


We need to run ComboFix.exe.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

===================================================================================



In your next reply, please copy/paste the contents of the following:
  • C:\ComboFix.txt
How is your machine running now?


regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#11 T_Campbell

T_Campbell
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 28 November 2011 - 08:42 AM

Ok, that worked. It could not establish an internet connection to download the recovery console, then on reboot, StopZilla restarted. I had to turn it off (correctly this time) and started from scratch. I rebooted again to establish an internet connection and it was able to download the recovery console and is going through the scan now. I hope that doesn't mess things up.

#12 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:06:05 PM

Posted 28 November 2011 - 08:46 AM

Sounds like it should run ok now.

We'll see what the log gives us.
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#13 T_Campbell

T_Campbell
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 28 November 2011 - 09:59 AM

I am unable to connect to the internet, even after selecting 'repair' on the wireless network connection.

#14 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:06:05 PM

Posted 28 November 2011 - 10:11 AM

Can you try booting into Safe Mode with Networking to post the C:\Combofix.txt log:

Boot into safe mode.

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode with Networking option is selected.
  • Press Enter. The computer then begins to start in safe Mode.
  • Login on your usual account.
=============================================================================

If this doesn't work, copy the log C:\Combofix.txt to a flash device and post from another machine please.
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#15 T_Campbell

T_Campbell
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 28 November 2011 - 10:29 AM

ComboFix 11-11-27.02 - Greg 11/28/2011 9:05.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.275 [GMT -5:00]
Running from: c:\documents and settings\Greg.CAMPBELL\Desktop\uninstall.exe.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\CSC\d6
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
c:\documents and settings\All Users\Application Data\tmpAC.tmp
c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\documents and settings\Greg.CAMPBELL\Local Settings\Application Data\{5496C34B-E4D0-44E4-B395-5B95C1DFDEBE}\chrome.manifest
c:\documents and settings\Greg.CAMPBELL\Local Settings\Application Data\{5496C34B-E4D0-44E4-B395-5B95C1DFDEBE}\chrome\content\_cfg.js
c:\documents and settings\Greg.CAMPBELL\Local Settings\Application Data\{5496C34B-E4D0-44E4-B395-5B95C1DFDEBE}\chrome\content\overlay.xul
c:\documents and settings\Greg.CAMPBELL\Local Settings\Application Data\{5496C34B-E4D0-44E4-B395-5B95C1DFDEBE}\install.rdf
c:\documents and settings\Greg.CAMPBELL\Local Settings\Application Data\e284bfea\U\800000cf.@
c:\recycle.bin\config.bin
c:\uninstall.exe\023.dat
c:\uninstall.exe\023v.dat
c:\uninstall.exe\023w7.dat
c:\uninstall.exe\AppData.folder.dat
c:\uninstall.exe\AppFileB.dat
c:\uninstall.exe\AppFileC.dat
c:\uninstall.exe\AppFileD.dat
c:\uninstall.exe\AppFolderB.dat
c:\uninstall.exe\AppFolderC.dat
c:\uninstall.exe\AppFolderD.dat
c:\uninstall.exe\appinit.bad
c:\uninstall.exe\asp.str
c:\uninstall.exe\Assoc.cmd
c:\uninstall.exe\ATTRIB.3XE
c:\uninstall.exe\autorun_inf.dat
c:\uninstall.exe\autorun_infB.dat
c:\uninstall.exe\av.cmd
c:\uninstall.exe\av.vbs
c:\uninstall.exe\AWF.cmd
c:\uninstall.exe\badclsid
c:\uninstall.exe\BadClsidFiles
c:\uninstall.exe\BadClsidFiles00
c:\uninstall.exe\BHO.dat
c:\uninstall.exe\BHOQuery.dat
c:\uninstall.exe\Boot-Rk.cmd
c:\uninstall.exe\Boot.bat
c:\uninstall.exe\BootDrv.vbs
c:\uninstall.exe\borlander_file.dat
c:\uninstall.exe\borlander_folder.dat
c:\uninstall.exe\c.bat
c:\uninstall.exe\c.mrk
c:\uninstall.exe\Cache.folder.dat
c:\uninstall.exe\Catch-sub.cmd
c:\uninstall.exe\catch_k.dat
c:\uninstall.exe\catchme.3XE
c:\uninstall.exe\Catchme.tmp
c:\uninstall.exe\CCS.bat
c:\uninstall.exe\CF23891.3XE
c:\uninstall.exe\cfdummy
c:\uninstall.exe\Cfiles.dat
c:\uninstall.exe\Cfolders.dat
c:\uninstall.exe\CfReboot.dat
c:\uninstall.exe\cfrun
c:\uninstall.exe\CHCP.bat
c:\uninstall.exe\ClistB.dat
c:\uninstall.exe\clsid.dat
c:\uninstall.exe\clsid.hiv
c:\uninstall.exe\ClsidDumped
c:\uninstall.exe\ClsidFiles
c:\uninstall.exe\CLSIDFiles01
c:\uninstall.exe\Combobatch.bat
c:\uninstall.exe\ComboFix-Download.3XE
c:\uninstall.exe\ComboFix.txt
c:\uninstall.exe\ConEnv.sed
c:\uninstall.exe\Cookies.folder.dat
c:\uninstall.exe\Create.cmd
c:\uninstall.exe\Creg.dat
c:\uninstall.exe\CregC.cmd
c:\uninstall.exe\CregC.dat
c:\uninstall.exe\CregC_.dat
c:\uninstall.exe\CSCRIPT.3XE
c:\uninstall.exe\d-del_A.dat
c:\uninstall.exe\d-del4AV.dat
c:\uninstall.exe\d-delA.dat
c:\uninstall.exe\dd.3XE
c:\uninstall.exe\ddsDo.sed
c:\uninstall.exe\DelClsid.bat
c:\uninstall.exe\delclsid00
c:\uninstall.exe\Desktop.folder.dat
c:\uninstall.exe\desktop.ini
c:\uninstall.exe\DesktopFileB.dat
c:\uninstall.exe\DesktopFileD.dat
c:\uninstall.exe\DesktopFolderB.dat
c:\uninstall.exe\DisclaimED.dat
c:\uninstall.exe\dll_whitelist.dat
c:\uninstall.exe\dnd.dat
c:\uninstall.exe\DPF.str
c:\uninstall.exe\Drive.folder.dat
c:\uninstall.exe\DriveFile.dat
c:\uninstall.exe\Drives.dat
c:\uninstall.exe\DrvRun.vbs
c:\uninstall.exe\DrvStr
c:\uninstall.exe\dumphive.3XE
c:\uninstall.exe\embedded.sed
c:\uninstall.exe\Env.sed
c:\uninstall.exe\ERDNT.e_e
c:\uninstall.exe\ERDNTDOS.LOC
c:\uninstall.exe\ERDNTWIN.LOC
c:\uninstall.exe\ErrTrap1
c:\uninstall.exe\ErrTrap10
c:\uninstall.exe\ErrTrap17
c:\uninstall.exe\ErrTrap23
c:\uninstall.exe\ErrTrap27
c:\uninstall.exe\ErrTrap3
c:\uninstall.exe\ErrTrap32
c:\uninstall.exe\ErrTrap32A
c:\uninstall.exe\ErrTrap4
c:\uninstall.exe\ErrTrap5
c:\uninstall.exe\ErrTrap6
c:\uninstall.exe\ErrTrap6A
c:\uninstall.exe\ErrTrap7
c:\uninstall.exe\ErrTrap8
c:\uninstall.exe\ERUNT.3XE
c:\uninstall.exe\erunt.dat
c:\uninstall.exe\ERUNT.LOC
c:\uninstall.exe\Exe.reg
c:\uninstall.exe\extract.3XE
c:\uninstall.exe\f_system
c:\uninstall.exe\FavFileB.dat
c:\uninstall.exe\FavFileD.dat
c:\uninstall.exe\FavFolderD.dat
c:\uninstall.exe\Favorites.folder.dat
c:\uninstall.exe\FD-SV.cmd
c:\uninstall.exe\FdsvOK
c:\uninstall.exe\ffdefstr.dll
c:\uninstall.exe\FileKill.3XE
c:\uninstall.exe\files.pif
c:\uninstall.exe\Fin.dat
c:\uninstall.exe\FIND3M.bat
c:\uninstall.exe\FIXLSP.bat
c:\uninstall.exe\FKMGen.cmd
c:\uninstall.exe\ForeignWht
c:\uninstall.exe\Gateway
c:\uninstall.exe\GetHive.cmd
c:\uninstall.exe\Greg.user.cf
c:\uninstall.exe\grep.3XE
c:\uninstall.exe\gsar.3XE
c:\uninstall.exe\handle.3XE
c:\uninstall.exe\history.bat
c:\uninstall.exe\History.folder.dat
c:\uninstall.exe\hotspot00
c:\uninstall.exe\iexplore.exe
c:\uninstall.exe\image001.gif
c:\uninstall.exe\Imefile.dat
c:\uninstall.exe\katch.cmd
c:\uninstall.exe\kmd.dat
c:\uninstall.exe\Lang.bat
c:\uninstall.exe\LegacyFull
c:\uninstall.exe\LegacyNoSvc
c:\uninstall.exe\List-C.bat
c:\uninstall.exe\lnkread.vbs
c:\uninstall.exe\LocalAppData.folder.dat
c:\uninstall.exe\LocalAppDataFileB.dat
c:\uninstall.exe\LocalAppDataFileD.dat
c:\uninstall.exe\LocalAppDataFolderB.dat
c:\uninstall.exe\LocalService.dat
c:\uninstall.exe\LocalServiceNetworkRestricted.dat
c:\uninstall.exe\LocalSettings.folder.dat
c:\uninstall.exe\LocalSettingsFileB.dat
c:\uninstall.exe\LocalSystemNetworkRestricted.dat
c:\uninstall.exe\Locked
c:\uninstall.exe\max_.dat
c:\uninstall.exe\max_drivertocheck
c:\uninstall.exe\mbr.3XE
c:\uninstall.exe\mbr.chk
c:\uninstall.exe\md5sum.pif
c:\uninstall.exe\MenuFileB.dat
c:\uninstall.exe\MenuFileD.dat
c:\uninstall.exe\MenuFolderB.dat
c:\uninstall.exe\MenuFolderD.dat
c:\uninstall.exe\MoveIt.bat
c:\uninstall.exe\mtee.3XE
c:\uninstall.exe\Music.folder.dat
c:\uninstall.exe\MWindows.dat
c:\uninstall.exe\mynul.dat
c:\uninstall.exe\N_\11031
c:\uninstall.exe\N_\1262
c:\uninstall.exe\N_\13046
c:\uninstall.exe\N_\14345
c:\uninstall.exe\N_\16099
c:\uninstall.exe\N_\1776
c:\uninstall.exe\N_\26494
c:\uninstall.exe\N_\26510
c:\uninstall.exe\N_\31_30963
c:\uninstall.exe\ncmd.com
c:\uninstall.exe\ND_.bat
c:\uninstall.exe\ND_64.bat
c:\uninstall.exe\ndis_combofix.dat
c:\uninstall.exe\NetHood.folder.dat
c:\uninstall.exe\netsvc.bad.dat
c:\uninstall.exe\netsvc.dat
c:\uninstall.exe\NetworkService.dat
c:\uninstall.exe\NlsLanguageDefault
c:\uninstall.exe\notifykeys.dat
c:\uninstall.exe\notifykeysB.dat
c:\uninstall.exe\NT-OS.cmd
c:\uninstall.exe\NULL
c:\uninstall.exe\OsId.txt
c:\uninstall.exe\OSid.vbs
c:\uninstall.exe\pausep.3XE
c:\uninstall.exe\pend.txt
c:\uninstall.exe\Personal.folder.dat
c:\uninstall.exe\PersonalFileB.dat
c:\uninstall.exe\PersonalFolderB.dat
c:\uninstall.exe\pevb.3XE
c:\uninstall.exe\Pictures.folder.dat
c:\uninstall.exe\PING.3XE
c:\uninstall.exe\Policies.dat
c:\uninstall.exe\powp.dat
c:\uninstall.exe\PreDIR
c:\uninstall.exe\Prep.inf
c:\uninstall.exe\PrintHood.folder.dat
c:\uninstall.exe\Profiles.Folder.dat
c:\uninstall.exe\Profiles.Folder.folder.dat
c:\uninstall.exe\Profiles.folder00.dat
c:\uninstall.exe\ProfilesFile00.dat
c:\uninstall.exe\ProfilesFile99
c:\uninstall.exe\ProfilesFileB.dat
c:\uninstall.exe\ProfilesFileC.dat
c:\uninstall.exe\ProfilesFolder00.dat
c:\uninstall.exe\ProfilesFolder99
c:\uninstall.exe\ProfilesFolderB.dat
c:\uninstall.exe\progfile.dat
c:\uninstall.exe\Programs.folder.dat
c:\uninstall.exe\ProgramsFileB.dat
c:\uninstall.exe\ProgramsFileD.dat
c:\uninstall.exe\ProgramsFolderB.dat
c:\uninstall.exe\ProgramsFolderD.dat
c:\uninstall.exe\Purity.dat
c:\uninstall.exe\PV.3XE
c:\uninstall.exe\pv.com
c:\uninstall.exe\Q_Clsids
c:\uninstall.exe\rar_sfx.cmd
c:\uninstall.exe\RcVer00
c:\uninstall.exe\Recent.folder.dat
c:\uninstall.exe\REGDACL.sed
c:\uninstall.exe\RegDo.sed
c:\uninstall.exe\region.dat
c:\uninstall.exe\RegRun01
c:\uninstall.exe\RegScan.cmd
c:\uninstall.exe\REGT.3XE
c:\uninstall.exe\Resident.txt
c:\uninstall.exe\restore_pt.dat
c:\uninstall.exe\RkDetectA_HDCntrl.dat
c:\uninstall.exe\Rkey.cmd
c:\uninstall.exe\rmbr.3XE
c:\uninstall.exe\rogues.dat
c:\uninstall.exe\ROUTE.3XE
c:\uninstall.exe\run.sed
c:\uninstall.exe\run2.sed
c:\uninstall.exe\Rust.str
c:\uninstall.exe\s0rt.3XE
c:\uninstall.exe\safeboot.dat
c:\uninstall.exe\safeboot.def.dat
c:\uninstall.exe\sed.3XE
c:\uninstall.exe\SendTo.folder.dat
c:\uninstall.exe\ServiceFiles.dat
c:\uninstall.exe\ServiceFiles00
c:\uninstall.exe\SetEnvmt.bat
c:\uninstall.exe\setpath.3XE
c:\uninstall.exe\SetPath.bat
c:\uninstall.exe\setpath_N.cmd
c:\uninstall.exe\SF.exe
c:\uninstall.exe\sfx.cmd
c:\uninstall.exe\SnapShot.cmd
c:\uninstall.exe\SRestore.cmd
c:\uninstall.exe\srizbi.md5
c:\uninstall.exe\Start_dat
c:\uninstall.exe\StartMenu.folder.dat
c:\uninstall.exe\StartUp.folder.dat
c:\uninstall.exe\StartUpFileB.dat
c:\uninstall.exe\Str00
c:\uninstall.exe\SuppScan.cmd
c:\uninstall.exe\Suspect_ntfy.dat
c:\uninstall.exe\SuspectB_netsvc.dat
c:\uninstall.exe\suspectSvc.dat
c:\uninstall.exe\svc_wht.dat
c:\uninstall.exe\SvcCovered
c:\uninstall.exe\SvcDiff
c:\uninstall.exe\SvcDrv.vbs
c:\uninstall.exe\SvcDump
c:\uninstall.exe\SvcDumpB
c:\uninstall.exe\SvcDumpFull
c:\uninstall.exe\SvcFull
c:\uninstall.exe\svchost.dat
c:\uninstall.exe\svchost.vista.x64.dat
c:\uninstall.exe\svclist.dat
c:\uninstall.exe\SvcTarget.dat
c:\uninstall.exe\swsc.3XE
c:\uninstall.exe\SysPath.dat
c:\uninstall.exe\system_ini.dat
c:\uninstall.exe\tail.3XE
c:\uninstall.exe\temp3100
c:\uninstall.exe\Templates.folder.dat
c:\uninstall.exe\TemplatesFileB.dat
c:\uninstall.exe\TemplatesFolderB.dat
c:\uninstall.exe\toolbar.sed
c:\uninstall.exe\unhand.dat
c:\uninstall.exe\Unhandled.dat
c:\uninstall.exe\Update-CF.cmd
c:\uninstall.exe\V-FilesB.dat
c:\uninstall.exe\v_str.dat
c:\uninstall.exe\v_wht.dat
c:\uninstall.exe\VerCF.bat
c:\uninstall.exe\VikPev00
c:\uninstall.exe\Vikpev01
c:\uninstall.exe\VInfo
c:\uninstall.exe\VInfo2
c:\uninstall.exe\VINFO3
c:\uninstall.exe\Vipev.dat
c:\uninstall.exe\ViPev00
c:\uninstall.exe\ViPev01
c:\uninstall.exe\vistaMcode.dat
c:\uninstall.exe\VList
c:\uninstall.exe\VListB
c:\uninstall.exe\vRun_DLL
c:\uninstall.exe\vun.dat
c:\uninstall.exe\w_sock.dll
c:\uninstall.exe\w7Mcode.dat
c:\uninstall.exe\whiteAll.dat
c:\uninstall.exe\whitedir.dat
c:\uninstall.exe\whitedirCreated.dat
c:\uninstall.exe\Wmi_rem.vbs
c:\uninstall.exe\WowErr01
c:\uninstall.exe\WowErr02
c:\uninstall.exe\WrgNameDLL
c:\uninstall.exe\XP.mac
c:\uninstall.exe\xpmcode.dat
c:\uninstall.exe\xpreg.dat
c:\uninstall.exe\XPSBoot.reg
c:\uninstall.exe\zDomain.dat
c:\uninstall.exe\zhsvc.dat
c:\uninstall.exe\zip.3XE
c:\uninstall.exe\Zlob01
c:\windows\kb913800.exe
c:\windows\system32\
c:\windows\system32\FE05DA0D.dll
c:\windows\system32\FE05F051.dll
c:\windows\system32\FE05F3D5.dll
E:\autorun.inf
E:\Setup.exe
.
-- Previous Run --
.
Infected copy of c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\ArcSoft\Connection Service\Bin\
.
Infected copy of c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\ArcSoft\Connection Service\Bin\
.
Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\Apple\Mobile Device Support\bin\
.
Infected copy of c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\ArcSoft\Connection Service\Bin\
.
Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\Apple\Mobile Device Support\bin\
.
Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected
Restored copy from - c:\program files\Bonjour\
.
Infected copy of c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\ArcSoft\Connection Service\Bin\
.
Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\Apple\Mobile Device Support\bin\
.
Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected
Restored copy from - c:\program files\Bonjour\
.
Infected copy of c:\windows\system32\dlcgcoms.exe was found and disinfected
Restored copy from - c:\i386\dlcgcoms.exe
.
Infected copy of c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\ArcSoft\Connection Service\Bin\
.
Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\Apple\Mobile Device Support\bin\
.
Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected
Restored copy from - c:\program files\Bonjour\
.
Infected copy of c:\windows\system32\dlcgcoms.exe was found and disinfected
Restored copy from - c:\i386\dlcgcoms.exe
.
Infected copy of c:\program files\Canon\IJPLM\IJPLMSVC.EXE was found and disinfected
Restored copy from - c:\program files\Canon\IJPLM\
.
Infected copy of c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\ArcSoft\Connection Service\Bin\
.
Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\Apple\Mobile Device Support\bin\
.
Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected
Restored copy from - c:\program files\Bonjour\
.
Infected copy of c:\windows\system32\dlcgcoms.exe was found and disinfected
Restored copy from - c:\i386\dlcgcoms.exe
.
Infected copy of c:\program files\Canon\IJPLM\IJPLMSVC.EXE was found and disinfected
Restored copy from - c:\program files\Canon\IJPLM\
.
Infected copy of c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\Intuit\Update Service\
.
Infected copy of c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\ArcSoft\Connection Service\Bin\
.
Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\Apple\Mobile Device Support\bin\
.
Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected
Restored copy from - c:\program files\Bonjour\
.
Infected copy of c:\windows\system32\dlcgcoms.exe was found and disinfected
Restored copy from - c:\i386\dlcgcoms.exe
.
Infected copy of c:\program files\Canon\IJPLM\IJPLMSVC.EXE was found and disinfected
Restored copy from - c:\program files\Canon\IJPLM\
.
Infected copy of c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\Intuit\Update Service\
.
Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected
Restored copy from - c:\program files\iPod\bin\
.
Infected copy of c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\ArcSoft\Connection Service\Bin\
.
Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\Apple\Mobile Device Support\bin\
.
Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected
Restored copy from - c:\program files\Bonjour\
.
Infected copy of c:\windows\system32\dlcgcoms.exe was found and disinfected
Restored copy from - c:\i386\dlcgcoms.exe
.
Infected copy of c:\program files\Canon\IJPLM\IJPLMSVC.EXE was found and disinfected
Restored copy from - c:\program files\Canon\IJPLM\
.
Infected copy of c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\Intuit\Update Service\
.
Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected
Restored copy from - c:\program files\iPod\bin\
.
Infected copy of c:\program files\Common Files\Motive\McciCMService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\Motive\
.
Infected copy of c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\ArcSoft\Connection Service\Bin\
.
Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\Apple\Mobile Device Support\bin\
.
Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected
Restored copy from - c:\program files\Bonjour\
.
Infected copy of c:\windows\system32\dlcgcoms.exe was found and disinfected
Restored copy from - c:\i386\dlcgcoms.exe
.
Infected copy of c:\program files\Canon\IJPLM\IJPLMSVC.EXE was found and disinfected
Restored copy from - c:\program files\Canon\IJPLM\
.
Infected copy of c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\Intuit\Update Service\
.
Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected
Restored copy from - c:\program files\iPod\bin\
.
Infected copy of c:\program files\Common Files\Motive\McciCMService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\Motive\
.
Infected copy of c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE was found and disinfected
Restored copy from - c:\program files\Common Files\Microsoft Shared\VS7DEBUG\
.
Infected copy of c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\ArcSoft\Connection Service\Bin\
.
Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\Apple\Mobile Device Support\bin\
.
Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected
Restored copy from - c:\program files\Bonjour\
.
Infected copy of c:\windows\system32\dlcgcoms.exe was found and disinfected
Restored copy from - c:\i386\dlcgcoms.exe
.
Infected copy of c:\program files\Canon\IJPLM\IJPLMSVC.EXE was found and disinfected
Restored copy from - c:\program files\Canon\IJPLM\
.
Infected copy of c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\Intuit\Update Service\
.
Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected
Restored copy from - c:\program files\iPod\bin\
.
Infected copy of c:\program files\Common Files\Motive\McciCMService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\Motive\
.
Infected copy of c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE was found and disinfected
Restored copy from - c:\program files\Common Files\Microsoft Shared\VS7DEBUG\
.
Infected copy of c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe was found and disinfected
Restored copy from - c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\
.
Infected copy of c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\ArcSoft\Connection Service\Bin\
.
Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\Apple\Mobile Device Support\bin\
.
Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected
Restored copy from - c:\program files\Bonjour\
.
Infected copy of c:\windows\system32\dlcgcoms.exe was found and disinfected
Restored copy from - c:\i386\dlcgcoms.exe
.
Infected copy of c:\program files\Canon\IJPLM\IJPLMSVC.EXE was found and disinfected
Restored copy from - c:\program files\Canon\IJPLM\
.
Infected copy of c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\Intuit\Update Service\
.
Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected
Restored copy from - c:\program files\iPod\bin\
.
Infected copy of c:\program files\Common Files\Motive\McciCMService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\Motive\
.
Infected copy of c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE was found and disinfected
Restored copy from - c:\program files\Common Files\Microsoft Shared\VS7DEBUG\
.
Infected copy of c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe was found and disinfected
Restored copy from - c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\
.
Infected copy of c:\program files\Dell\QuickSet\NICCONFIGSVC.exe was found and disinfected
Restored copy from - c:\program files\Dell\QuickSet\
.
Infected copy of c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\ArcSoft\Connection Service\Bin\
.
Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\Apple\Mobile Device Support\bin\
.
Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected
Restored copy from - c:\program files\Bonjour\
.
Infected copy of c:\windows\system32\dlcgcoms.exe was found and disinfected
Restored copy from - c:\i386\dlcgcoms.exe
.
Infected copy of c:\program files\Canon\IJPLM\IJPLMSVC.EXE was found and disinfected
Restored copy from - c:\program files\Canon\IJPLM\
.
Infected copy of c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\Intuit\Update Service\
.
Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected
Restored copy from - c:\program files\iPod\bin\
.
Infected copy of c:\program files\Common Files\Motive\McciCMService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\Motive\
.
Infected copy of c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE was found and disinfected
Restored copy from - c:\program files\Common Files\Microsoft Shared\VS7DEBUG\
.
Infected copy of c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe was found and disinfected
Restored copy from - c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\
.
Infected copy of c:\program files\Dell\QuickSet\NICCONFIGSVC.exe was found and disinfected
Restored copy from - c:\program files\Dell\QuickSet\
.
Infected copy of c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe was found and disinfected
Restored copy from - c:\program files\NewTech Infosystems\Backup Now EZ\
.
Infected copy of c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\ArcSoft\Connection Service\Bin\
.
Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\Apple\Mobile Device Support\bin\
.
Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected
Restored copy from - c:\program files\Bonjour\
.
Infected copy of c:\windows\system32\dlcgcoms.exe was found and disinfected
Restored copy from - c:\i386\dlcgcoms.exe
.
Infected copy of c:\program files\Canon\IJPLM\IJPLMSVC.EXE was found and disinfected
Restored copy from - c:\program files\Canon\IJPLM\
.
Infected copy of c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\Intuit\Update Service\
.
Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected
Restored copy from - c:\program files\iPod\bin\
.
Infected copy of c:\program files\Common Files\Motive\McciCMService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\Motive\
.
Infected copy of c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE was found and disinfected
Restored copy from - c:\program files\Common Files\Microsoft Shared\VS7DEBUG\
.
Infected copy of c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe was found and disinfected
Restored copy from - c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\
.
Infected copy of c:\program files\Dell\QuickSet\NICCONFIGSVC.exe was found and disinfected
Restored copy from - c:\program files\Dell\QuickSet\
.
Infected copy of c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe was found and disinfected
Restored copy from - c:\program files\NewTech Infosystems\Backup Now EZ\
.
c:\windows\system32\HPZipm12.exe . . . is infected!!
c:\windows\system32\HPZipm12.exe . . . was deleted!! You should re-install the program it pertains to
.
Infected copy of c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\ArcSoft\Connection Service\Bin\
.
Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\Apple\Mobile Device Support\bin\
.
Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected
Restored copy from - c:\program files\Bonjour\
.
Infected copy of c:\windows\system32\dlcgcoms.exe was found and disinfected
Restored copy from - c:\i386\dlcgcoms.exe
.
Infected copy of c:\program files\Canon\IJPLM\IJPLMSVC.EXE was found and disinfected
Restored copy from - c:\program files\Canon\IJPLM\
.
Infected copy of c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\Intuit\Update Service\
.
Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected
Restored copy from - c:\program files\iPod\bin\
.
Infected copy of c:\program files\Common Files\Motive\McciCMService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\Motive\
.
Infected copy of c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE was found and disinfected
Restored copy from - c:\program files\Common Files\Microsoft Shared\VS7DEBUG\
.
Infected copy of c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe was found and disinfected
Restored copy from - c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\
.
Infected copy of c:\program files\Dell\QuickSet\NICCONFIGSVC.exe was found and disinfected
Restored copy from - c:\program files\Dell\QuickSet\
.
Infected copy of c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe was found and disinfected
Restored copy from - c:\program files\NewTech Infosystems\Backup Now EZ\
.
c:\windows\system32\HPZipm12.exe . . . is infected!!
c:\windows\system32\HPZipm12.exe . . . was deleted!! You should re-install the program it pertains to
.
Infected copy of c:\program files\Common Files\iS3\Anti-Spyware\SZServer.exe was found and disinfected
Restored copy from - c:\program files\Common Files\iS3\Anti-Spyware\
.
Infected copy of c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\ArcSoft\Connection Service\Bin\
.
Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\Apple\Mobile Device Support\bin\
.
Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected
Restored copy from - c:\program files\Bonjour\
.
Infected copy of c:\windows\system32\dlcgcoms.exe was found and disinfected
Restored copy from - c:\i386\dlcgcoms.exe
.
Infected copy of c:\program files\Canon\IJPLM\IJPLMSVC.EXE was found and disinfected
Restored copy from - c:\program files\Canon\IJPLM\
.
Infected copy of c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\Intuit\Update Service\
.
Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected
Restored copy from - c:\program files\iPod\bin\
.
Infected copy of c:\program files\Common Files\Motive\McciCMService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\Motive\
.
Infected copy of c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE was found and disinfected
Restored copy from - c:\program files\Common Files\Microsoft Shared\VS7DEBUG\
.
Infected copy of c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe was found and disinfected
Restored copy from - c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\
.
Infected copy of c:\program files\Dell\QuickSet\NICCONFIGSVC.exe was found and disinfected
Restored copy from - c:\program files\Dell\QuickSet\
.
Infected copy of c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe was found and disinfected
Restored copy from - c:\program files\NewTech Infosystems\Backup Now EZ\
.
c:\windows\system32\HPZipm12.exe . . . is infected!!
c:\windows\system32\HPZipm12.exe . . . was deleted!! You should re-install the program it pertains to
.
Infected copy of c:\program files\Common Files\iS3\Anti-Spyware\SZServer.exe was found and disinfected
Restored copy from - c:\program files\Common Files\iS3\Anti-Spyware\
.
c:\windows\System32\WLTRYSVC.EXE . . . is infected!!
c:\windows\System32\WLTRYSVC.EXE . . . was deleted!! You should re-install the program it pertains to
.
--------
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-28 )))))))))))))))))))))))))))))))
.
.
2011-11-28 00:21 . 2011-11-28 13:11 -------- d-----w- C:\ComboFix
2011-11-16 04:35 . 2011-11-16 04:35 -------- d-----w- c:\program files\CCleaner
2011-11-14 00:51 . 2011-11-14 00:51 -------- d-----w- c:\program files\STOPzilla!
2011-11-14 00:51 . 2011-11-28 14:14 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-11-14 00:51 . 2011-11-14 00:51 -------- d-----w- c:\program files\Common Files\iS3
2011-11-13 03:02 . 2011-11-13 03:02 -------- d-----w- c:\documents and settings\Mary\Application Data\Malwarebytes
2011-11-12 00:25 . 2011-11-12 00:25 134184 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-11-12 00:25 . 2011-11-12 00:25 68648 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-11-12 00:25 . 2011-11-12 00:25 547880 ----a-r- c:\windows\system32\SZComp5.dll
2011-11-12 00:25 . 2011-11-12 00:25 482344 ----a-r- c:\windows\system32\SZBase5.dll
2011-11-12 00:25 . 2011-11-12 00:25 457768 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-11-12 00:25 . 2011-11-12 00:25 30248 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-11-12 00:25 . 2011-11-12 00:25 24616 ----a-r- c:\windows\system32\SZIO5.dll
2011-11-12 00:25 . 2011-11-12 00:25 105512 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-11-12 00:25 . 2011-11-12 00:25 101416 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-11-12 00:25 . 2011-11-12 00:25 740392 ----a-r- c:\windows\system32\IS3Base5.dll
2011-11-12 00:25 . 2011-11-12 00:25 392232 ----a-r- c:\windows\system32\IS3UI5.dll
2011-11-12 00:25 . 2011-11-12 00:25 232488 ----a-r- c:\windows\system32\IS3Win325.dll
2011-11-07 23:35 . 2011-11-28 13:47 -------- d-----w- c:\documents and settings\Greg.CAMPBELL\Local Settings\Application Data\e284bfea
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-17 12:17 . 2005-08-16 10:35 57472 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-09-26 16:21 . 2011-09-26 16:21 61328 ----a-r- c:\windows\system32\drivers\SZKG.sys
2011-09-26 16:21 . 2011-09-26 16:21 61328 ----a-r- c:\windows\system32\drivers\is3srv.sys
2011-04-14 16:26 . 2011-05-16 02:56 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-14 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-14 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-04 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-09 761947]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2006-08-22 184320]
"dlcgmon.exe"="c:\program files\Dell AIO 810\dlcgmon.exe" [2005-10-21 425984]
"AirCardEnabler"="c:\program files\Sierra Wireless Inc\Network Adapter Manager\Network Adapter Manager.exe" [2003-04-16 151552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-23 116040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
c:\documents and settings\Greg.CAMPBELL\Start Menu\Programs\Startup\
TrueAssistant.lnk - c:\program files\TrueSwitchAT&TMembers\TrueWizard.exe [2008-12-11 1064960]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-31 24576]
Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2007-1-29 241664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\att-nap\\McciBrowser.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SDUpdate.exe"=
"c:\\Documents and Settings\\Greg.CAMPBELL\\Desktop\\TDSSKiller.exe"=
"c:\\Documents and Settings\\Greg.CAMPBELL\\My Documents\\Downloads\\STOPzilla_Setup.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
"c:\\Program Files\\Common Files\\iS3\\Anti-Spyware\\IS3Updater.exe"=
"c:\\Program Files\\STOPzilla!\\SZOptionsFlash.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Documents and Settings\\Greg.CAMPBELL\\My Documents\\Downloads\\tdsskiller\\TDSSKiller.exe"=
.
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [9/26/2011 11:21 AM 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [8/16/2011 4:48 PM 59080]
R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [9/19/2009 6:04 AM 45312]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [9/26/2011 11:21 AM 61328]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.discgolfatlanta.com/
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Greg.CAMPBELL\Application Data\Mozilla\Firefox\Profiles\kpff31u1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Notify-TPSvc - TPSvc.dll
SafeBoot-47223029.sys
SafeBoot-71536411.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-28 09:14
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(912)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2011-11-28 09:18:03
ComboFix-quarantined-files.txt 2011-11-28 14:18
.
Pre-Run: 83,183,427,584 bytes free
Post-Run: 83,143,847,936 bytes free
.
- - End Of File - - 3D5ABEE804B5FC5DE660FE7DF859377A




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users