Srini
Members-
Posts
12 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by Srini
-
Redirected Search results and other problems - Please help!
Srini replied to Srini's topic in Resolved Malware Removal Logs
Hello Extremeboy, Sorry got a bit delayed on this. per your instruction, I have disabled Avira guard for now and have also stopped the scheduler. Here is the DDS.txt and Attach.txt (is attached). Do you also need ark.txt again? -------------------------------- DDS (Ver_09-11-24.02) - NTFSx86 Run by janaki at 22:53:08.08 on Sun 12/20/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_07 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1279.673 [GMT -6:00] AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Norton 360 Premier Edition *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4} FW: Norton 360 Premier Edition *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\NETGEAR\WNDA3100\WNDA3100.exe C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe C:\thisComputerRelated\virusIssue200911\dds.scr ============== Pseudo HJT Report =============== uStart Page = about:blank uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: CitiUSBrowserHelper Class: {387edf53-1cf2-4523-bc2f-13462651be8c} - c:\windows\system32\BhoCitUS.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [osCheck] "c:\program files\norton 360 premier edition\osCheck.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wnda3100\WNDA3100.exe StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\pgptra~1.lnk - c:\windows\installer\{882025a7-7599-4989-8fcd-7604fb90d6a9}\Icon6560581611.exe IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll LSP: c:\windows\system32\PGPlsp.dll DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://moneycentral.msn.com/cabs/pmupd806.exe DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37887.6715625 DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Notification Packages = scecli PGPpwflt ================= FIREFOX =================== FF - ProfilePath - d:\docume~1\janaki\applic~1\mozilla\firefox\profiles\fobmwy2q.default\ FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [2007-8-10 97792] R0 PGPwded;PGPwded Storage Filter Service;c:\windows\system32\drivers\PGPwded.sys [2007-8-10 168960] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-11-28 108289] R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-3-8 93320] R2 PGPdisk;PGPdisk;c:\windows\system32\drivers\PGPdisk.sys [2007-8-10 224256] R2 PGPsdkDriver;PGPsdkDriver;c:\windows\system32\drivers\PGPsdk.sys [2007-8-10 33792] R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149] R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2005-5-26 9817] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-12-1 102448] R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440] R3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WNDA31.sys [2008-9-30 453120] R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2009-6-30 57408] S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2005-5-26 137392] S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888] S3 ECCL100;ECCL100 NDIS Protocol Driver;\??\c:\windows\system32\eccl100.sys --> c:\windows\system32\ECCL100.SYS [?] S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wnda3100\jswpsapi.exe [2008-2-27 360547] S3 NaiAvFilter104;NAI Anti Virus;\Device\NaiAvFilter104.sys --> \Device\NaiAvFilter104.sys [?] S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\rtl8187b.sys --> c:\windows\system32\drivers\RTL8187B.sys [?] S3 SjyPkt;SjyPkt;\??\c:\windows\system32\drivers\sjypkt.sys --> c:\windows\system32\drivers\SjyPkt.sys [?] S3 Usbidevws;Usbidevws;c:\windows\system32\drivers\hidbth.sys [2004-8-4 25600] S3 W8100PCI;D-Link AirPlus G Wireless Driver;c:\windows\system32\drivers\mrv8k51.sys --> c:\windows\system32\drivers\mrv8k51.sys [?] S3 wind502u;USB 2.0 Wireless Network Adapter;c:\windows\system32\drivers\wind502u.sys --> c:\windows\system32\drivers\wind502u.sys [?] S4 0179441259267586mcinstcleanup;McAfee Application Installer Cleanup (0179441259267586);c:\windows\temp\017944~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\017944~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?] S4 ExtranetAccess;Contivity VPN Service;c:\program files\ip vpn remote services\Extranet_serv.exe [2007-12-7 811008] S4 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-4 14336] S4 Maxtor Sync Service;Maxtor Service;c:\program files\maxtor\sync\SyncServices.exe [2007-9-28 156976] S4 SDService;Unicenter Software Delivery;"c:\program files\ca\unicenter software delivery\bin\sdserv.exe" --> c:\program files\ca\unicenter software delivery\bin\SDSERV.EXE [?] =============== Created Last 30 ================ 2009-12-13 15:44:47 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-12-13 15:44:29 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-12-13 15:44:28 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-12-13 15:44:04 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-12-13 15:44:03 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-12-13 15:43:55 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-12-13 15:36:32 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-12-09 05:12:18 0 d-----w- c:\program files\ESET 2009-12-06 05:35:57 0 d-sha-r- C:\cmdcons 2009-12-06 05:34:05 98816 ----a-w- c:\windows\sed.exe 2009-12-06 05:34:05 77312 ----a-w- c:\windows\MBR.exe 2009-12-06 05:34:05 260608 ----a-w- c:\windows\PEV.exe 2009-12-06 05:34:05 161792 ----a-w- c:\windows\SWREG.exe 2009-12-05 09:13:17 0 d-----w- c:\windows\system32\XPSViewer 2009-12-05 09:11:31 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-12-05 09:11:31 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-12-05 09:11:31 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-12-05 09:11:31 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-12-05 09:11:31 117760 ------w- c:\windows\system32\prntvpt.dll 2009-12-05 09:11:30 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-12-05 09:11:30 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-12-04 17:10:11 0 d-----w- c:\windows\system32\KB905474 2009-12-03 12:46:34 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2009-12-03 12:36:36 60416 -c----w- c:\windows\system32\dllcache\colbact.dll 2009-12-03 12:36:36 283648 -c----w- c:\windows\system32\dllcache\pdh.dll 2009-12-03 12:36:35 35328 -c----w- c:\windows\system32\dllcache\sc.exe 2009-12-03 12:36:09 399360 -c----w- c:\windows\system32\dllcache\rpcss.dll 2009-12-03 12:36:09 110592 -c----w- c:\windows\system32\dllcache\services.exe 2009-12-03 12:36:08 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll 2009-12-03 12:35:43 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2009-12-03 12:35:42 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2009-12-03 12:35:15 616960 -c----w- c:\windows\system32\dllcache\advapi32.dll 2009-12-03 12:34:49 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll 2009-12-03 12:28:43 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx 2009-12-03 12:25:05 202752 -c----w- c:\windows\system32\dllcache\rmcast.sys 2009-12-03 12:24:12 333184 -c----w- c:\windows\system32\dllcache\srv.sys 2009-12-03 12:23:04 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-12-03 12:22:10 683520 -c----w- c:\windows\system32\dllcache\inetcomm.dll 2009-12-03 12:16:44 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll 2009-12-03 12:10:17 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll 2009-12-03 12:09:48 1193414 -c----w- c:\windows\system32\dllcache\sysmain.sdb 2009-12-03 12:09:22 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe 2009-12-03 11:50:34 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2009-12-03 11:45:52 331776 -c----w- c:\windows\system32\dllcache\msadce.dll 2009-12-03 11:38:46 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2009-12-03 11:34:41 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-12-03 11:34:40 2180352 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2009-12-03 11:34:13 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2009-12-03 11:33:46 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-12-03 11:31:30 332800 -c----w- c:\windows\system32\dllcache\netapi32.dll 2009-11-28 17:33:44 0 ----a-w- d:\documents and settings\janaki\defogger_renable 2009-11-28 07:04:11 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-11-28 07:03:51 0 d-----w- d:\docume~1\alluse~1\applic~1\Avira 2009-11-28 07:03:51 0 d-----w- c:\program files\Avira 2009-11-26 20:29:08 0 d-----w- d:\docume~1\janaki\applic~1\Malwarebytes 2009-11-26 20:26:18 13668 ----a-w- c:\windows\system32\wpa.bak 2009-11-26 20:13:41 488 ---ha-r- c:\windows\system32\logonui.exe.manifest 2009-11-26 20:13:29 749 ---ha-r- c:\windows\WindowsShell.Manifest 2009-11-26 20:13:29 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest 2009-11-26 20:13:29 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest 2009-11-26 20:13:29 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest 2009-11-26 20:13:29 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest 2009-11-26 20:10:19 295424 ------w- c:\windows\system32\termsrv.dll 2009-11-26 19:43:15 13312 ----a-w- c:\windows\system32\irclass.dll 2009-11-26 19:43:13 24661 ----a-w- c:\windows\system32\spxcoins.dll 2009-11-24 07:16:18 0 ----a-w- d:\documents and settings\janaki\settings.dat 2009-11-24 06:25:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-24 06:25:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-24 06:25:29 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-21 23:09:25 0 d-----w- c:\program files\Norton 360 Premier Edition 2009-11-21 23:05:43 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2009-11-21 23:05:43 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2009-11-21 23:05:43 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-11-21 23:05:43 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2009-11-21 23:05:19 0 d-----w- c:\program files\Symantec ==================== Find3M ==================== 2009-11-26 20:11:21 23460 -c--a-w- c:\windows\system32\emptyregdb.dat 2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll 2009-10-21 06:00:55 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 06:00:55 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-13 10:53:29 266752 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:54:17 69632 ----a-w- c:\windows\system32\raschap.dll 2009-10-12 13:54:17 112128 ----a-w- c:\windows\system32\rastls.dll 2008-12-20 14:55:51 1606064 ----a-w- c:\program files\googletalk-setup.exe ============= FINISH: 22:54:05.12 =============== Thanks sri Attach.txt -
Redirected Search results and other problems - Please help!
Srini replied to Srini's topic in Resolved Malware Removal Logs
Generally speaking, which one should I keep? I paid for the Norton, but of course, it does not make it better. Going one step further, if you had to make a choice, which one anti virus would you pick from what is out there now? I really don't have an idea, so some direction would be helpful. -
Redirected Search results and other problems - Please help!
Srini replied to Srini's topic in Resolved Malware Removal Logs
Hello ExtremeBoy, As I had reported on 12/12 (it was in the middle of a post, sorry), Search redirects are working ok now. I am still getting a virus caught by Avira or Symantec every other day or so. Thanks sri -
Redirected Search results and other problems - Please help!
Srini replied to Srini's topic in Resolved Malware Removal Logs
Hello ExtremeBoy, Was not sure if you needed it, but I also ran the GMER Rootkit Scanner for you to take a look. Attached is Attach.zip with both ark and attach.txt files.. Thanks and regards, sri -
Redirected Search results and other problems - Please help!
Srini replied to Srini's topic in Resolved Malware Removal Logs
Hello ExtremeBoy, Here are the logs you requested: Attach.txt is attached. ---------------------------------------------------- ---------------------------------------------------- ESET LOG: ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=684a052679681a49b9728215930f0e78 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-12-09 09:08:17 # local_time=2009-12-09 03:08:17 (-0600, Central Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 14027840 14027840 0 0 # compatibility_mode=1797 16775125 100 94 0 32048134 0 0 # compatibility_mode=4864 16777215 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # compatibility_mode=9217 16777214 50 9 1407375 27678161 0 0 # scanned=86355 # found=3 # cleaned=3 # scan_time=12880 C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll Win32/Toolbar.MyWebSearch application (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C C:\Program Files\ZoneAlarmSB\bar\1.bin\NPZONESB.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\WINDOWS\system32\winlogon.exe.XXX Win32/Spy.Ursnif.A virus (deleted - quarantined) 00000000000000000000000000000000 C ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=684a052679681a49b9728215930f0e78 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-12-09 07:27:12 # local_time=2009-12-09 01:27:12 (-0600, Central Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 14062457 14062457 0 0 # compatibility_mode=1797 16775125 100 94 0 32082751 0 0 # compatibility_mode=4864 16777215 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # compatibility_mode=9217 16777214 50 9 1441992 27712778 0 0 # scanned=86643 # found=0 # cleaned=0 # scan_time=15398 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=684a052679681a49b9728215930f0e78 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-12-12 10:49:31 # local_time=2009-12-12 04:49:31 (-0600, Central Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 14290756 14290756 0 0 # compatibility_mode=1797 16775125 100 94 0 32311050 0 0 # compatibility_mode=4864 16777215 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # compatibility_mode=9217 16777214 50 9 1670291 27941077 0 0 # scanned=86971 # found=0 # cleaned=0 # scan_time=15236 ---------------------------------------------------- ---------------------------------------------------- DDS.txt DDS (Ver_09-11-24.02) - NTFSx86 Run by janaki at 22:36:16.97 on Sat 12/12/2009 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1279.379 [GMT -6:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Norton 360 Premier Edition *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4} FW: Norton 360 Premier Edition *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\NETGEAR\WNDA3100\WNDA3100.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe c:\program files\avira\antivir desktop\avcenter.exe C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe C:\WINDOWS\system32\Restore\rstrui.exe C:\thisComputerRelated\virusIssue200911\dds.scr ============== Pseudo HJT Report =============== uStart Page = about:blank uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: CitiUSBrowserHelper Class: {387edf53-1cf2-4523-bc2f-13462651be8c} - c:\windows\system32\BhoCitUS.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [osCheck] "c:\program files\norton 360 premier edition\osCheck.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wnda3100\WNDA3100.exe StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\pgptra~1.lnk - c:\windows\installer\{882025a7-7599-4989-8fcd-7604fb90d6a9}\Icon6560581611.exe IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll LSP: c:\windows\system32\PGPlsp.dll DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://moneycentral.msn.com/cabs/pmupd806.exe DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37887.6715625 DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Notification Packages = scecli PGPpwflt Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - d:\docume~1\janaki\applic~1\mozilla\firefox\profiles\fobmwy2q.default\ FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [2007-8-10 97792] R0 PGPwded;PGPwded Storage Filter Service;c:\windows\system32\drivers\PGPwded.sys [2007-8-10 168960] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-11-28 108289] R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-3-8 93320] R2 PGPdisk;PGPdisk;c:\windows\system32\drivers\PGPdisk.sys [2007-8-10 224256] R2 PGPsdkDriver;PGPsdkDriver;c:\windows\system32\drivers\PGPsdk.sys [2007-8-10 33792] R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149] R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2005-5-26 9817] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-12-1 102448] R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440] R3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WNDA31.sys [2008-9-30 453120] R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2009-6-30 57408] S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2005-5-26 137392] S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888] S3 ECCL100;ECCL100 NDIS Protocol Driver;\??\c:\windows\system32\eccl100.sys --> c:\windows\system32\ECCL100.SYS [?] S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wnda3100\jswpsapi.exe [2008-2-27 360547] S3 NaiAvFilter104;NAI Anti Virus;\Device\NaiAvFilter104.sys --> \Device\NaiAvFilter104.sys [?] S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\rtl8187b.sys --> c:\windows\system32\drivers\RTL8187B.sys [?] S3 SjyPkt;SjyPkt;\??\c:\windows\system32\drivers\sjypkt.sys --> c:\windows\system32\drivers\SjyPkt.sys [?] S3 Usbidevws;Usbidevws;c:\windows\system32\drivers\hidbth.sys [2004-8-4 25600] S3 W8100PCI;D-Link AirPlus G Wireless Driver;c:\windows\system32\drivers\mrv8k51.sys --> c:\windows\system32\drivers\mrv8k51.sys [?] S3 wind502u;USB 2.0 Wireless Network Adapter;c:\windows\system32\drivers\wind502u.sys --> c:\windows\system32\drivers\wind502u.sys [?] S4 0179441259267586mcinstcleanup;McAfee Application Installer Cleanup (0179441259267586);c:\windows\temp\017944~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\017944~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?] S4 ExtranetAccess;Contivity VPN Service;c:\program files\ip vpn remote services\Extranet_serv.exe [2007-12-7 811008] S4 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-4 14336] S4 Maxtor Sync Service;Maxtor Service;c:\program files\maxtor\sync\SyncServices.exe [2007-9-28 156976] S4 SDService;Unicenter Software Delivery;"c:\program files\ca\unicenter software delivery\bin\sdserv.exe" --> c:\program files\ca\unicenter software delivery\bin\SDSERV.EXE [?] =============== Created Last 30 ================ 2009-12-09 05:12:18 0 d-----w- c:\program files\ESET 2009-12-06 05:35:57 0 d-sha-r- C:\cmdcons 2009-12-06 05:34:05 98816 ----a-w- c:\windows\sed.exe 2009-12-06 05:34:05 77312 ----a-w- c:\windows\MBR.exe 2009-12-06 05:34:05 260608 ----a-w- c:\windows\PEV.exe 2009-12-06 05:34:05 161792 ----a-w- c:\windows\SWREG.exe 2009-12-05 09:13:17 0 d-----w- c:\windows\system32\XPSViewer 2009-12-05 09:11:31 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-12-05 09:11:31 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-12-05 09:11:31 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-12-05 09:11:31 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-12-05 09:11:31 117760 ------w- c:\windows\system32\prntvpt.dll 2009-12-05 09:11:30 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-12-05 09:11:30 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-12-04 17:10:11 0 d-----w- c:\windows\system32\KB905474 2009-12-03 12:46:34 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2009-12-03 12:36:36 60416 -c----w- c:\windows\system32\dllcache\colbact.dll 2009-12-03 12:36:36 283648 -c----w- c:\windows\system32\dllcache\pdh.dll 2009-12-03 12:36:35 35328 -c----w- c:\windows\system32\dllcache\sc.exe 2009-12-03 12:36:09 399360 -c----w- c:\windows\system32\dllcache\rpcss.dll 2009-12-03 12:36:09 110592 -c----w- c:\windows\system32\dllcache\services.exe 2009-12-03 12:36:08 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll 2009-12-03 12:35:43 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2009-12-03 12:35:42 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2009-12-03 12:35:15 616960 -c----w- c:\windows\system32\dllcache\advapi32.dll 2009-12-03 12:34:49 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll 2009-12-03 12:28:43 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx 2009-12-03 12:25:05 202752 -c----w- c:\windows\system32\dllcache\rmcast.sys 2009-12-03 12:24:12 333184 -c----w- c:\windows\system32\dllcache\srv.sys 2009-12-03 12:23:04 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-12-03 12:22:10 683520 -c----w- c:\windows\system32\dllcache\inetcomm.dll 2009-12-03 12:16:44 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll 2009-12-03 12:10:17 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll 2009-12-03 12:09:48 1193414 -c----w- c:\windows\system32\dllcache\sysmain.sdb 2009-12-03 12:09:22 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe 2009-12-03 11:50:34 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2009-12-03 11:45:52 331776 -c----w- c:\windows\system32\dllcache\msadce.dll 2009-12-03 11:38:46 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2009-12-03 11:34:41 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-12-03 11:34:40 2180352 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2009-12-03 11:34:13 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2009-12-03 11:33:46 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-12-03 11:31:30 332800 -c----w- c:\windows\system32\dllcache\netapi32.dll 2009-11-28 17:33:44 0 ----a-w- d:\documents and settings\janaki\defogger_renable 2009-11-28 07:04:11 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-11-28 07:03:51 0 d-----w- d:\docume~1\alluse~1\applic~1\Avira 2009-11-28 07:03:51 0 d-----w- c:\program files\Avira 2009-11-26 20:29:08 0 d-----w- d:\docume~1\janaki\applic~1\Malwarebytes 2009-11-26 20:26:18 13668 ----a-w- c:\windows\system32\wpa.bak 2009-11-26 20:13:41 488 ---ha-r- c:\windows\system32\logonui.exe.manifest 2009-11-26 20:13:29 749 ---ha-r- c:\windows\WindowsShell.Manifest 2009-11-26 20:13:29 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest 2009-11-26 20:13:29 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest 2009-11-26 20:13:29 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest 2009-11-26 20:13:29 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest 2009-11-26 20:10:19 295424 ------w- c:\windows\system32\termsrv.dll 2009-11-26 19:43:15 13312 ----a-w- c:\windows\system32\irclass.dll 2009-11-26 19:43:13 24661 ----a-w- c:\windows\system32\spxcoins.dll 2009-11-24 07:16:18 0 ----a-w- d:\documents and settings\janaki\settings.dat 2009-11-24 06:25:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-24 06:25:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-24 06:25:29 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-21 23:09:25 0 d-----w- c:\program files\Norton 360 Premier Edition 2009-11-21 23:05:43 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2009-11-21 23:05:43 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2009-11-21 23:05:43 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-11-21 23:05:43 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2009-11-21 23:05:19 0 d-----w- c:\program files\Symantec ==================== Find3M ==================== 2009-11-26 20:11:21 23460 -c--a-w- c:\windows\system32\emptyregdb.dat 2009-10-29 05:48:04 662016 ----a-w- c:\windows\system32\wininet.dll 2009-10-21 06:00:55 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 06:00:55 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-20 14:58:48 263552 ----a-w- c:\windows\system32\drivers\http.sys 2009-10-13 10:53:29 266752 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:54:17 69632 ----a-w- c:\windows\system32\raschap.dll 2009-10-12 13:54:17 112128 ----a-w- c:\windows\system32\rastls.dll 2009-09-25 05:56:32 81920 ----a-w- c:\windows\system32\ieencode.dll 2008-12-20 14:55:51 1606064 ----a-w- c:\program files\googletalk-setup.exe ============= FINISH: 22:37:38.11 =============== ---------------------------------------------------- ---------------------------------------------------- Attach.txt is attached Thanks sri Attach.txt -
Redirected Search results and other problems - Please help!
Srini replied to Srini's topic in Resolved Malware Removal Logs
Hello again, Sorry got a bit delayed as I had started eset scanner one night on 12/9, but the machine was rebooted by morning due to a windows update. I restarted eset scanner again, but it could find no issues. I also realized that I overwrote the log from the previous night. (it does not save history automatically. Just latest log.txt) I looked at the ESET Online Scanner\Quarantine folder, and found some files there with date stamps during the night of the first scan (12/9), so thought I would let you know There were five files with names: - ABECC3CDED6E7C9712E8A403F44EDF3B2BF36FE4.NDF - ABECC3CDED6E7C9712E8A403F44EDF3B2BF36FE4.NQF - F4F78EB62985200220188A15223186E31E4E5FBB.NDF - F4F78EB62985200220188A15223186E31E4E5FBB.NQF - INFO.NQI Pls. let me know if you need more information on this. ----------------------------- Also, FYI, Avira had two messages in its Events: Virus or unwanted program 'EXP/Pidief.GI [exploit]' detected in file 'D:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\AP9D5E85C6. Action performed: Delete file Virus or unwanted program 'EXP/Pidief.GI [exploit]' detected in file 'D:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APDF7E1801. Action performed: Delete file ----------------------------- I am trying to figure out why these showed up (no P2P software on machine). If you have any clues or advise, please let me know. Eset scanner is still running, but i thought I would at least post an update. As soon as it is done, I will post the report and a DDS report. Search redirects are working ok now. Thanks for your patience, Sri -
Redirected Search results and other problems - Please help!
Srini replied to Srini's topic in Resolved Malware Removal Logs
Hello extremeBoy, Thanks for the response. I will try to create the logs for the other computer and post it to a new topic in a day or so. In the meantime, here are the logs: Malwarebytes' Anti-Malware 1.42 Database version: 3304 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 12/6/2009 12:44:17 PM mbam-log-2009-12-06 (12-44-17).txt Scan type: Quick Scan Objects scanned: 156523 Time elapsed: 39 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) -------------------------------------------------------------------------------------------- -------------------------------------------------------------------------------------------- DDS (Ver_09-11-24.02) - NTFSx86 Run by janaki at 13:07:17.76 on Sun 12/06/2009 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1279.690 [GMT -6:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Norton 360 Premier Edition *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4} FW: Norton 360 Premier Edition *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\NETGEAR\WNDA3100\WNDA3100.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\thisComputerRelated\virusIssue200911\dds.scr ============== Pseudo HJT Report =============== uStart Page = about:blank uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: CitiUSBrowserHelper Class: {387edf53-1cf2-4523-bc2f-13462651be8c} - c:\windows\system32\BhoCitUS.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [osCheck] "c:\program files\norton 360 premier edition\osCheck.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wnda3100\WNDA3100.exe StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\pgptra~1.lnk - c:\windows\installer\{882025a7-7599-4989-8fcd-7604fb90d6a9}\Icon6560581611.exe IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll LSP: c:\windows\system32\PGPlsp.dll DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://moneycentral.msn.com/cabs/pmupd806.exe DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37887.6715625 DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Notification Packages = scecli PGPpwflt Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - d:\docume~1\janaki\applic~1\mozilla\firefox\profiles\fobmwy2q.default\ FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [2007-8-10 97792] R0 PGPwded;PGPwded Storage Filter Service;c:\windows\system32\drivers\PGPwded.sys [2007-8-10 168960] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-11-28 108289] R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-3-8 93320] R2 PGPdisk;PGPdisk;c:\windows\system32\drivers\PGPdisk.sys [2007-8-10 224256] R2 PGPsdkDriver;PGPsdkDriver;c:\windows\system32\drivers\PGPsdk.sys [2007-8-10 33792] R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2005-5-26 9817] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-12-1 102448] R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-11-24 38224] R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2009-6-30 57408] S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2005-5-26 137392] S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149] S3 ECCL100;ECCL100 NDIS Protocol Driver;\??\c:\windows\system32\eccl100.sys --> c:\windows\system32\ECCL100.SYS [?] S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wnda3100\jswpsapi.exe [2008-2-27 360547] S3 NaiAvFilter104;NAI Anti Virus;\Device\NaiAvFilter104.sys --> \Device\NaiAvFilter104.sys [?] S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\rtl8187b.sys --> c:\windows\system32\drivers\RTL8187B.sys [?] S3 SjyPkt;SjyPkt;\??\c:\windows\system32\drivers\sjypkt.sys --> c:\windows\system32\drivers\SjyPkt.sys [?] S3 Usbidevws;Usbidevws;c:\windows\system32\drivers\hidbth.sys [2004-8-4 25600] S3 W8100PCI;D-Link AirPlus G Wireless Driver;c:\windows\system32\drivers\mrv8k51.sys --> c:\windows\system32\drivers\mrv8k51.sys [?] S3 wind502u;USB 2.0 Wireless Network Adapter;c:\windows\system32\drivers\wind502u.sys --> c:\windows\system32\drivers\wind502u.sys [?] S3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WNDA31.sys [2008-9-30 453120] S4 0179441259267586mcinstcleanup;McAfee Application Installer Cleanup (0179441259267586);c:\windows\temp\017944~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\017944~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?] S4 ExtranetAccess;Contivity VPN Service;c:\program files\ip vpn remote services\Extranet_serv.exe [2007-12-7 811008] S4 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-4 14336] S4 Maxtor Sync Service;Maxtor Service;c:\program files\maxtor\sync\SyncServices.exe [2007-9-28 156976] S4 SDService;Unicenter Software Delivery;"c:\program files\ca\unicenter software delivery\bin\sdserv.exe" --> c:\program files\ca\unicenter software delivery\bin\SDSERV.EXE [?] =============== Created Last 30 ================ 2009-12-06 05:35:57 0 d-sha-r- C:\cmdcons 2009-12-06 05:34:05 98816 ----a-w- c:\windows\sed.exe 2009-12-06 05:34:05 77312 ----a-w- c:\windows\MBR.exe 2009-12-06 05:34:05 260608 ----a-w- c:\windows\PEV.exe 2009-12-06 05:34:05 161792 ----a-w- c:\windows\SWREG.exe 2009-12-05 09:13:17 0 d-----w- c:\windows\system32\XPSViewer 2009-12-05 09:11:31 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-12-05 09:11:31 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-12-05 09:11:31 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-12-05 09:11:31 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-12-05 09:11:31 117760 ------w- c:\windows\system32\prntvpt.dll 2009-12-05 09:11:30 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-12-05 09:11:30 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-12-04 17:10:11 0 d-----w- c:\windows\system32\KB905474 2009-12-03 12:46:34 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2009-12-03 12:36:36 60416 -c----w- c:\windows\system32\dllcache\colbact.dll 2009-12-03 12:36:36 283648 -c----w- c:\windows\system32\dllcache\pdh.dll 2009-12-03 12:36:35 35328 -c----w- c:\windows\system32\dllcache\sc.exe 2009-12-03 12:36:09 399360 -c----w- c:\windows\system32\dllcache\rpcss.dll 2009-12-03 12:36:09 110592 -c----w- c:\windows\system32\dllcache\services.exe 2009-12-03 12:36:08 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll 2009-12-03 12:35:43 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2009-12-03 12:35:42 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2009-12-03 12:35:15 616960 -c----w- c:\windows\system32\dllcache\advapi32.dll 2009-12-03 12:34:49 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll 2009-12-03 12:28:43 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx 2009-12-03 12:25:05 202752 -c----w- c:\windows\system32\dllcache\rmcast.sys 2009-12-03 12:24:12 333184 -c----w- c:\windows\system32\dllcache\srv.sys 2009-12-03 12:23:04 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-12-03 12:22:10 683520 -c----w- c:\windows\system32\dllcache\inetcomm.dll 2009-12-03 12:16:44 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll 2009-12-03 12:10:17 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll 2009-12-03 12:09:48 1193414 -c----w- c:\windows\system32\dllcache\sysmain.sdb 2009-12-03 12:09:22 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe 2009-12-03 11:50:34 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2009-12-03 11:45:52 331776 -c----w- c:\windows\system32\dllcache\msadce.dll 2009-12-03 11:38:46 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2009-12-03 11:34:41 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-12-03 11:34:40 2180352 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2009-12-03 11:34:13 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2009-12-03 11:33:46 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-12-03 11:31:30 332800 -c----w- c:\windows\system32\dllcache\netapi32.dll 2009-11-28 17:33:44 0 ----a-w- d:\documents and settings\janaki\defogger_renable 2009-11-28 07:04:11 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-11-28 07:03:51 0 d-----w- d:\docume~1\alluse~1\applic~1\Avira 2009-11-28 07:03:51 0 d-----w- c:\program files\Avira 2009-11-26 20:29:08 0 d-----w- d:\docume~1\janaki\applic~1\Malwarebytes 2009-11-26 20:26:18 13668 ----a-w- c:\windows\system32\wpa.bak 2009-11-26 20:13:41 488 ---ha-r- c:\windows\system32\logonui.exe.manifest 2009-11-26 20:13:29 749 ---ha-r- c:\windows\WindowsShell.Manifest 2009-11-26 20:13:29 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest 2009-11-26 20:13:29 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest 2009-11-26 20:13:29 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest 2009-11-26 20:13:29 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest 2009-11-26 20:10:19 295424 ------w- c:\windows\system32\termsrv.dll 2009-11-26 19:43:15 13312 ----a-w- c:\windows\system32\irclass.dll 2009-11-26 19:43:13 24661 ----a-w- c:\windows\system32\spxcoins.dll 2009-11-24 07:16:18 0 ----a-w- d:\documents and settings\janaki\settings.dat 2009-11-24 06:25:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-24 06:25:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-24 06:25:29 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-21 23:09:25 0 d-----w- c:\program files\Norton 360 Premier Edition 2009-11-21 23:05:43 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2009-11-21 23:05:43 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2009-11-21 23:05:43 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-11-21 23:05:43 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2009-11-21 23:05:19 0 d-----w- c:\program files\Symantec ==================== Find3M ==================== 2009-11-26 20:11:21 23460 -c--a-w- c:\windows\system32\emptyregdb.dat 2009-09-25 05:56:36 662016 ------w- c:\windows\system32\wininet.dll 2009-09-25 05:56:32 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-09-11 14:33:52 133632 ----a-w- c:\windows\system32\msv1_0.dll 2008-12-20 14:55:51 1606064 ----a-w- c:\program files\googletalk-setup.exe ============= FINISH: 13:08:25.58 =============== -------------------------------------------------------------------------------------------- -------------------------------------------------------------------------------------------- Attach.zip attached for latest attach.txt and ark.txt from GMER run. Thanks again, sri Attach.zip -
Redirected Search results and other problems - Please help!
Srini replied to Srini's topic in Resolved Malware Removal Logs
Wow - that's not good, as I believe there might have been some banking transactions done and I am a bit concerned. So a few questions, if you don't mind: - I have used a flash drive to copy photographs/documents between this computer and my other "clean" computer. Will that cause a risk to the other computer? - can I/do I need to post logs from my other "clean" computer, so you could take a quick look? - for my knowledge, are you able to tell the name of this virus from the logs and how the virus might have got in, in the first place? - also, did ComboFix detect and remove it? Sorry for all the questions, but your response is appreciated. (I will be unable to post the new logs till later tonight.) Again, thanks for your help and for the excellent service you all are providing! -
Redirected Search results and other problems - Please help!
Srini replied to Srini's topic in Resolved Malware Removal Logs
Here is the ComboFix.txt: (you asked that it be included - I read that as copy and paste. It is also attached, just in case that's what you meant) Thanks again! ------------- ComboFix 09-12-05.03 - janaki 12/05/2009 23:37.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1279.733 [GMT -6:00] Running from: d:\documents and settings\janaki\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Norton 360 Premier Edition *On-access scanning disabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4} FW: Norton 360 Premier Edition *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\WinPCap c:\program files\WinPCap\rpcapd.exe c:\recycler\S-1-5-21-1361031659-3470074583-838623864-500 c:\recycler\S-1-5-21-1815002781-3848448594-3852255402-500 c:\recycler\S-1-5-21-2008529862-4088190255-1608279117-500 c:\recycler\S-1-5-21-2055378577-3357456969-1883788766-500 c:\recycler\S-1-5-21-2304659736-572454927-963639892-500 c:\recycler\S-1-5-21-3765412682-274146658-773706229-500 c:\recycler\S-1-5-21-4101351205-3031065371-1103848779-500 c:\windows\Downloaded Program Files\Temp c:\windows\run.log c:\windows\system32\config.data c:\windows\system32\drivers\npf.sys c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\thread.xml c:\windows\system32\WanPacket.dll c:\windows\system32\worker.info c:\windows\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Legacy_RPCPATCH -------\Legacy_RPCTFTPD -------\Service_npf ((((((((((((((((((((((((( Files Created from 2009-11-06 to 2009-12-06 ))))))))))))))))))))))))))))))) . 2009-12-05 09:14 . 2009-12-05 09:14 176864 ----a-w- d:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-12-05 09:13 . 2009-12-05 09:13 -------- d-----w- c:\windows\system32\XPSViewer 2009-12-05 09:13 . 2009-12-05 09:13 -------- d-----w- c:\program files\MSBuild 2009-12-05 09:12 . 2009-12-05 09:12 -------- d-----w- c:\program files\Reference Assemblies 2009-12-05 09:12 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2009-12-05 09:11 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-12-05 09:11 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-12-05 09:11 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-12-05 09:11 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-12-05 09:11 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-12-05 09:11 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2009-12-05 09:11 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-12-05 09:11 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-12-05 05:19 . 2009-12-05 05:19 4844296 ----a-w- d:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-12-04 17:10 . 2009-12-04 17:10 -------- d-----w- c:\windows\system32\KB905474 2009-12-04 17:10 . 2009-03-11 04:26 1403264 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe 2009-12-04 17:10 . 2009-03-11 04:18 453512 ----a-w- c:\windows\system32\KB905474\wgasetup.exe 2009-12-03 12:46 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2009-12-03 12:36 . 2009-03-06 14:44 283648 -c----w- c:\windows\system32\dllcache\pdh.dll 2009-12-03 12:36 . 2005-07-26 04:39 60416 -c----w- c:\windows\system32\dllcache\colbact.dll 2009-12-03 12:36 . 2009-02-06 16:54 35328 -c----w- c:\windows\system32\dllcache\sc.exe 2009-12-03 12:36 . 2009-02-09 10:20 399360 -c----w- c:\windows\system32\dllcache\rpcss.dll 2009-12-03 12:36 . 2009-02-06 17:14 110592 -c----w- c:\windows\system32\dllcache\services.exe 2009-12-03 12:36 . 2009-02-09 10:20 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll 2009-12-03 12:35 . 2009-02-06 16:39 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2009-12-03 12:35 . 2009-02-09 10:20 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2009-12-03 12:35 . 2009-02-09 10:20 616960 -c----w- c:\windows\system32\dllcache\advapi32.dll 2009-12-03 12:34 . 2009-02-09 10:20 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll 2009-12-03 12:25 . 2008-05-08 12:28 202752 -c----w- c:\windows\system32\dllcache\rmcast.sys 2009-12-03 12:24 . 2008-12-11 11:57 333184 -c----w- c:\windows\system32\dllcache\srv.sys 2009-12-03 12:23 . 2009-07-10 13:42 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-12-03 12:22 . 2008-04-11 18:50 683520 -c----w- c:\windows\system32\dllcache\inetcomm.dll 2009-12-03 12:16 . 2009-06-05 07:42 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll 2009-12-03 12:10 . 2009-07-31 04:57 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll 2009-12-03 12:09 . 2008-04-21 10:02 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe 2009-12-03 11:50 . 2009-06-21 22:04 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2009-12-03 11:45 . 2008-05-01 14:30 331776 -c----w- c:\windows\system32\dllcache\msadce.dll 2009-12-03 11:38 . 2008-10-24 11:10 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2009-12-03 11:34 . 2009-08-04 13:58 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-12-03 11:34 . 2009-08-04 14:00 2180352 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2009-12-03 11:34 . 2009-08-04 13:13 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2009-12-03 11:33 . 2009-08-04 13:13 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-12-03 11:31 . 2008-10-15 16:57 332800 -c----w- c:\windows\system32\dllcache\netapi32.dll 2009-11-28 07:04 . 2009-07-28 21:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-11-28 07:04 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-11-28 07:04 . 2009-02-13 17:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-11-28 07:04 . 2009-02-13 17:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-11-28 07:03 . 2009-11-28 07:03 -------- d-----w- d:\documents and settings\All Users\Application Data\Avira 2009-11-28 07:03 . 2009-11-28 07:03 -------- d-----w- c:\program files\Avira 2009-11-26 20:29 . 2009-11-26 20:29 -------- d-----w- d:\documents and settings\janaki\Application Data\Malwarebytes 2009-11-26 20:10 . 2004-08-04 12:00 295424 ----a-w- c:\windows\system32\termsrv.dll 2009-11-26 19:43 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll 2009-11-26 19:43 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll 2009-11-24 07:16 . 2009-11-24 07:16 0 ----a-w- d:\documents and settings\janaki\settings.dat 2009-11-24 06:25 . 2009-12-03 22:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-24 06:25 . 2009-12-03 22:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-24 06:25 . 2009-12-05 05:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-22 06:27 . 2009-11-22 06:27 -------- d-sh--w- d:\documents and settings\Default User\IETldCache 2009-11-21 23:10 . 2009-11-21 23:10 -------- d-----w- c:\program files\Windows Sidebar 2009-11-21 23:09 . 2009-11-26 22:24 -------- d-----w- c:\program files\Norton 360 Premier Edition 2009-11-21 23:05 . 2009-11-22 06:46 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2009-11-21 23:05 . 2009-11-22 06:46 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-11-21 23:05 . 2009-11-22 06:46 -------- d-----w- c:\program files\Symantec 2009-11-17 13:43 . 2009-11-17 13:43 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-06 05:58 . 2009-05-03 15:00 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-12-05 16:18 . 2005-11-13 16:51 -------- d-----w- d:\documents and settings\All Users\Application Data\Skype 2009-12-05 16:18 . 2007-09-25 02:14 -------- d-----w- c:\program files\VideoLAN 2009-12-04 04:10 . 2005-01-03 19:18 82352 -c--a-w- d:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-28 06:48 . 2008-07-25 00:07 -------- d---a-w- d:\documents and settings\All Users\Application Data\TEMP 2009-11-28 06:47 . 2009-02-23 04:36 -------- d-----w- c:\program files\SpywareBlaster 2009-11-26 20:29 . 2009-03-08 19:26 -------- d-----w- c:\program files\McAfee 2009-11-26 20:11 . 2003-09-23 16:02 23460 -c--a-w- c:\windows\system32\emptyregdb.dat 2009-11-24 06:17 . 2009-05-03 15:08 -------- d-----w- d:\documents and settings\All Users\Application Data\Symantec 2009-11-22 06:46 . 2009-11-21 23:05 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2009-11-22 06:46 . 2009-11-21 23:05 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2009-11-22 05:56 . 2009-02-23 03:48 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-11-21 23:17 . 2009-06-18 05:30 -------- d-----w- d:\documents and settings\janaki\Application Data\Symantec 2009-11-05 16:08 . 2009-04-06 15:52 19176444 ----a-w- c:\windows\Internet Logs\tvDebug.Zip 2009-11-03 02:26 . 2009-11-03 02:26 -------- d-----w- d:\documents and settings\janaki\Application Data\Visio 2009-10-28 03:07 . 2009-10-28 03:07 -------- d-----w- c:\program files\OpenProj 2009-10-28 02:48 . 2009-10-28 02:48 -------- d-----w- d:\documents and settings\All Users\Application Data\KaDonk 2009-10-28 02:47 . 2009-10-28 02:47 -------- d-----w- d:\documents and settings\janaki\Application Data\KaDonk 2009-10-28 02:45 . 2009-10-28 02:45 143546 ----a-r- d:\documents and settings\janaki\Application Data\Microsoft\Installer\{AF181338-5152-4BB7-ADA0-AC4249335F83}\_F62732F4AD468E2E2DC6ED.exe 2009-10-28 02:45 . 2009-10-28 02:45 143546 ----a-r- d:\documents and settings\janaki\Application Data\Microsoft\Installer\{AF181338-5152-4BB7-ADA0-AC4249335F83}\_D467E31FEC7FBC4521B739.exe 2009-10-28 02:45 . 2009-10-28 02:45 143546 ----a-r- d:\documents and settings\janaki\Application Data\Microsoft\Installer\{AF181338-5152-4BB7-ADA0-AC4249335F83}\_6FEFF9B68218417F98F549.exe 2009-10-28 02:44 . 2009-10-28 02:44 -------- d-----w- c:\program files\Temp 2009-10-18 16:07 . 2009-10-18 16:07 -------- d-----w- d:\documents and settings\janaki\Application Data\RapidTyping 2009-10-18 16:07 . 2009-10-18 16:07 -------- d-----w- c:\program files\RapidTyping 2009-10-18 16:07 . 2009-10-18 16:07 -------- d-----w- d:\documents and settings\All Users\Application Data\RapidTyping 2009-09-30 20:58 . 2008-02-18 19:38 9576 ----a-w- d:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\CCMSLLUM.DLL 2009-09-25 05:56 . 2004-08-04 12:00 662016 ----a-w- c:\windows\system32\wininet.dll 2009-09-25 05:56 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-09-11 14:33 . 2004-08-04 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll 2008-12-20 14:55 . 2008-12-20 14:55 1606064 ----a-w- c:\program files\googletalk-setup.exe 2008-06-30 19:44 . 2009-05-05 12:14 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible] @="{3DBF5F01-3287-46EB-82CF-45AA5C241162}" [HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}] 2007-08-10 20:27 598016 ----a-w- c:\windows\system32\PGPfsshl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-01 339968] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048] "osCheck"="c:\program files\Norton 360 Premier Edition\osCheck.exe" [2008-02-26 988512] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] d:\documents and settings\cchittoor\Start Menu\Programs\Startup\ Check for TWS Updates.lnk - c:\program files\Jts\WiseUpdt.exe [2008-6-24 194775] DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848] d:\documents and settings\All Users\Start Menu\Programs\Startup\ NETGEAR WNDA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3100\WNDA3100.exe [2008-12-10 1482815] PGPtray.exe.lnk - c:\windows\Installer\{882025A7-7599-4989-8FCD-7604FB90D6A9}\Icon6560581611.exe [2007-8-30 55296] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli PGPpwflt [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk] path=d:\documents and settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk] path=d:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^PGPtray.exe.lnk] path=d:\documents and settings\All Users\Start Menu\Programs\Startup\PGPtray.exe.lnk backup=c:\windows\pss\PGPtray.exe.lnkCommon Startup [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Shortcut to mbam.lnk] path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Shortcut to mbam.lnk backup=c:\windows\pss\Shortcut to mbam.lnkCommon Startup [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Shortcut to mbamgui.lnk] path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Shortcut to mbamgui.lnk backup=c:\windows\pss\Shortcut to mbamgui.lnkCommon Startup [HKLM\~\startupfolder\D:^Documents and Settings^cchittoor^Start Menu^Programs^Startup^Check for TWS Updates.lnk] path=d:\documents and settings\cchittoor\Start Menu\Programs\Startup\Check for TWS Updates.lnk backup=c:\windows\pss\Check for TWS Updates.lnkStartup [HKLM\~\startupfolder\D:^Documents and Settings^cchittoor^Start Menu^Programs^Startup^Epson all-in-one Registration.lnk] path=d:\documents and settings\cchittoor\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk backup=c:\windows\pss\Epson all-in-one Registration.lnkStartup [HKLM\~\startupfolder\D:^Documents and Settings^cchittoor^Start Menu^Programs^Startup^HotSync Manager.lnk] path=d:\documents and settings\cchittoor\Start Menu\Programs\Startup\HotSync Manager.lnk backup=c:\windows\pss\HotSync Manager.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "McTaskManager"=2 (0x2) "Macromedia Licensing Service"=3 (0x3) "Ati HotKey Poller"=2 (0x2) "AmoAgent"=2 (0x2) "AeXNSClient"=2 (0x2) "gusvc"=3 (0x3) "WMPNetworkSvc"=2 (0x2) "r_server"=2 (0x2) "SCardSvr"=2 (0x2) "SDService"=2 (0x2) "IDriverT"=3 (0x3) "MDM"=2 (0x2) "PGPserv"=2 (0x2) "ose"=3 (0x3) "Maxtor Sync Service"=2 (0x2) "BITS"=3 (0x3) "McShield"=2 (0x2) "ExtranetAccess"=2 (0x2) "S24EventMonitor"=2 (0x2) "vsmon"=2 (0x2) "SharedAccess"=2 (0x2) "RDSessMgr"=3 (0x3) "RasMan"=3 (0x3) "RasAuto"=3 (0x3) "MSDTC"=3 (0x3) "getPlusHelper"=3 (0x3) "mnmsrvc"=3 (0x3) "0179441259267586mcinstcleanup"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "%windir%\\system32\\sessmgr.exe"= R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [8/10/2007 2:21 PM 97792] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/28/2009 1:04 AM 108289] R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 1:37 PM 149352] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [3/8/2009 1:27 PM 93320] R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [5/26/2005 3:58 PM 9817] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/1/2009 9:24 PM 102448] R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [10/1/2008 3:45 PM 57440] S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [5/26/2005 3:58 PM 137392] S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 8:32 PM 23888] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 11:10 AM 17149] S3 ECCL100;ECCL100 NDIS Protocol Driver;\??\c:\windows\system32\ECCL100.SYS --> c:\windows\system32\ECCL100.SYS [?] S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WNDA3100\jswpsapi.exe [2/27/2008 10:54 AM 360547] S3 NaiAvFilter104;NAI Anti Virus;\Device\NaiAvFilter104.sys --> \Device\NaiAvFilter104.sys [?] S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\DRIVERS\RTL8187B.sys --> c:\windows\system32\DRIVERS\RTL8187B.sys [?] S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?] S3 Usbidevws;Usbidevws;c:\windows\system32\drivers\hidbth.sys [8/4/2004 6:00 AM 25600] S3 wind502u;USB 2.0 Wireless Network Adapter;c:\windows\system32\DRIVERS\wind502u.sys --> c:\windows\system32\DRIVERS\wind502u.sys [?] S3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WNDA31.sys [9/30/2008 2:24 AM 453120] S4 0179441259267586mcinstcleanup;McAfee Application Installer Cleanup (0179441259267586);c:\windows\TEMP\017944~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\017944~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?] S4 ExtranetAccess;Contivity VPN Service;c:\program files\IP VPN Remote Services\Extranet_serv.exe [12/7/2007 8:25 PM 811008] S4 SDService;Unicenter Software Delivery;"c:\program files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE" --> c:\program files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 LSP: c:\windows\system32\PGPlsp.dll DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - d:\documents and settings\janaki\Application Data\Mozilla\Firefox\Profiles\fobmwy2q.default\ FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); . - - - - ORPHANS REMOVED - - - - BHO-{BBCE9859-AC56-4091-B80B-A710A4719CEC} - (no file) Notify-wvUkLFya - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-06 00:00 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1512) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2572) c:\progra~1\mcafee\SITEAD~1\saHook.dll c:\windows\system32\PGPfsshl.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\PGPlsp.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\acs.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\windows\system32\rundll32.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-12-06 00:07 - machine was rebooted ComboFix-quarantined-files.txt 2009-12-06 06:07 Pre-Run: 921,067,520 bytes free Post-Run: 887,152,640 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin - - End Of File - - 8B8BF1D036DDC12626C83DF996675604 ComboFix.txt -
Redirected Search results and other problems - Please help!
Srini replied to Srini's topic in Resolved Malware Removal Logs
Hello Extremeboy, Thanks for taking the time! It is appreciated. As of yesterday morning, search links were getting redirected to the wrong places. Oddly enough, (without me doing anything additional), the links are working ok this morning. (This is my mother's computer, so I don't use it too often) Since I did not do anything at all yesterday, I am a bit confused. So I would still like to request you to take a look at the logs, as there could still be some underlying problem. (this problem has been there for 3 weeks now, so I cannot imagine it would disappear the day you responded!). Logs as requested: ---------- Malwarebytes' Anti-Malware 1.42 Database version: 3298 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 12/4/2009 11:36:54 PM mbam-log-2009-12-04 (23-36-54).txt Scan type: Quick Scan Objects scanned: 157239 Time elapsed: 15 minute(s), 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ---------------------------------------------------- ---------------------------------------------------- DDS (Ver_09-12-01.01) - NTFSx86 Run by janaki at 12:15:59.47 on Sat 12/05/2009 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1279.572 [GMT -6:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Norton 360 Premier Edition *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4} FW: Norton 360 Premier Edition *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\NETGEAR\WNDA3100\WNDA3100.exe C:\WINDOWS\system32\cleanmgr.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Mozilla Firefox\firefox.exe c:\program files\avira\antivir desktop\avcenter.exe C:\My Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = about:blank uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: CitiUSBrowserHelper Class: {387edf53-1cf2-4523-bc2f-13462651be8c} - c:\windows\system32\BhoCitUS.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: {BBCE9859-AC56-4091-B80B-A710A4719CEC} - No File TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [osCheck] "c:\program files\norton 360 premier edition\osCheck.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wnda3100\WNDA3100.exe StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\pgptra~1.lnk - c:\windows\installer\{882025a7-7599-4989-8fcd-7604fb90d6a9}\Icon6560581611.exe IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll LSP: c:\windows\system32\PGPlsp.dll DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://moneycentral.msn.com/cabs/pmupd806.exe DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37887.6715625 DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Notify: AtiExtEvent - Ati2evxx.dll AppInit_DLLs: c:\windows\system32\rdolib.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Notification Packages = scecli PGPpwflt Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - d:\docume~1\janaki\applic~1\mozilla\firefox\profiles\fobmwy2q.default\ FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [2007-8-10 97792] R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-11-28 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-11-28 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-11-28 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-28 55656] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352] R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-3-8 93320] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064] R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2005-5-26 9817] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-12-1 102448] R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20091204.037\NAVENG.SYS [2009-12-4 84912] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20091204.037\NAVEX15.SYS [2009-12-4 1323568] R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2009-11-21 1245064] S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2005-5-26 137392] S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149] S3 ECCL100;ECCL100 NDIS Protocol Driver;\??\c:\windows\system32\eccl100.sys --> c:\windows\system32\ECCL100.SYS [?] S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wnda3100\jswpsapi.exe [2008-2-27 360547] S3 NaiAvFilter104;NAI Anti Virus;\Device\NaiAvFilter104.sys --> \Device\NaiAvFilter104.sys [?] S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?] S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\rtl8187b.sys --> c:\windows\system32\drivers\RTL8187B.sys [?] S3 SjyPkt;SjyPkt;\??\c:\windows\system32\drivers\sjypkt.sys --> c:\windows\system32\drivers\SjyPkt.sys [?] S3 Usbidevws;Usbidevws;c:\windows\system32\drivers\hidbth.sys [2004-8-4 25600] S3 wind502u;USB 2.0 Wireless Network Adapter;c:\windows\system32\drivers\wind502u.sys --> c:\windows\system32\drivers\wind502u.sys [?] S3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WNDA31.sys [2008-9-30 453120] S4 0179441259267586mcinstcleanup;McAfee Application Installer Cleanup (0179441259267586);c:\windows\temp\017944~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\017944~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?] S4 ExtranetAccess;Contivity VPN Service;c:\program files\ip vpn remote services\Extranet_serv.exe [2007-12-7 811008] S4 SDService;Unicenter Software Delivery;"c:\program files\ca\unicenter software delivery\bin\sdserv.exe" --> c:\program files\ca\unicenter software delivery\bin\SDSERV.EXE [?] =============== Created Last 30 ================ 2009-12-05 09:13:17 0 d-----w- c:\windows\system32\XPSViewer 2009-12-05 09:11:31 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-12-05 09:11:31 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-12-05 09:11:31 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-12-05 09:11:31 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-12-05 09:11:31 117760 ------w- c:\windows\system32\prntvpt.dll 2009-12-05 09:11:30 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-12-05 09:11:30 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-12-04 17:10:11 0 d-----w- c:\windows\system32\KB905474 2009-12-03 12:46:34 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2009-12-03 12:36:36 60416 -c----w- c:\windows\system32\dllcache\colbact.dll 2009-12-03 12:36:36 283648 -c----w- c:\windows\system32\dllcache\pdh.dll 2009-12-03 12:36:35 35328 -c----w- c:\windows\system32\dllcache\sc.exe 2009-12-03 12:36:09 399360 -c----w- c:\windows\system32\dllcache\rpcss.dll 2009-12-03 12:36:09 110592 -c----w- c:\windows\system32\dllcache\services.exe 2009-12-03 12:36:08 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll 2009-12-03 12:35:43 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2009-12-03 12:35:42 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2009-12-03 12:35:15 616960 -c----w- c:\windows\system32\dllcache\advapi32.dll 2009-12-03 12:34:49 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll 2009-12-03 12:28:43 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx 2009-12-03 12:25:05 202752 -c----w- c:\windows\system32\dllcache\rmcast.sys 2009-12-03 12:24:12 333184 -c----w- c:\windows\system32\dllcache\srv.sys 2009-12-03 12:23:04 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-12-03 12:22:10 683520 -c----w- c:\windows\system32\dllcache\inetcomm.dll 2009-12-03 12:16:44 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll 2009-12-03 12:10:17 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll 2009-12-03 12:09:48 1193414 -c----w- c:\windows\system32\dllcache\sysmain.sdb 2009-12-03 12:09:22 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe 2009-12-03 11:50:34 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2009-12-03 11:45:52 331776 -c----w- c:\windows\system32\dllcache\msadce.dll 2009-12-03 11:38:46 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2009-12-03 11:34:41 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-12-03 11:34:40 2180352 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2009-12-03 11:34:13 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2009-12-03 11:33:46 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-12-03 11:31:30 332800 -c----w- c:\windows\system32\dllcache\netapi32.dll 2009-11-28 17:33:44 0 ----a-w- d:\documents and settings\janaki\defogger_renable 2009-11-28 07:04:11 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-11-28 07:03:51 0 d-----w- d:\docume~1\alluse~1\applic~1\Avira 2009-11-28 07:03:51 0 d-----w- c:\program files\Avira 2009-11-26 20:29:08 0 d-----w- d:\docume~1\janaki\applic~1\Malwarebytes 2009-11-26 20:26:18 13668 ----a-w- c:\windows\system32\wpa.bak 2009-11-26 20:13:41 488 ---ha-r- c:\windows\system32\logonui.exe.manifest 2009-11-26 20:13:29 749 ---ha-r- c:\windows\WindowsShell.Manifest 2009-11-26 20:13:29 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest 2009-11-26 20:13:29 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest 2009-11-26 20:13:29 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest 2009-11-26 20:13:29 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest 2009-11-26 20:10:19 295424 ----a-w- c:\windows\system32\termsrv.dll 2009-11-26 19:43:15 13312 ----a-w- c:\windows\system32\irclass.dll 2009-11-26 19:43:13 24661 ----a-w- c:\windows\system32\spxcoins.dll 2009-11-24 07:16:18 0 ----a-w- d:\documents and settings\janaki\settings.dat 2009-11-24 06:25:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-24 06:25:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-24 06:25:29 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-21 23:09:25 0 d-----w- c:\program files\Norton 360 Premier Edition 2009-11-21 23:05:43 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2009-11-21 23:05:43 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2009-11-21 23:05:43 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-11-21 23:05:43 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2009-11-21 23:05:19 0 d-----w- c:\program files\Symantec 2009-11-20 12:20:32 0 d-----w- c:\program files\WinPcap 2009-11-20 01:03:25 30 ----a-w- c:\windows\system32\worker.info 2009-11-20 01:03:25 30 ----a-w- c:\windows\system32\thread.xml 2009-11-20 01:03:25 30 ----a-w- c:\windows\system32\config.data ==================== Find3M ==================== 2009-11-26 20:11:21 23460 -c--a-w- c:\windows\system32\emptyregdb.dat 2009-09-25 05:56:36 662016 ----a-w- c:\windows\system32\wininet.dll 2009-09-25 05:56:32 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-09-11 14:33:52 133632 ----a-w- c:\windows\system32\msv1_0.dll 2008-12-20 14:55:51 1606064 ----a-w- c:\program files\googletalk-setup.exe ============= FINISH: 12:17:15.22 =============== ------------------------------------------------------ Thanks again for your feedback, -
Redirected Search results and other problems - Please help!
Srini replied to Srini's topic in Resolved Malware Removal Logs
Hello, Have not received a response to my request below (4th day today). Attempting to bump this up please.. Thanks -
Hello, Posting here after spending many many hours/few days trying to resolve this problem, so I appreciate your help in resolving this. Quick background: -------------------- Problem 1) redirects after google search Problem 2) Malwarebytes has been finding new issues each new day even though it cleans up everyday. I have not been doing much of browsing (except for going on these forums and a little black friday research) FYI, thx to your forums, was able to resolve these next two problems (used Avira AntiVir Rescue System) Problem 2 - think this is resolved) Was getting a pop up that the system was infected Problem 3 - resolved) was unable to start malwarebytes or hijack this I have run hijack and have followed instructions from http://www.malwarebytes.org/forums/index.php?showtopic=9573 (Avira and malwarebytes found some infections). Logs included: - Malwarebytes - DDS.txt - Hijackthis - Attach.zip - Attach.txt and ark.txt Here are the logs: ---------------------------------------- Malware bytes log: Malwarebytes' Anti-Malware 1.41 Database version: 3250 Windows 5.1.2600 Service Pack 2 11/28/2009 10:20:03 AM mbam-log-2009-11-28 (10-20-03).txt Scan type: Quick Scan Objects scanned: 154981 Time elapsed: 11 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 5 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Spyware.Passwords) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\mscert.dll (Spyware.Passwords) -> Quarantined and deleted successfully. C:\WINDOWS\rdolib.dll (Spyware.Passwords) -> Quarantined and deleted successfully. D:\Documents and Settings\LocalService\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\WINDOWS\system32\flags.ini (Malware.Trace) -> Delete on reboot. C:\WINDOWS\system32\uses32.dat (Malware.Trace) -> Quarantined and deleted successfully. ---------------------------------------------- ---------------------------------------------- ---------------------------------------------- DDS.txt: DDS (Ver_09-11-24.02) - NTFSx86 Run by janaki at 11:36:37.90 on Sat 11/28/2009 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1279.109 [GMT -6:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Norton 360 Premier Edition *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4} FW: Norton 360 Premier Edition *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\NETGEAR\WNDA3100\WNDA3100.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Avira\AntiVir Desktop\avcenter.exe C:\Program Files\Avira\AntiVir Desktop\avscan.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Avira\AntiVir Desktop\avscan.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\notepad.exe C:\My Downloads\Defogger.exe D:\Documents and Settings\janaki\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = about:blank uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: CitiUSBrowserHelper Class: {387edf53-1cf2-4523-bc2f-13462651be8c} - c:\windows\system32\BhoCitUS.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: {BBCE9859-AC56-4091-B80B-A710A4719CEC} - No File TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [osCheck] "c:\program files\norton 360 premier edition\osCheck.exe" mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wnda3100\WNDA3100.exe StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\pgptra~1.lnk - c:\windows\installer\{882025a7-7599-4989-8fcd-7604fb90d6a9}\Icon6560581611.exe IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll LSP: c:\windows\system32\PGPlsp.dll DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://moneycentral.msn.com/cabs/pmupd806.exe DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37887.6715625 DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll AppInit_DLLs: c:\windows\system32\rdolib.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Notification Packages = scecli PGPpwflt Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - d:\docume~1\janaki\applic~1\mozilla\firefox\profiles\fobmwy2q.default\ FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll FF - plugin: d:\documents and settings\janaki\application data\mozilla\firefox\profiles\fobmwy2q.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [2007-8-10 97792] R0 PGPwded;PGPwded Storage Filter Service;c:\windows\system32\drivers\PGPwded.sys [2007-8-10 168960] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-11-28 108289] R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-3-8 93320] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064] R2 PGPdisk;PGPdisk;c:\windows\system32\drivers\PGPdisk.sys [2007-8-10 224256] R2 PGPsdkDriver;PGPsdkDriver;c:\windows\system32\drivers\PGPsdk.sys [2007-8-10 33792] R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2005-5-26 9817] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-11-22 102448] R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-11-24 38224] R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2009-6-30 57408] S2 0179441259267586mcinstcleanup;McAfee Application Installer Cleanup (0179441259267586);c:\windows\temp\017944~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\017944~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?] S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2005-5-26 137392] S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149] S3 ECCL100;ECCL100 NDIS Protocol Driver;\??\c:\windows\system32\eccl100.sys --> c:\windows\system32\ECCL100.SYS [?] S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wnda3100\jswpsapi.exe [2008-2-27 360547] S3 NaiAvFilter104;NAI Anti Virus;\Device\NaiAvFilter104.sys --> \Device\NaiAvFilter104.sys [?] S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?] S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\rtl8187b.sys --> c:\windows\system32\drivers\RTL8187B.sys [?] S3 SjyPkt;SjyPkt;\??\c:\windows\system32\drivers\sjypkt.sys --> c:\windows\system32\drivers\SjyPkt.sys [?] S3 Usbidevws;Usbidevws;c:\windows\system32\drivers\hidbth.sys [2004-8-4 25600] S3 W8100PCI;D-Link AirPlus G Wireless Driver;c:\windows\system32\drivers\mrv8k51.sys --> c:\windows\system32\drivers\mrv8k51.sys [?] S3 wind502u;USB 2.0 Wireless Network Adapter;c:\windows\system32\drivers\wind502u.sys --> c:\windows\system32\drivers\wind502u.sys [?] S3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WNDA31.sys [2008-9-30 453120] S4 ExtranetAccess;Contivity VPN Service;c:\program files\ip vpn remote services\Extranet_serv.exe [2007-12-7 811008] S4 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-4 14336] S4 Maxtor Sync Service;Maxtor Service;c:\program files\maxtor\sync\SyncServices.exe [2007-9-28 156976] S4 SDService;Unicenter Software Delivery;"c:\program files\ca\unicenter software delivery\bin\sdserv.exe" --> c:\program files\ca\unicenter software delivery\bin\SDSERV.EXE [?] =============== Created Last 30 ================ 2009-11-28 17:33:44 0 ----a-w- d:\documents and settings\janaki\defogger_renable 2009-11-28 07:04:11 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-11-28 07:03:51 0 d-----w- d:\docume~1\alluse~1\applic~1\Avira 2009-11-28 07:03:51 0 d-----w- c:\program files\Avira 2009-11-26 20:29:08 0 d-----w- d:\docume~1\janaki\applic~1\Malwarebytes 2009-11-26 20:26:18 13668 ----a-w- c:\windows\system32\wpa.bak 2009-11-26 20:13:41 488 ---ha-r- c:\windows\system32\logonui.exe.manifest 2009-11-26 20:13:29 749 ---ha-r- c:\windows\WindowsShell.Manifest 2009-11-26 20:13:29 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest 2009-11-26 20:13:29 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest 2009-11-26 20:13:29 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest 2009-11-26 20:13:29 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest 2009-11-26 20:10:19 295424 ----a-w- c:\windows\system32\termsrv.dll 2009-11-26 19:43:15 13312 ----a-w- c:\windows\system32\irclass.dll 2009-11-26 19:43:13 24661 ----a-w- c:\windows\system32\spxcoins.dll 2009-11-24 07:16:18 0 ----a-w- d:\documents and settings\janaki\settings.dat 2009-11-24 06:25:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-24 06:25:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-24 06:25:29 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-21 23:09:25 0 d-----w- c:\program files\Norton 360 Premier Edition 2009-11-21 23:05:43 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2009-11-21 23:05:43 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2009-11-21 23:05:43 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-11-21 23:05:43 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2009-11-21 23:05:19 0 d-----w- c:\program files\Symantec 2009-11-20 12:20:32 0 d-----w- c:\program files\WinPcap 2009-11-20 01:03:25 30 ----a-w- c:\windows\system32\worker.info 2009-11-20 01:03:25 30 ----a-w- c:\windows\system32\thread.xml 2009-11-20 01:03:25 30 ----a-w- c:\windows\system32\config.data 2009-11-16 15:27:58 100 ------w- c:\windows\system32\flags.ini 2009-11-03 02:26:07 0 d-----w- d:\docume~1\janaki\applic~1\Visio ==================== Find3M ==================== 2009-11-26 20:11:21 23460 -c--a-w- c:\windows\system32\emptyregdb.dat 2008-12-20 14:55:51 1606064 ----a-w- c:\program files\googletalk-setup.exe ============= FINISH: 11:38:11.25 =============== ------------------------------------------------------------------------------------------------ Hijack This log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:07:03 PM, on 11/28/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\NETGEAR\WNDA3100\WNDA3100.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Avira\AntiVir Desktop\avcenter.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\notepad.exe C:\My Downloads\Defogger.exe C:\WINDOWS\system32\wscript.exe C:\My Downloads\2tpnvkpy.exe C:\WINDOWS\system32\NOTEPAD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: CitiUSBrowserHelper Class - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: (no name) - {BBCE9859-AC56-4091-B80B-A710A4719CEC} - (no file) O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360 Premier Edition\osCheck.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: NETGEAR WNDA3100 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNDA3100\WNDA3100.exe O4 - Global Startup: PGPtray.exe.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - http://moneycentral.msn.com/cabs/pmupd806.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\rdolib.dll O20 - Winlogon Notify: wvUkLFya - C:\WINDOWS\ O23 - Service: McAfee Application Installer Cleanup (0179441259267586) (0179441259267586mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\017944~1.EXE (file missing) O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WNDA3100\jswpsapi.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe -- End of file - 7699 bytes ---------------------------------------------- Thanks for spending your valuable time to review this and hoping this can get resolved soon. - sri Attach.zip