Srini
-
Posts
12 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Srini
-
-
Generally speaking, which one should I keep? I paid for the Norton, but of course, it does not make it better.
Going one step further, if you had to make a choice, which one anti virus would you pick from what is out there now? I really don't have an idea, so some direction would be helpful.
Hello.Okay. Firstly, we need to uninstal lone of those anti-virus software, I forgot to mention this to you earlier since we were fixing other things...
Why?
2 Anti-virus/Firewall Programs Running Simultaenously Warning
I do not recommend that you have more than one anti virus or firewall product installed and running on your computer at a time. In addition to wasting resources, if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Norton or Avira.
Please uninstall them until you are only running one antivirus using Add/Remove Programs if you are using XP or remove it via Programs and Features if you are using Vista.
---
Once you have done that successfully, post back with a new DDS log by running it again.
Thanks.
~EB
-
Hello ExtremeBoy,
As I had reported on 12/12 (it was in the middle of a post, sorry), Search redirects are working ok now. I am still getting a virus caught by Avira or Symantec every other day or so.
Thanks
sri
-
Hello ExtremeBoy,
Was not sure if you needed it, but I also ran the GMER Rootkit Scanner for you to take a look. Attached is Attach.zip with both ark and attach.txt files..
Thanks and regards,
sri
Hello ExtremeBoy,Here are the logs you requested:
Attach.txt is attached.
----------------------------------------------------
----------------------------------------------------
ESET LOG:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=684a052679681a49b9728215930f0e78
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-12-09 09:08:17
# local_time=2009-12-09 03:08:17 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 14027840 14027840 0 0
# compatibility_mode=1797 16775125 100 94 0 32048134 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 50 9 1407375 27678161 0 0
# scanned=86355
# found=3
# cleaned=3
# scan_time=12880
C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll Win32/Toolbar.MyWebSearch application (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Program Files\ZoneAlarmSB\bar\1.bin\NPZONESB.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\winlogon.exe.XXX Win32/Spy.Ursnif.A virus (deleted - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=684a052679681a49b9728215930f0e78
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-12-09 07:27:12
# local_time=2009-12-09 01:27:12 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 14062457 14062457 0 0
# compatibility_mode=1797 16775125 100 94 0 32082751 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 50 9 1441992 27712778 0 0
# scanned=86643
# found=0
# cleaned=0
# scan_time=15398
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=684a052679681a49b9728215930f0e78
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-12-12 10:49:31
# local_time=2009-12-12 04:49:31 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 14290756 14290756 0 0
# compatibility_mode=1797 16775125 100 94 0 32311050 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 50 9 1670291 27941077 0 0
# scanned=86971
# found=0
# cleaned=0
# scan_time=15236
----------------------------------------------------
----------------------------------------------------
DDS.txt
DDS (Ver_09-11-24.02) - NTFSx86
Run by janaki at 22:36:16.97 on Sat 12/12/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1279.379 [GMT -6:00]
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Norton 360 Premier Edition *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 Premier Edition *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WNDA3100\WNDA3100.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\WINDOWS\system32\Restore\rstrui.exe
C:\thisComputerRelated\virusIssue200911\dds.scr
============== Pseudo HJT Report ===============
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: CitiUSBrowserHelper Class: {387edf53-1cf2-4523-bc2f-13462651be8c} - c:\windows\system32\BhoCitUS.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360 premier edition\osCheck.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wnda3100\WNDA3100.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\pgptra~1.lnk - c:\windows\installer\{882025a7-7599-4989-8fcd-7604fb90d6a9}\Icon6560581611.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\PGPlsp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://moneycentral.msn.com/cabs/pmupd806.exe
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37887.6715625
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli PGPpwflt
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - d:\docume~1\janaki\applic~1\mozilla\firefox\profiles\fobmwy2q.default\
FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [2007-8-10 97792]
R0 PGPwded;PGPwded Storage Filter Service;c:\windows\system32\drivers\PGPwded.sys [2007-8-10 168960]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-11-28 108289]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-3-8 93320]
R2 PGPdisk;PGPdisk;c:\windows\system32\drivers\PGPdisk.sys [2007-8-10 224256]
R2 PGPsdkDriver;PGPsdkDriver;c:\windows\system32\drivers\PGPsdk.sys [2007-8-10 33792]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2005-5-26 9817]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-12-1 102448]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440]
R3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WNDA31.sys [2008-9-30 453120]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2009-6-30 57408]
S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2005-5-26 137392]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 ECCL100;ECCL100 NDIS Protocol Driver;\??\c:\windows\system32\eccl100.sys --> c:\windows\system32\ECCL100.SYS [?]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wnda3100\jswpsapi.exe [2008-2-27 360547]
S3 NaiAvFilter104;NAI Anti Virus;\Device\NaiAvFilter104.sys --> \Device\NaiAvFilter104.sys [?]
S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\rtl8187b.sys --> c:\windows\system32\drivers\RTL8187B.sys [?]
S3 SjyPkt;SjyPkt;\??\c:\windows\system32\drivers\sjypkt.sys --> c:\windows\system32\drivers\SjyPkt.sys [?]
S3 Usbidevws;Usbidevws;c:\windows\system32\drivers\hidbth.sys [2004-8-4 25600]
S3 W8100PCI;D-Link AirPlus G Wireless Driver;c:\windows\system32\drivers\mrv8k51.sys --> c:\windows\system32\drivers\mrv8k51.sys [?]
S3 wind502u;USB 2.0 Wireless Network Adapter;c:\windows\system32\drivers\wind502u.sys --> c:\windows\system32\drivers\wind502u.sys [?]
S4 0179441259267586mcinstcleanup;McAfee Application Installer Cleanup (0179441259267586);c:\windows\temp\017944~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\017944~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S4 ExtranetAccess;Contivity VPN Service;c:\program files\ip vpn remote services\Extranet_serv.exe [2007-12-7 811008]
S4 getPlusHelper;getPlus
-
Hello ExtremeBoy,
Here are the logs you requested:
Attach.txt is attached.
----------------------------------------------------
----------------------------------------------------
ESET LOG:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=684a052679681a49b9728215930f0e78
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-12-09 09:08:17
# local_time=2009-12-09 03:08:17 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 14027840 14027840 0 0
# compatibility_mode=1797 16775125 100 94 0 32048134 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 50 9 1407375 27678161 0 0
# scanned=86355
# found=3
# cleaned=3
# scan_time=12880
C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll Win32/Toolbar.MyWebSearch application (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Program Files\ZoneAlarmSB\bar\1.bin\NPZONESB.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\winlogon.exe.XXX Win32/Spy.Ursnif.A virus (deleted - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=684a052679681a49b9728215930f0e78
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-12-09 07:27:12
# local_time=2009-12-09 01:27:12 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 14062457 14062457 0 0
# compatibility_mode=1797 16775125 100 94 0 32082751 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 50 9 1441992 27712778 0 0
# scanned=86643
# found=0
# cleaned=0
# scan_time=15398
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=684a052679681a49b9728215930f0e78
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-12-12 10:49:31
# local_time=2009-12-12 04:49:31 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 14290756 14290756 0 0
# compatibility_mode=1797 16775125 100 94 0 32311050 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 50 9 1670291 27941077 0 0
# scanned=86971
# found=0
# cleaned=0
# scan_time=15236
----------------------------------------------------
----------------------------------------------------
DDS.txt
DDS (Ver_09-11-24.02) - NTFSx86
Run by janaki at 22:36:16.97 on Sat 12/12/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1279.379 [GMT -6:00]
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Norton 360 Premier Edition *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 Premier Edition *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WNDA3100\WNDA3100.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\WINDOWS\system32\Restore\rstrui.exe
C:\thisComputerRelated\virusIssue200911\dds.scr
============== Pseudo HJT Report ===============
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: CitiUSBrowserHelper Class: {387edf53-1cf2-4523-bc2f-13462651be8c} - c:\windows\system32\BhoCitUS.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360 premier edition\osCheck.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wnda3100\WNDA3100.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\pgptra~1.lnk - c:\windows\installer\{882025a7-7599-4989-8fcd-7604fb90d6a9}\Icon6560581611.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\PGPlsp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://moneycentral.msn.com/cabs/pmupd806.exe
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37887.6715625
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli PGPpwflt
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - d:\docume~1\janaki\applic~1\mozilla\firefox\profiles\fobmwy2q.default\
FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [2007-8-10 97792]
R0 PGPwded;PGPwded Storage Filter Service;c:\windows\system32\drivers\PGPwded.sys [2007-8-10 168960]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-11-28 108289]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-3-8 93320]
R2 PGPdisk;PGPdisk;c:\windows\system32\drivers\PGPdisk.sys [2007-8-10 224256]
R2 PGPsdkDriver;PGPsdkDriver;c:\windows\system32\drivers\PGPsdk.sys [2007-8-10 33792]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2005-5-26 9817]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-12-1 102448]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440]
R3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WNDA31.sys [2008-9-30 453120]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2009-6-30 57408]
S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2005-5-26 137392]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 ECCL100;ECCL100 NDIS Protocol Driver;\??\c:\windows\system32\eccl100.sys --> c:\windows\system32\ECCL100.SYS [?]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wnda3100\jswpsapi.exe [2008-2-27 360547]
S3 NaiAvFilter104;NAI Anti Virus;\Device\NaiAvFilter104.sys --> \Device\NaiAvFilter104.sys [?]
S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\rtl8187b.sys --> c:\windows\system32\drivers\RTL8187B.sys [?]
S3 SjyPkt;SjyPkt;\??\c:\windows\system32\drivers\sjypkt.sys --> c:\windows\system32\drivers\SjyPkt.sys [?]
S3 Usbidevws;Usbidevws;c:\windows\system32\drivers\hidbth.sys [2004-8-4 25600]
S3 W8100PCI;D-Link AirPlus G Wireless Driver;c:\windows\system32\drivers\mrv8k51.sys --> c:\windows\system32\drivers\mrv8k51.sys [?]
S3 wind502u;USB 2.0 Wireless Network Adapter;c:\windows\system32\drivers\wind502u.sys --> c:\windows\system32\drivers\wind502u.sys [?]
S4 0179441259267586mcinstcleanup;McAfee Application Installer Cleanup (0179441259267586);c:\windows\temp\017944~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\017944~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S4 ExtranetAccess;Contivity VPN Service;c:\program files\ip vpn remote services\Extranet_serv.exe [2007-12-7 811008]
S4 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-4 14336]
S4 Maxtor Sync Service;Maxtor Service;c:\program files\maxtor\sync\SyncServices.exe [2007-9-28 156976]
S4 SDService;Unicenter Software Delivery;"c:\program files\ca\unicenter software delivery\bin\sdserv.exe" --> c:\program files\ca\unicenter software delivery\bin\SDSERV.EXE [?]
=============== Created Last 30 ================
2009-12-09 05:12:18 0 d-----w- c:\program files\ESET
2009-12-06 05:35:57 0 d-sha-r- C:\cmdcons
2009-12-06 05:34:05 98816 ----a-w- c:\windows\sed.exe
2009-12-06 05:34:05 77312 ----a-w- c:\windows\MBR.exe
2009-12-06 05:34:05 260608 ----a-w- c:\windows\PEV.exe
2009-12-06 05:34:05 161792 ----a-w- c:\windows\SWREG.exe
2009-12-05 09:13:17 0 d-----w- c:\windows\system32\XPSViewer
2009-12-05 09:11:31 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-12-05 09:11:31 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-12-05 09:11:31 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-12-05 09:11:31 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-12-05 09:11:31 117760 ------w- c:\windows\system32\prntvpt.dll
2009-12-05 09:11:30 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-12-05 09:11:30 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-12-04 17:10:11 0 d-----w- c:\windows\system32\KB905474
2009-12-03 12:46:34 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-03 12:36:36 60416 -c----w- c:\windows\system32\dllcache\colbact.dll
2009-12-03 12:36:36 283648 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-12-03 12:36:35 35328 -c----w- c:\windows\system32\dllcache\sc.exe
2009-12-03 12:36:09 399360 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-12-03 12:36:09 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-12-03 12:36:08 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-12-03 12:35:43 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-03 12:35:42 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-03 12:35:15 616960 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-12-03 12:34:49 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-12-03 12:28:43 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2009-12-03 12:25:05 202752 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-12-03 12:24:12 333184 -c----w- c:\windows\system32\dllcache\srv.sys
2009-12-03 12:23:04 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-03 12:22:10 683520 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-03 12:16:44 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-12-03 12:10:17 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-12-03 12:09:48 1193414 -c----w- c:\windows\system32\dllcache\sysmain.sdb
2009-12-03 12:09:22 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-12-03 11:50:34 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-12-03 11:45:52 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-12-03 11:38:46 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-03 11:34:41 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-03 11:34:40 2180352 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-03 11:34:13 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-03 11:33:46 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-03 11:31:30 332800 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-11-28 17:33:44 0 ----a-w- d:\documents and settings\janaki\defogger_renable
2009-11-28 07:04:11 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-28 07:03:51 0 d-----w- d:\docume~1\alluse~1\applic~1\Avira
2009-11-28 07:03:51 0 d-----w- c:\program files\Avira
2009-11-26 20:29:08 0 d-----w- d:\docume~1\janaki\applic~1\Malwarebytes
2009-11-26 20:26:18 13668 ----a-w- c:\windows\system32\wpa.bak
2009-11-26 20:13:41 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2009-11-26 20:13:29 749 ---ha-r- c:\windows\WindowsShell.Manifest
2009-11-26 20:13:29 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2009-11-26 20:13:29 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2009-11-26 20:13:29 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest
2009-11-26 20:13:29 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2009-11-26 20:10:19 295424 ------w- c:\windows\system32\termsrv.dll
2009-11-26 19:43:15 13312 ----a-w- c:\windows\system32\irclass.dll
2009-11-26 19:43:13 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-11-24 07:16:18 0 ----a-w- d:\documents and settings\janaki\settings.dat
2009-11-24 06:25:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-24 06:25:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-24 06:25:29 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-21 23:09:25 0 d-----w- c:\program files\Norton 360 Premier Edition
2009-11-21 23:05:43 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-11-21 23:05:43 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-11-21 23:05:43 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-11-21 23:05:43 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-11-21 23:05:19 0 d-----w- c:\program files\Symantec
==================== Find3M ====================
2009-11-26 20:11:21 23460 -c--a-w- c:\windows\system32\emptyregdb.dat
2009-10-29 05:48:04 662016 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 06:00:55 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00:55 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:58:48 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:53:29 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54:17 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54:17 112128 ----a-w- c:\windows\system32\rastls.dll
2009-09-25 05:56:32 81920 ----a-w- c:\windows\system32\ieencode.dll
2008-12-20 14:55:51 1606064 ----a-w- c:\program files\googletalk-setup.exe
============= FINISH: 22:37:38.11 ===============
----------------------------------------------------
----------------------------------------------------
Attach.txt is attached
Thanks
sri
Hello.Those are quarantine items from Symantec.
See if you can find the ESET log in the C:\Program Files\ESET location.
Sure, thanks.
POst the results whenever it's done.
Thanks.
~EB
-
Hello again,
Sorry got a bit delayed as I had started eset scanner one night on 12/9, but the machine was rebooted by morning due to a windows update.
I restarted eset scanner again, but it could find no issues. I also realized that I overwrote the log from the previous night. (it does not save history automatically. Just latest log.txt)
I looked at the ESET Online Scanner\Quarantine folder, and found some files there with date stamps during the night of the first scan (12/9), so thought I would let you know
There were five files with names:
- ABECC3CDED6E7C9712E8A403F44EDF3B2BF36FE4.NDF
- ABECC3CDED6E7C9712E8A403F44EDF3B2BF36FE4.NQF
- F4F78EB62985200220188A15223186E31E4E5FBB.NDF
- F4F78EB62985200220188A15223186E31E4E5FBB.NQF
- INFO.NQI
Pls. let me know if you need more information on this.
-----------------------------
Also, FYI, Avira had two messages in its Events:
Virus or unwanted program 'EXP/Pidief.GI [exploit]'
detected in file 'D:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\AP9D5E85C6.
Action performed: Delete file
Virus or unwanted program 'EXP/Pidief.GI [exploit]'
detected in file 'D:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APDF7E1801.
Action performed: Delete file
-----------------------------
I am trying to figure out why these showed up (no P2P software on machine). If you have any clues or advise, please let me know.
Eset scanner is still running, but i thought I would at least post an update. As soon as it is done, I will post the report and a DDS report.
Search redirects are working ok now.
Thanks for your patience,
Sri
Some leftovers we can deal with afterwards...Download and Run ATFCleaner
Please download ATF Cleaner by Atribune. This program will clear out temporary files and settings. You will likely be logged out of the forum where you are recieving help.
- Double-click ATF-Cleaner.exe to run the program.
- Under Main Select Files to Delete choose: Select All.
- Click the Empty Selected button.
If you use Firefox browser also...
- Click Firefox at the top and choose: Select All
- Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser also...
- Click Opera at the top and choose: Select All
- Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Run ESET Online Scan
- Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan - Click the button.
- For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
- Check
- Click the button.
- Accept any security warnings from your browser.
- Check
- Push the Start button.
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, push
- Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
- Push the button.
- Push
You can refer to this animation by neomage if needed.
Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left.
Thanks.
With Regards,
Extremeboy
- Double-click ATF-Cleaner.exe to run the program.
-
Hello extremeBoy,
Thanks for the response. I will try to create the logs for the other computer and post it to a new topic in a day or so.
In the meantime, here are the logs:
Malwarebytes' Anti-Malware 1.42
Database version: 3304
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
12/6/2009 12:44:17 PM
mbam-log-2009-12-06 (12-44-17).txt
Scan type: Quick Scan
Objects scanned: 156523
Time elapsed: 39 minute(s), 20 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
--------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------
DDS (Ver_09-11-24.02) - NTFSx86
Run by janaki at 13:07:17.76 on Sun 12/06/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1279.690 [GMT -6:00]
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Norton 360 Premier Edition *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 Premier Edition *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\NETGEAR\WNDA3100\WNDA3100.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\thisComputerRelated\virusIssue200911\dds.scr
============== Pseudo HJT Report ===============
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: CitiUSBrowserHelper Class: {387edf53-1cf2-4523-bc2f-13462651be8c} - c:\windows\system32\BhoCitUS.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360 premier edition\osCheck.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wnda3100\WNDA3100.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\pgptra~1.lnk - c:\windows\installer\{882025a7-7599-4989-8fcd-7604fb90d6a9}\Icon6560581611.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\PGPlsp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://moneycentral.msn.com/cabs/pmupd806.exe
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37887.6715625
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli PGPpwflt
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - d:\docume~1\janaki\applic~1\mozilla\firefox\profiles\fobmwy2q.default\
FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [2007-8-10 97792]
R0 PGPwded;PGPwded Storage Filter Service;c:\windows\system32\drivers\PGPwded.sys [2007-8-10 168960]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-11-28 108289]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-3-8 93320]
R2 PGPdisk;PGPdisk;c:\windows\system32\drivers\PGPdisk.sys [2007-8-10 224256]
R2 PGPsdkDriver;PGPsdkDriver;c:\windows\system32\drivers\PGPsdk.sys [2007-8-10 33792]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2005-5-26 9817]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-12-1 102448]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-11-24 38224]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2009-6-30 57408]
S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2005-5-26 137392]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
S3 ECCL100;ECCL100 NDIS Protocol Driver;\??\c:\windows\system32\eccl100.sys --> c:\windows\system32\ECCL100.SYS [?]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wnda3100\jswpsapi.exe [2008-2-27 360547]
S3 NaiAvFilter104;NAI Anti Virus;\Device\NaiAvFilter104.sys --> \Device\NaiAvFilter104.sys [?]
S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\rtl8187b.sys --> c:\windows\system32\drivers\RTL8187B.sys [?]
S3 SjyPkt;SjyPkt;\??\c:\windows\system32\drivers\sjypkt.sys --> c:\windows\system32\drivers\SjyPkt.sys [?]
S3 Usbidevws;Usbidevws;c:\windows\system32\drivers\hidbth.sys [2004-8-4 25600]
S3 W8100PCI;D-Link AirPlus G Wireless Driver;c:\windows\system32\drivers\mrv8k51.sys --> c:\windows\system32\drivers\mrv8k51.sys [?]
S3 wind502u;USB 2.0 Wireless Network Adapter;c:\windows\system32\drivers\wind502u.sys --> c:\windows\system32\drivers\wind502u.sys [?]
S3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WNDA31.sys [2008-9-30 453120]
S4 0179441259267586mcinstcleanup;McAfee Application Installer Cleanup (0179441259267586);c:\windows\temp\017944~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\017944~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S4 ExtranetAccess;Contivity VPN Service;c:\program files\ip vpn remote services\Extranet_serv.exe [2007-12-7 811008]
S4 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-4 14336]
S4 Maxtor Sync Service;Maxtor Service;c:\program files\maxtor\sync\SyncServices.exe [2007-9-28 156976]
S4 SDService;Unicenter Software Delivery;"c:\program files\ca\unicenter software delivery\bin\sdserv.exe" --> c:\program files\ca\unicenter software delivery\bin\SDSERV.EXE [?]
=============== Created Last 30 ================
2009-12-06 05:35:57 0 d-sha-r- C:\cmdcons
2009-12-06 05:34:05 98816 ----a-w- c:\windows\sed.exe
2009-12-06 05:34:05 77312 ----a-w- c:\windows\MBR.exe
2009-12-06 05:34:05 260608 ----a-w- c:\windows\PEV.exe
2009-12-06 05:34:05 161792 ----a-w- c:\windows\SWREG.exe
2009-12-05 09:13:17 0 d-----w- c:\windows\system32\XPSViewer
2009-12-05 09:11:31 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-12-05 09:11:31 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-12-05 09:11:31 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-12-05 09:11:31 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-12-05 09:11:31 117760 ------w- c:\windows\system32\prntvpt.dll
2009-12-05 09:11:30 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-12-05 09:11:30 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-12-04 17:10:11 0 d-----w- c:\windows\system32\KB905474
2009-12-03 12:46:34 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-03 12:36:36 60416 -c----w- c:\windows\system32\dllcache\colbact.dll
2009-12-03 12:36:36 283648 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-12-03 12:36:35 35328 -c----w- c:\windows\system32\dllcache\sc.exe
2009-12-03 12:36:09 399360 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-12-03 12:36:09 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-12-03 12:36:08 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-12-03 12:35:43 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-03 12:35:42 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-03 12:35:15 616960 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-12-03 12:34:49 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-12-03 12:28:43 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2009-12-03 12:25:05 202752 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-12-03 12:24:12 333184 -c----w- c:\windows\system32\dllcache\srv.sys
2009-12-03 12:23:04 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-03 12:22:10 683520 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-03 12:16:44 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-12-03 12:10:17 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-12-03 12:09:48 1193414 -c----w- c:\windows\system32\dllcache\sysmain.sdb
2009-12-03 12:09:22 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-12-03 11:50:34 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-12-03 11:45:52 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-12-03 11:38:46 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-03 11:34:41 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-03 11:34:40 2180352 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-03 11:34:13 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-03 11:33:46 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-03 11:31:30 332800 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-11-28 17:33:44 0 ----a-w- d:\documents and settings\janaki\defogger_renable
2009-11-28 07:04:11 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-28 07:03:51 0 d-----w- d:\docume~1\alluse~1\applic~1\Avira
2009-11-28 07:03:51 0 d-----w- c:\program files\Avira
2009-11-26 20:29:08 0 d-----w- d:\docume~1\janaki\applic~1\Malwarebytes
2009-11-26 20:26:18 13668 ----a-w- c:\windows\system32\wpa.bak
2009-11-26 20:13:41 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2009-11-26 20:13:29 749 ---ha-r- c:\windows\WindowsShell.Manifest
2009-11-26 20:13:29 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2009-11-26 20:13:29 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2009-11-26 20:13:29 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest
2009-11-26 20:13:29 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2009-11-26 20:10:19 295424 ------w- c:\windows\system32\termsrv.dll
2009-11-26 19:43:15 13312 ----a-w- c:\windows\system32\irclass.dll
2009-11-26 19:43:13 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-11-24 07:16:18 0 ----a-w- d:\documents and settings\janaki\settings.dat
2009-11-24 06:25:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-24 06:25:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-24 06:25:29 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-21 23:09:25 0 d-----w- c:\program files\Norton 360 Premier Edition
2009-11-21 23:05:43 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-11-21 23:05:43 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-11-21 23:05:43 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-11-21 23:05:43 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-11-21 23:05:19 0 d-----w- c:\program files\Symantec
==================== Find3M ====================
2009-11-26 20:11:21 23460 -c--a-w- c:\windows\system32\emptyregdb.dat
2009-09-25 05:56:36 662016 ------w- c:\windows\system32\wininet.dll
2009-09-25 05:56:32 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:33:52 133632 ----a-w- c:\windows\system32\msv1_0.dll
2008-12-20 14:55:51 1606064 ----a-w- c:\program files\googletalk-setup.exe
============= FINISH: 13:08:25.58 ===============
--------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------
Attach.zip attached for latest attach.txt and ark.txt from GMER run.
Thanks again,
sri
Hello.Perhaps but I can't be 100% sure without anything to see.
Yes, you can. Start a new topic in this forum and I will take a look and respond back to you.
It's almost impossible to tell how the virus came to your computer without me physically being there at the time of the infection. I can say generally these infections come from P2P sharing, flash-drive/removable drive autorun worms/infections.
Some information on one of the infection: http://www.threatexpert.com/report.aspx?md...7845a4a8b7ab6b8
Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.
Not just Combofix, but yes, the main infection is gone now. Things look good but still a few steps we need to complete to verify that your computer is completely clean.
--
No problem, glad we can help and thanks for letting me know.
Post the results whenever you're done.
With Regards,
Extremeboy
-
Wow - that's not good, as I believe there might have been some banking transactions done and I am a bit concerned.
So a few questions, if you don't mind:
- I have used a flash drive to copy photographs/documents between this computer and my other "clean" computer. Will that cause a risk to the other computer?
- can I/do I need to post logs from my other "clean" computer, so you could take a quick look?
- for my knowledge, are you able to tell the name of this virus from the logs and how the virus might have got in, in the first place?
- also, did ComboFix detect and remove it?
Sorry for all the questions, but your response is appreciated.
(I will be unable to post the new logs till later tonight.)
Again, thanks for your help and for the excellent service you all are providing!
Hi again,That's fine. Posting it is preferred.
You had a password stealing trojan.
If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
--
Update and Scan with MalwareBytes Anti-Malware
- Launch Malwarebytes' Anti-Malware
- Go to the Update tab
- Select Check for Update and let MBAM download and install any available updates.
- After the update is complete go to the Scanner tab.
- Make sure the "Perform Quick Scan" option is selected.
- Then click on the Scan button.
- If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
- The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
- When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
- Click OK to close the message box and continue with the removal process.
- Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
- Make sure that everything is checked, and click Remove Selected.
- When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
- The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left.
Thanks.
With Regards,
Extremeboy
- Launch Malwarebytes' Anti-Malware
-
Here is the ComboFix.txt: (you asked that it be included - I read that as copy and paste. It is also attached, just in case that's what you meant)
Thanks again!
-------------
ComboFix 09-12-05.03 - janaki 12/05/2009 23:37.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1279.733 [GMT -6:00]
Running from: d:\documents and settings\janaki\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Norton 360 Premier Edition *On-access scanning disabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 Premier Edition *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\recycler\S-1-5-21-1361031659-3470074583-838623864-500
c:\recycler\S-1-5-21-1815002781-3848448594-3852255402-500
c:\recycler\S-1-5-21-2008529862-4088190255-1608279117-500
c:\recycler\S-1-5-21-2055378577-3357456969-1883788766-500
c:\recycler\S-1-5-21-2304659736-572454927-963639892-500
c:\recycler\S-1-5-21-3765412682-274146658-773706229-500
c:\recycler\S-1-5-21-4101351205-3031065371-1103848779-500
c:\windows\Downloaded Program Files\Temp
c:\windows\run.log
c:\windows\system32\config.data
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\thread.xml
c:\windows\system32\WanPacket.dll
c:\windows\system32\worker.info
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Legacy_RPCPATCH
-------\Legacy_RPCTFTPD
-------\Service_npf
((((((((((((((((((((((((( Files Created from 2009-11-06 to 2009-12-06 )))))))))))))))))))))))))))))))
.
2009-12-05 09:14 . 2009-12-05 09:14 176864 ----a-w- d:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-05 09:13 . 2009-12-05 09:13 -------- d-----w- c:\windows\system32\XPSViewer
2009-12-05 09:13 . 2009-12-05 09:13 -------- d-----w- c:\program files\MSBuild
2009-12-05 09:12 . 2009-12-05 09:12 -------- d-----w- c:\program files\Reference Assemblies
2009-12-05 09:12 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-05 09:11 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-12-05 09:11 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-12-05 09:11 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-12-05 09:11 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-12-05 09:11 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-12-05 09:11 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-12-05 09:11 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-12-05 09:11 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-12-05 05:19 . 2009-12-05 05:19 4844296 ----a-w- d:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-04 17:10 . 2009-12-04 17:10 -------- d-----w- c:\windows\system32\KB905474
2009-12-04 17:10 . 2009-03-11 04:26 1403264 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-12-04 17:10 . 2009-03-11 04:18 453512 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2009-12-03 12:46 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-03 12:36 . 2009-03-06 14:44 283648 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-12-03 12:36 . 2005-07-26 04:39 60416 -c----w- c:\windows\system32\dllcache\colbact.dll
2009-12-03 12:36 . 2009-02-06 16:54 35328 -c----w- c:\windows\system32\dllcache\sc.exe
2009-12-03 12:36 . 2009-02-09 10:20 399360 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-12-03 12:36 . 2009-02-06 17:14 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-12-03 12:36 . 2009-02-09 10:20 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-12-03 12:35 . 2009-02-06 16:39 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-03 12:35 . 2009-02-09 10:20 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-03 12:35 . 2009-02-09 10:20 616960 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-12-03 12:34 . 2009-02-09 10:20 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-12-03 12:25 . 2008-05-08 12:28 202752 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-12-03 12:24 . 2008-12-11 11:57 333184 -c----w- c:\windows\system32\dllcache\srv.sys
2009-12-03 12:23 . 2009-07-10 13:42 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-03 12:22 . 2008-04-11 18:50 683520 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-03 12:16 . 2009-06-05 07:42 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-12-03 12:10 . 2009-07-31 04:57 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-12-03 12:09 . 2008-04-21 10:02 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-12-03 11:50 . 2009-06-21 22:04 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-12-03 11:45 . 2008-05-01 14:30 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-12-03 11:38 . 2008-10-24 11:10 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-03 11:34 . 2009-08-04 13:58 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-03 11:34 . 2009-08-04 14:00 2180352 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-03 11:34 . 2009-08-04 13:13 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-03 11:33 . 2009-08-04 13:13 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-03 11:31 . 2008-10-15 16:57 332800 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-11-28 07:04 . 2009-07-28 21:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-28 07:04 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-28 07:04 . 2009-02-13 17:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-11-28 07:04 . 2009-02-13 17:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-11-28 07:03 . 2009-11-28 07:03 -------- d-----w- d:\documents and settings\All Users\Application Data\Avira
2009-11-28 07:03 . 2009-11-28 07:03 -------- d-----w- c:\program files\Avira
2009-11-26 20:29 . 2009-11-26 20:29 -------- d-----w- d:\documents and settings\janaki\Application Data\Malwarebytes
2009-11-26 20:10 . 2004-08-04 12:00 295424 ----a-w- c:\windows\system32\termsrv.dll
2009-11-26 19:43 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-11-26 19:43 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-11-24 07:16 . 2009-11-24 07:16 0 ----a-w- d:\documents and settings\janaki\settings.dat
2009-11-24 06:25 . 2009-12-03 22:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-24 06:25 . 2009-12-03 22:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-24 06:25 . 2009-12-05 05:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-22 06:27 . 2009-11-22 06:27 -------- d-sh--w- d:\documents and settings\Default User\IETldCache
2009-11-21 23:10 . 2009-11-21 23:10 -------- d-----w- c:\program files\Windows Sidebar
2009-11-21 23:09 . 2009-11-26 22:24 -------- d-----w- c:\program files\Norton 360 Premier Edition
2009-11-21 23:05 . 2009-11-22 06:46 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-11-21 23:05 . 2009-11-22 06:46 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-11-21 23:05 . 2009-11-22 06:46 -------- d-----w- c:\program files\Symantec
2009-11-17 13:43 . 2009-11-17 13:43 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-06 05:58 . 2009-05-03 15:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-05 16:18 . 2005-11-13 16:51 -------- d-----w- d:\documents and settings\All Users\Application Data\Skype
2009-12-05 16:18 . 2007-09-25 02:14 -------- d-----w- c:\program files\VideoLAN
2009-12-04 04:10 . 2005-01-03 19:18 82352 -c--a-w- d:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-28 06:48 . 2008-07-25 00:07 -------- d---a-w- d:\documents and settings\All Users\Application Data\TEMP
2009-11-28 06:47 . 2009-02-23 04:36 -------- d-----w- c:\program files\SpywareBlaster
2009-11-26 20:29 . 2009-03-08 19:26 -------- d-----w- c:\program files\McAfee
2009-11-26 20:11 . 2003-09-23 16:02 23460 -c--a-w- c:\windows\system32\emptyregdb.dat
2009-11-24 06:17 . 2009-05-03 15:08 -------- d-----w- d:\documents and settings\All Users\Application Data\Symantec
2009-11-22 06:46 . 2009-11-21 23:05 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-11-22 06:46 . 2009-11-21 23:05 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-11-22 05:56 . 2009-02-23 03:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-21 23:17 . 2009-06-18 05:30 -------- d-----w- d:\documents and settings\janaki\Application Data\Symantec
2009-11-05 16:08 . 2009-04-06 15:52 19176444 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-11-03 02:26 . 2009-11-03 02:26 -------- d-----w- d:\documents and settings\janaki\Application Data\Visio
2009-10-28 03:07 . 2009-10-28 03:07 -------- d-----w- c:\program files\OpenProj
2009-10-28 02:48 . 2009-10-28 02:48 -------- d-----w- d:\documents and settings\All Users\Application Data\KaDonk
2009-10-28 02:47 . 2009-10-28 02:47 -------- d-----w- d:\documents and settings\janaki\Application Data\KaDonk
2009-10-28 02:45 . 2009-10-28 02:45 143546 ----a-r- d:\documents and settings\janaki\Application Data\Microsoft\Installer\{AF181338-5152-4BB7-ADA0-AC4249335F83}\_F62732F4AD468E2E2DC6ED.exe
2009-10-28 02:45 . 2009-10-28 02:45 143546 ----a-r- d:\documents and settings\janaki\Application Data\Microsoft\Installer\{AF181338-5152-4BB7-ADA0-AC4249335F83}\_D467E31FEC7FBC4521B739.exe
2009-10-28 02:45 . 2009-10-28 02:45 143546 ----a-r- d:\documents and settings\janaki\Application Data\Microsoft\Installer\{AF181338-5152-4BB7-ADA0-AC4249335F83}\_6FEFF9B68218417F98F549.exe
2009-10-28 02:44 . 2009-10-28 02:44 -------- d-----w- c:\program files\Temp
2009-10-18 16:07 . 2009-10-18 16:07 -------- d-----w- d:\documents and settings\janaki\Application Data\RapidTyping
2009-10-18 16:07 . 2009-10-18 16:07 -------- d-----w- c:\program files\RapidTyping
2009-10-18 16:07 . 2009-10-18 16:07 -------- d-----w- d:\documents and settings\All Users\Application Data\RapidTyping
2009-09-30 20:58 . 2008-02-18 19:38 9576 ----a-w- d:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\CCMSLLUM.DLL
2009-09-25 05:56 . 2004-08-04 12:00 662016 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:56 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:33 . 2004-08-04 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2008-12-20 14:55 . 2008-12-20 14:55 1606064 ----a-w- c:\program files\googletalk-setup.exe
2008-06-30 19:44 . 2009-05-05 12:14 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2007-08-10 20:27 598016 ----a-w- c:\windows\system32\PGPfsshl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-01 339968]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360 Premier Edition\osCheck.exe" [2008-02-26 988512]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
d:\documents and settings\cchittoor\Start Menu\Programs\Startup\
Check for TWS Updates.lnk - c:\program files\Jts\WiseUpdt.exe [2008-6-24 194775]
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
d:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WNDA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3100\WNDA3100.exe [2008-12-10 1482815]
PGPtray.exe.lnk - c:\windows\Installer\{882025A7-7599-4989-8FCD-7604FB90D6A9}\Icon6560581611.exe [2007-8-30 55296]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli PGPpwflt
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^PGPtray.exe.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\PGPtray.exe.lnk
backup=c:\windows\pss\PGPtray.exe.lnkCommon Startup
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Shortcut to mbam.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Shortcut to mbam.lnk
backup=c:\windows\pss\Shortcut to mbam.lnkCommon Startup
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Shortcut to mbamgui.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Shortcut to mbamgui.lnk
backup=c:\windows\pss\Shortcut to mbamgui.lnkCommon Startup
[HKLM\~\startupfolder\D:^Documents and Settings^cchittoor^Start Menu^Programs^Startup^Check for TWS Updates.lnk]
path=d:\documents and settings\cchittoor\Start Menu\Programs\Startup\Check for TWS Updates.lnk
backup=c:\windows\pss\Check for TWS Updates.lnkStartup
[HKLM\~\startupfolder\D:^Documents and Settings^cchittoor^Start Menu^Programs^Startup^Epson all-in-one Registration.lnk]
path=d:\documents and settings\cchittoor\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
backup=c:\windows\pss\Epson all-in-one Registration.lnkStartup
[HKLM\~\startupfolder\D:^Documents and Settings^cchittoor^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=d:\documents and settings\cchittoor\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McTaskManager"=2 (0x2)
"Macromedia Licensing Service"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"AmoAgent"=2 (0x2)
"AeXNSClient"=2 (0x2)
"gusvc"=3 (0x3)
"WMPNetworkSvc"=2 (0x2)
"r_server"=2 (0x2)
"SCardSvr"=2 (0x2)
"SDService"=2 (0x2)
"IDriverT"=3 (0x3)
"MDM"=2 (0x2)
"PGPserv"=2 (0x2)
"ose"=3 (0x3)
"Maxtor Sync Service"=2 (0x2)
"BITS"=3 (0x3)
"McShield"=2 (0x2)
"ExtranetAccess"=2 (0x2)
"S24EventMonitor"=2 (0x2)
"vsmon"=2 (0x2)
"SharedAccess"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"MSDTC"=3 (0x3)
"getPlusHelper"=3 (0x3)
"mnmsrvc"=3 (0x3)
"0179441259267586mcinstcleanup"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\system32\\sessmgr.exe"=
R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [8/10/2007 2:21 PM 97792]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/28/2009 1:04 AM 108289]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 1:37 PM 149352]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [3/8/2009 1:27 PM 93320]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [5/26/2005 3:58 PM 9817]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/1/2009 9:24 PM 102448]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [10/1/2008 3:45 PM 57440]
S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [5/26/2005 3:58 PM 137392]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 8:32 PM 23888]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 11:10 AM 17149]
S3 ECCL100;ECCL100 NDIS Protocol Driver;\??\c:\windows\system32\ECCL100.SYS --> c:\windows\system32\ECCL100.SYS [?]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WNDA3100\jswpsapi.exe [2/27/2008 10:54 AM 360547]
S3 NaiAvFilter104;NAI Anti Virus;\Device\NaiAvFilter104.sys --> \Device\NaiAvFilter104.sys [?]
S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\DRIVERS\RTL8187B.sys --> c:\windows\system32\DRIVERS\RTL8187B.sys [?]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]
S3 Usbidevws;Usbidevws;c:\windows\system32\drivers\hidbth.sys [8/4/2004 6:00 AM 25600]
S3 wind502u;USB 2.0 Wireless Network Adapter;c:\windows\system32\DRIVERS\wind502u.sys --> c:\windows\system32\DRIVERS\wind502u.sys [?]
S3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WNDA31.sys [9/30/2008 2:24 AM 453120]
S4 0179441259267586mcinstcleanup;McAfee Application Installer Cleanup (0179441259267586);c:\windows\TEMP\017944~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\017944~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S4 ExtranetAccess;Contivity VPN Service;c:\program files\IP VPN Remote Services\Extranet_serv.exe [12/7/2007 8:25 PM 811008]
S4 SDService;Unicenter Software Delivery;"c:\program files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE" --> c:\program files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: c:\windows\system32\PGPlsp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - d:\documents and settings\janaki\Application Data\Mozilla\Firefox\Profiles\fobmwy2q.default\
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -
BHO-{BBCE9859-AC56-4091-B80B-A710A4719CEC} - (no file)
Notify-wvUkLFya - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-06 00:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1512)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2572)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\PGPfsshl.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\PGPlsp.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-12-06 00:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-06 06:07
Pre-Run: 921,067,520 bytes free
Post-Run: 887,152,640 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin
- - End Of File - - 8B8BF1D036DDC12626C83DF996675604
Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page on instructions on doing so.
Please include the C:\ComboFix.txt in your next reply for further review.
-
Hello Extremeboy,
Thanks for taking the time! It is appreciated.
As of yesterday morning, search links were getting redirected to the wrong places. Oddly enough, (without me doing anything additional), the links are working ok this morning. (This is my mother's computer, so I don't use it too often)
Since I did not do anything at all yesterday, I am a bit confused. So I would still like to request you to take a look at the logs, as there could still be some underlying problem. (this problem has been there for 3 weeks now, so I cannot imagine it would disappear the day you responded!).
Logs as requested:
----------
Malwarebytes' Anti-Malware 1.42
Database version: 3298
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
12/4/2009 11:36:54 PM
mbam-log-2009-12-04 (23-36-54).txt
Scan type: Quick Scan
Objects scanned: 157239
Time elapsed: 15 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
----------------------------------------------------
----------------------------------------------------
DDS (Ver_09-12-01.01) - NTFSx86
Run by janaki at 12:15:59.47 on Sat 12/05/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1279.572 [GMT -6:00]
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Norton 360 Premier Edition *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 Premier Edition *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WNDA3100\WNDA3100.exe
C:\WINDOWS\system32\cleanmgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\My Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: CitiUSBrowserHelper Class: {387edf53-1cf2-4523-bc2f-13462651be8c} - c:\windows\system32\BhoCitUS.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {BBCE9859-AC56-4091-B80B-A710A4719CEC} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360 premier edition\osCheck.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wnda3100\WNDA3100.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\pgptra~1.lnk - c:\windows\installer\{882025a7-7599-4989-8fcd-7604fb90d6a9}\Icon6560581611.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\PGPlsp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://moneycentral.msn.com/cabs/pmupd806.exe
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37887.6715625
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\windows\system32\rdolib.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli PGPpwflt
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - d:\docume~1\janaki\applic~1\mozilla\firefox\profiles\fobmwy2q.default\
FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [2007-8-10 97792]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-11-28 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-11-28 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-11-28 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-28 55656]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-3-8 93320]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2005-5-26 9817]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-12-1 102448]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20091204.037\NAVENG.SYS [2009-12-4 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20091204.037\NAVEX15.SYS [2009-12-4 1323568]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2009-11-21 1245064]
S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2005-5-26 137392]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
S3 ECCL100;ECCL100 NDIS Protocol Driver;\??\c:\windows\system32\eccl100.sys --> c:\windows\system32\ECCL100.SYS [?]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wnda3100\jswpsapi.exe [2008-2-27 360547]
S3 NaiAvFilter104;NAI Anti Virus;\Device\NaiAvFilter104.sys --> \Device\NaiAvFilter104.sys [?]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\rtl8187b.sys --> c:\windows\system32\drivers\RTL8187B.sys [?]
S3 SjyPkt;SjyPkt;\??\c:\windows\system32\drivers\sjypkt.sys --> c:\windows\system32\drivers\SjyPkt.sys [?]
S3 Usbidevws;Usbidevws;c:\windows\system32\drivers\hidbth.sys [2004-8-4 25600]
S3 wind502u;USB 2.0 Wireless Network Adapter;c:\windows\system32\drivers\wind502u.sys --> c:\windows\system32\drivers\wind502u.sys [?]
S3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WNDA31.sys [2008-9-30 453120]
S4 0179441259267586mcinstcleanup;McAfee Application Installer Cleanup (0179441259267586);c:\windows\temp\017944~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\017944~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S4 ExtranetAccess;Contivity VPN Service;c:\program files\ip vpn remote services\Extranet_serv.exe [2007-12-7 811008]
S4 SDService;Unicenter Software Delivery;"c:\program files\ca\unicenter software delivery\bin\sdserv.exe" --> c:\program files\ca\unicenter software delivery\bin\SDSERV.EXE [?]
=============== Created Last 30 ================
2009-12-05 09:13:17 0 d-----w- c:\windows\system32\XPSViewer
2009-12-05 09:11:31 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-12-05 09:11:31 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-12-05 09:11:31 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-12-05 09:11:31 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-12-05 09:11:31 117760 ------w- c:\windows\system32\prntvpt.dll
2009-12-05 09:11:30 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-12-05 09:11:30 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-12-04 17:10:11 0 d-----w- c:\windows\system32\KB905474
2009-12-03 12:46:34 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-03 12:36:36 60416 -c----w- c:\windows\system32\dllcache\colbact.dll
2009-12-03 12:36:36 283648 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-12-03 12:36:35 35328 -c----w- c:\windows\system32\dllcache\sc.exe
2009-12-03 12:36:09 399360 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-12-03 12:36:09 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-12-03 12:36:08 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-12-03 12:35:43 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-03 12:35:42 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-03 12:35:15 616960 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-12-03 12:34:49 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-12-03 12:28:43 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2009-12-03 12:25:05 202752 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-12-03 12:24:12 333184 -c----w- c:\windows\system32\dllcache\srv.sys
2009-12-03 12:23:04 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-03 12:22:10 683520 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-03 12:16:44 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-12-03 12:10:17 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-12-03 12:09:48 1193414 -c----w- c:\windows\system32\dllcache\sysmain.sdb
2009-12-03 12:09:22 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-12-03 11:50:34 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-12-03 11:45:52 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-12-03 11:38:46 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-03 11:34:41 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-03 11:34:40 2180352 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-03 11:34:13 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-03 11:33:46 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-03 11:31:30 332800 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-11-28 17:33:44 0 ----a-w- d:\documents and settings\janaki\defogger_renable
2009-11-28 07:04:11 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-28 07:03:51 0 d-----w- d:\docume~1\alluse~1\applic~1\Avira
2009-11-28 07:03:51 0 d-----w- c:\program files\Avira
2009-11-26 20:29:08 0 d-----w- d:\docume~1\janaki\applic~1\Malwarebytes
2009-11-26 20:26:18 13668 ----a-w- c:\windows\system32\wpa.bak
2009-11-26 20:13:41 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2009-11-26 20:13:29 749 ---ha-r- c:\windows\WindowsShell.Manifest
2009-11-26 20:13:29 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2009-11-26 20:13:29 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2009-11-26 20:13:29 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest
2009-11-26 20:13:29 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2009-11-26 20:10:19 295424 ----a-w- c:\windows\system32\termsrv.dll
2009-11-26 19:43:15 13312 ----a-w- c:\windows\system32\irclass.dll
2009-11-26 19:43:13 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-11-24 07:16:18 0 ----a-w- d:\documents and settings\janaki\settings.dat
2009-11-24 06:25:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-24 06:25:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-24 06:25:29 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-21 23:09:25 0 d-----w- c:\program files\Norton 360 Premier Edition
2009-11-21 23:05:43 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-11-21 23:05:43 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-11-21 23:05:43 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-11-21 23:05:43 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-11-21 23:05:19 0 d-----w- c:\program files\Symantec
2009-11-20 12:20:32 0 d-----w- c:\program files\WinPcap
2009-11-20 01:03:25 30 ----a-w- c:\windows\system32\worker.info
2009-11-20 01:03:25 30 ----a-w- c:\windows\system32\thread.xml
2009-11-20 01:03:25 30 ----a-w- c:\windows\system32\config.data
==================== Find3M ====================
2009-11-26 20:11:21 23460 -c--a-w- c:\windows\system32\emptyregdb.dat
2009-09-25 05:56:36 662016 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:56:32 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:33:52 133632 ----a-w- c:\windows\system32\msv1_0.dll
2008-12-20 14:55:51 1606064 ----a-w- c:\program files\googletalk-setup.exe
============= FINISH: 12:17:15.22 ===============
------------------------------------------------------
Thanks again for your feedback,
Hello and welcome to Malwarebytes.I Apologize for the late response.
If you still require assistance, we would like to see the latest state of your system. So, please take a read in this thread on instructions on running the tools and posting the logs for instructions:http://www.malwarebytes.org/forums/index.php?showtopic=9573
In your reply, I would also like to know any symptoms you may still have and how your computer is running at the moment.
Please note that the forum is very busy and if I don
-
Hello,
Have not received a response to my request below (4th day today). Attempting to bump this up please..
Thanks
Hello,Posting here after spending many many hours/few days trying to resolve this problem, so I appreciate your help in resolving this.
Quick background:
--------------------
Problem 1) redirects after google search
Problem 2) Malwarebytes has been finding new issues each new day even though it cleans up everyday. I have not been doing much of browsing (except for going on these forums and a little black friday research)
FYI, thx to your forums, was able to resolve these next two problems (used Avira AntiVir Rescue System)
Problem 2 - think this is resolved) Was getting a pop up that the system was infected
Problem 3 - resolved) was unable to start malwarebytes or hijack this
I have run hijack and have followed instructions from http://www.malwarebytes.org/forums/index.php?showtopic=9573
(Avira and malwarebytes found some infections).
Logs included:
- Malwarebytes
- DDS.txt
- Hijackthis
- Attach.zip - Attach.txt and ark.txt
Here are the logs:
----------------------------------------
Malware bytes log:
Malwarebytes' Anti-Malware 1.41
Database version: 3250
Windows 5.1.2600 Service Pack 2
11/28/2009 10:20:03 AM
mbam-log-2009-11-28 (10-20-03).txt
Scan type: Quick Scan
Objects scanned: 154981
Time elapsed: 11 minute(s), 20 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Spyware.Passwords) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\mscert.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\WINDOWS\rdolib.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
D:\Documents and Settings\LocalService\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\flags.ini (Malware.Trace) -> Delete on reboot.
C:\WINDOWS\system32\uses32.dat (Malware.Trace) -> Quarantined and deleted successfully.
----------------------------------------------
----------------------------------------------
----------------------------------------------
DDS.txt:
DDS (Ver_09-11-24.02) - NTFSx86
Run by janaki at 11:36:37.90 on Sat 11/28/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1279.109 [GMT -6:00]
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Norton 360 Premier Edition *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 Premier Edition *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\NETGEAR\WNDA3100\WNDA3100.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\My Downloads\Defogger.exe
D:\Documents and Settings\janaki\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: CitiUSBrowserHelper Class: {387edf53-1cf2-4523-bc2f-13462651be8c} - c:\windows\system32\BhoCitUS.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {BBCE9859-AC56-4091-B80B-A710A4719CEC} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360 premier edition\osCheck.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wnda3100\WNDA3100.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\pgptra~1.lnk - c:\windows\installer\{882025a7-7599-4989-8fcd-7604fb90d6a9}\Icon6560581611.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\PGPlsp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://moneycentral.msn.com/cabs/pmupd806.exe
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37887.6715625
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\windows\system32\rdolib.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli PGPpwflt
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - d:\docume~1\janaki\applic~1\mozilla\firefox\profiles\fobmwy2q.default\
FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll
FF - plugin: d:\documents and settings\janaki\application data\mozilla\firefox\profiles\fobmwy2q.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [2007-8-10 97792]
R0 PGPwded;PGPwded Storage Filter Service;c:\windows\system32\drivers\PGPwded.sys [2007-8-10 168960]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-11-28 108289]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-3-8 93320]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064]
R2 PGPdisk;PGPdisk;c:\windows\system32\drivers\PGPdisk.sys [2007-8-10 224256]
R2 PGPsdkDriver;PGPsdkDriver;c:\windows\system32\drivers\PGPsdk.sys [2007-8-10 33792]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2005-5-26 9817]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-11-22 102448]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-11-24 38224]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2009-6-30 57408]
S2 0179441259267586mcinstcleanup;McAfee Application Installer Cleanup (0179441259267586);c:\windows\temp\017944~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\017944~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2005-5-26 137392]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
S3 ECCL100;ECCL100 NDIS Protocol Driver;\??\c:\windows\system32\eccl100.sys --> c:\windows\system32\ECCL100.SYS [?]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wnda3100\jswpsapi.exe [2008-2-27 360547]
S3 NaiAvFilter104;NAI Anti Virus;\Device\NaiAvFilter104.sys --> \Device\NaiAvFilter104.sys [?]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\rtl8187b.sys --> c:\windows\system32\drivers\RTL8187B.sys [?]
S3 SjyPkt;SjyPkt;\??\c:\windows\system32\drivers\sjypkt.sys --> c:\windows\system32\drivers\SjyPkt.sys [?]
S3 Usbidevws;Usbidevws;c:\windows\system32\drivers\hidbth.sys [2004-8-4 25600]
S3 W8100PCI;D-Link AirPlus G Wireless Driver;c:\windows\system32\drivers\mrv8k51.sys --> c:\windows\system32\drivers\mrv8k51.sys [?]
S3 wind502u;USB 2.0 Wireless Network Adapter;c:\windows\system32\drivers\wind502u.sys --> c:\windows\system32\drivers\wind502u.sys [?]
S3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WNDA31.sys [2008-9-30 453120]
S4 ExtranetAccess;Contivity VPN Service;c:\program files\ip vpn remote services\Extranet_serv.exe [2007-12-7 811008]
S4 getPlusHelper;getPlus
-
Hello,
Posting here after spending many many hours/few days trying to resolve this problem, so I appreciate your help in resolving this.
Quick background:
--------------------
Problem 1) redirects after google search
Problem 2) Malwarebytes has been finding new issues each new day even though it cleans up everyday. I have not been doing much of browsing (except for going on these forums and a little black friday research)
FYI, thx to your forums, was able to resolve these next two problems (used Avira AntiVir Rescue System)
Problem 2 - think this is resolved) Was getting a pop up that the system was infected
Problem 3 - resolved) was unable to start malwarebytes or hijack this
I have run hijack and have followed instructions from http://www.malwarebytes.org/forums/index.php?showtopic=9573
(Avira and malwarebytes found some infections).
Logs included:
- Malwarebytes
- DDS.txt
- Hijackthis
- Attach.zip - Attach.txt and ark.txt
Here are the logs:
----------------------------------------
Malware bytes log:
Malwarebytes' Anti-Malware 1.41
Database version: 3250
Windows 5.1.2600 Service Pack 2
11/28/2009 10:20:03 AM
mbam-log-2009-11-28 (10-20-03).txt
Scan type: Quick Scan
Objects scanned: 154981
Time elapsed: 11 minute(s), 20 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Spyware.Passwords) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\mscert.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\WINDOWS\rdolib.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
D:\Documents and Settings\LocalService\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\flags.ini (Malware.Trace) -> Delete on reboot.
C:\WINDOWS\system32\uses32.dat (Malware.Trace) -> Quarantined and deleted successfully.
----------------------------------------------
----------------------------------------------
----------------------------------------------
DDS.txt:
DDS (Ver_09-11-24.02) - NTFSx86
Run by janaki at 11:36:37.90 on Sat 11/28/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1279.109 [GMT -6:00]
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Norton 360 Premier Edition *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 Premier Edition *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\NETGEAR\WNDA3100\WNDA3100.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\My Downloads\Defogger.exe
D:\Documents and Settings\janaki\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: CitiUSBrowserHelper Class: {387edf53-1cf2-4523-bc2f-13462651be8c} - c:\windows\system32\BhoCitUS.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {BBCE9859-AC56-4091-B80B-A710A4719CEC} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360 premier edition\osCheck.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wnda3100\WNDA3100.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\pgptra~1.lnk - c:\windows\installer\{882025a7-7599-4989-8fcd-7604fb90d6a9}\Icon6560581611.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\PGPlsp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://moneycentral.msn.com/cabs/pmupd806.exe
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37887.6715625
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\windows\system32\rdolib.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli PGPpwflt
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - d:\docume~1\janaki\applic~1\mozilla\firefox\profiles\fobmwy2q.default\
FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll
FF - plugin: d:\documents and settings\janaki\application data\mozilla\firefox\profiles\fobmwy2q.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [2007-8-10 97792]
R0 PGPwded;PGPwded Storage Filter Service;c:\windows\system32\drivers\PGPwded.sys [2007-8-10 168960]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-11-28 108289]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-3-8 93320]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064]
R2 PGPdisk;PGPdisk;c:\windows\system32\drivers\PGPdisk.sys [2007-8-10 224256]
R2 PGPsdkDriver;PGPsdkDriver;c:\windows\system32\drivers\PGPsdk.sys [2007-8-10 33792]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2005-5-26 9817]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-11-22 102448]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-11-24 38224]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2009-6-30 57408]
S2 0179441259267586mcinstcleanup;McAfee Application Installer Cleanup (0179441259267586);c:\windows\temp\017944~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\017944~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2005-5-26 137392]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
S3 ECCL100;ECCL100 NDIS Protocol Driver;\??\c:\windows\system32\eccl100.sys --> c:\windows\system32\ECCL100.SYS [?]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wnda3100\jswpsapi.exe [2008-2-27 360547]
S3 NaiAvFilter104;NAI Anti Virus;\Device\NaiAvFilter104.sys --> \Device\NaiAvFilter104.sys [?]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\rtl8187b.sys --> c:\windows\system32\drivers\RTL8187B.sys [?]
S3 SjyPkt;SjyPkt;\??\c:\windows\system32\drivers\sjypkt.sys --> c:\windows\system32\drivers\SjyPkt.sys [?]
S3 Usbidevws;Usbidevws;c:\windows\system32\drivers\hidbth.sys [2004-8-4 25600]
S3 W8100PCI;D-Link AirPlus G Wireless Driver;c:\windows\system32\drivers\mrv8k51.sys --> c:\windows\system32\drivers\mrv8k51.sys [?]
S3 wind502u;USB 2.0 Wireless Network Adapter;c:\windows\system32\drivers\wind502u.sys --> c:\windows\system32\drivers\wind502u.sys [?]
S3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WNDA31.sys [2008-9-30 453120]
S4 ExtranetAccess;Contivity VPN Service;c:\program files\ip vpn remote services\Extranet_serv.exe [2007-12-7 811008]
S4 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-4 14336]
S4 Maxtor Sync Service;Maxtor Service;c:\program files\maxtor\sync\SyncServices.exe [2007-9-28 156976]
S4 SDService;Unicenter Software Delivery;"c:\program files\ca\unicenter software delivery\bin\sdserv.exe" --> c:\program files\ca\unicenter software delivery\bin\SDSERV.EXE [?]
=============== Created Last 30 ================
2009-11-28 17:33:44 0 ----a-w- d:\documents and settings\janaki\defogger_renable
2009-11-28 07:04:11 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-28 07:03:51 0 d-----w- d:\docume~1\alluse~1\applic~1\Avira
2009-11-28 07:03:51 0 d-----w- c:\program files\Avira
2009-11-26 20:29:08 0 d-----w- d:\docume~1\janaki\applic~1\Malwarebytes
2009-11-26 20:26:18 13668 ----a-w- c:\windows\system32\wpa.bak
2009-11-26 20:13:41 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2009-11-26 20:13:29 749 ---ha-r- c:\windows\WindowsShell.Manifest
2009-11-26 20:13:29 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2009-11-26 20:13:29 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2009-11-26 20:13:29 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest
2009-11-26 20:13:29 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2009-11-26 20:10:19 295424 ----a-w- c:\windows\system32\termsrv.dll
2009-11-26 19:43:15 13312 ----a-w- c:\windows\system32\irclass.dll
2009-11-26 19:43:13 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-11-24 07:16:18 0 ----a-w- d:\documents and settings\janaki\settings.dat
2009-11-24 06:25:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-24 06:25:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-24 06:25:29 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-21 23:09:25 0 d-----w- c:\program files\Norton 360 Premier Edition
2009-11-21 23:05:43 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-11-21 23:05:43 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-11-21 23:05:43 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-11-21 23:05:43 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-11-21 23:05:19 0 d-----w- c:\program files\Symantec
2009-11-20 12:20:32 0 d-----w- c:\program files\WinPcap
2009-11-20 01:03:25 30 ----a-w- c:\windows\system32\worker.info
2009-11-20 01:03:25 30 ----a-w- c:\windows\system32\thread.xml
2009-11-20 01:03:25 30 ----a-w- c:\windows\system32\config.data
2009-11-16 15:27:58 100 ------w- c:\windows\system32\flags.ini
2009-11-03 02:26:07 0 d-----w- d:\docume~1\janaki\applic~1\Visio
==================== Find3M ====================
2009-11-26 20:11:21 23460 -c--a-w- c:\windows\system32\emptyregdb.dat
2008-12-20 14:55:51 1606064 ----a-w- c:\program files\googletalk-setup.exe
============= FINISH: 11:38:11.25 ===============
------------------------------------------------------------------------------------------------
Hijack This log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:07:03 PM, on 11/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\NETGEAR\WNDA3100\WNDA3100.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\My Downloads\Defogger.exe
C:\WINDOWS\system32\wscript.exe
C:\My Downloads\2tpnvkpy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CitiUSBrowserHelper Class - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: (no name) - {BBCE9859-AC56-4091-B80B-A710A4719CEC} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360 Premier Edition\osCheck.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: NETGEAR WNDA3100 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNDA3100\WNDA3100.exe
O4 - Global Startup: PGPtray.exe.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\rdolib.dll
O20 - Winlogon Notify: wvUkLFya - C:\WINDOWS\
O23 - Service: McAfee Application Installer Cleanup (0179441259267586) (0179441259267586mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\017944~1.EXE (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WNDA3100\jswpsapi.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 7699 bytes
----------------------------------------------
Thanks for spending your valuable time to review this and hoping this can get resolved soon.
- sri
Redirected Search results and other problems - Please help!
in Resolved Malware Removal Logs
Posted
Hello Extremeboy,
Sorry got a bit delayed on this.
per your instruction, I have disabled Avira guard for now and have also stopped the scheduler.
Here is the DDS.txt and Attach.txt (is attached). Do you also need ark.txt again?
--------------------------------
DDS (Ver_09-11-24.02) - NTFSx86
Run by janaki at 22:53:08.08 on Sun 12/20/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1279.673 [GMT -6:00]
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Norton 360 Premier Edition *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 Premier Edition *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WNDA3100\WNDA3100.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\thisComputerRelated\virusIssue200911\dds.scr
============== Pseudo HJT Report ===============
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: CitiUSBrowserHelper Class: {387edf53-1cf2-4523-bc2f-13462651be8c} - c:\windows\system32\BhoCitUS.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360 premier edition\osCheck.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wnda3100\WNDA3100.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\pgptra~1.lnk - c:\windows\installer\{882025a7-7599-4989-8fcd-7604fb90d6a9}\Icon6560581611.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\PGPlsp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://moneycentral.msn.com/cabs/pmupd806.exe
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37887.6715625
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli PGPpwflt
================= FIREFOX ===================
FF - ProfilePath - d:\docume~1\janaki\applic~1\mozilla\firefox\profiles\fobmwy2q.default\
FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [2007-8-10 97792]
R0 PGPwded;PGPwded Storage Filter Service;c:\windows\system32\drivers\PGPwded.sys [2007-8-10 168960]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-11-28 108289]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-3-8 93320]
R2 PGPdisk;PGPdisk;c:\windows\system32\drivers\PGPdisk.sys [2007-8-10 224256]
R2 PGPsdkDriver;PGPsdkDriver;c:\windows\system32\drivers\PGPsdk.sys [2007-8-10 33792]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2005-5-26 9817]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-12-1 102448]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440]
R3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WNDA31.sys [2008-9-30 453120]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2009-6-30 57408]
S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2005-5-26 137392]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 ECCL100;ECCL100 NDIS Protocol Driver;\??\c:\windows\system32\eccl100.sys --> c:\windows\system32\ECCL100.SYS [?]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wnda3100\jswpsapi.exe [2008-2-27 360547]
S3 NaiAvFilter104;NAI Anti Virus;\Device\NaiAvFilter104.sys --> \Device\NaiAvFilter104.sys [?]
S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\rtl8187b.sys --> c:\windows\system32\drivers\RTL8187B.sys [?]
S3 SjyPkt;SjyPkt;\??\c:\windows\system32\drivers\sjypkt.sys --> c:\windows\system32\drivers\SjyPkt.sys [?]
S3 Usbidevws;Usbidevws;c:\windows\system32\drivers\hidbth.sys [2004-8-4 25600]
S3 W8100PCI;D-Link AirPlus G Wireless Driver;c:\windows\system32\drivers\mrv8k51.sys --> c:\windows\system32\drivers\mrv8k51.sys [?]
S3 wind502u;USB 2.0 Wireless Network Adapter;c:\windows\system32\drivers\wind502u.sys --> c:\windows\system32\drivers\wind502u.sys [?]
S4 0179441259267586mcinstcleanup;McAfee Application Installer Cleanup (0179441259267586);c:\windows\temp\017944~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\017944~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S4 ExtranetAccess;Contivity VPN Service;c:\program files\ip vpn remote services\Extranet_serv.exe [2007-12-7 811008]
S4 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-4 14336]
S4 Maxtor Sync Service;Maxtor Service;c:\program files\maxtor\sync\SyncServices.exe [2007-9-28 156976]
S4 SDService;Unicenter Software Delivery;"c:\program files\ca\unicenter software delivery\bin\sdserv.exe" --> c:\program files\ca\unicenter software delivery\bin\SDSERV.EXE [?]
=============== Created Last 30 ================
2009-12-13 15:44:47 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-13 15:44:29 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-13 15:44:28 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-13 15:44:04 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-13 15:44:03 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-13 15:43:55 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-13 15:36:32 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-09 05:12:18 0 d-----w- c:\program files\ESET
2009-12-06 05:35:57 0 d-sha-r- C:\cmdcons
2009-12-06 05:34:05 98816 ----a-w- c:\windows\sed.exe
2009-12-06 05:34:05 77312 ----a-w- c:\windows\MBR.exe
2009-12-06 05:34:05 260608 ----a-w- c:\windows\PEV.exe
2009-12-06 05:34:05 161792 ----a-w- c:\windows\SWREG.exe
2009-12-05 09:13:17 0 d-----w- c:\windows\system32\XPSViewer
2009-12-05 09:11:31 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-12-05 09:11:31 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-12-05 09:11:31 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-12-05 09:11:31 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-12-05 09:11:31 117760 ------w- c:\windows\system32\prntvpt.dll
2009-12-05 09:11:30 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-12-05 09:11:30 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-12-04 17:10:11 0 d-----w- c:\windows\system32\KB905474
2009-12-03 12:46:34 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-03 12:36:36 60416 -c----w- c:\windows\system32\dllcache\colbact.dll
2009-12-03 12:36:36 283648 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-12-03 12:36:35 35328 -c----w- c:\windows\system32\dllcache\sc.exe
2009-12-03 12:36:09 399360 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-12-03 12:36:09 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-12-03 12:36:08 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-12-03 12:35:43 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-03 12:35:42 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-03 12:35:15 616960 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-12-03 12:34:49 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-12-03 12:28:43 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2009-12-03 12:25:05 202752 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-12-03 12:24:12 333184 -c----w- c:\windows\system32\dllcache\srv.sys
2009-12-03 12:23:04 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-03 12:22:10 683520 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-03 12:16:44 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-12-03 12:10:17 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-12-03 12:09:48 1193414 -c----w- c:\windows\system32\dllcache\sysmain.sdb
2009-12-03 12:09:22 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-12-03 11:50:34 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-12-03 11:45:52 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-12-03 11:38:46 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-03 11:34:41 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-03 11:34:40 2180352 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-03 11:34:13 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-03 11:33:46 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-03 11:31:30 332800 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-11-28 17:33:44 0 ----a-w- d:\documents and settings\janaki\defogger_renable
2009-11-28 07:04:11 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-28 07:03:51 0 d-----w- d:\docume~1\alluse~1\applic~1\Avira
2009-11-28 07:03:51 0 d-----w- c:\program files\Avira
2009-11-26 20:29:08 0 d-----w- d:\docume~1\janaki\applic~1\Malwarebytes
2009-11-26 20:26:18 13668 ----a-w- c:\windows\system32\wpa.bak
2009-11-26 20:13:41 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2009-11-26 20:13:29 749 ---ha-r- c:\windows\WindowsShell.Manifest
2009-11-26 20:13:29 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2009-11-26 20:13:29 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2009-11-26 20:13:29 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest
2009-11-26 20:13:29 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2009-11-26 20:10:19 295424 ------w- c:\windows\system32\termsrv.dll
2009-11-26 19:43:15 13312 ----a-w- c:\windows\system32\irclass.dll
2009-11-26 19:43:13 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-11-24 07:16:18 0 ----a-w- d:\documents and settings\janaki\settings.dat
2009-11-24 06:25:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-24 06:25:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-24 06:25:29 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-21 23:09:25 0 d-----w- c:\program files\Norton 360 Premier Edition
2009-11-21 23:05:43 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-11-21 23:05:43 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-11-21 23:05:43 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-11-21 23:05:43 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-11-21 23:05:19 0 d-----w- c:\program files\Symantec
==================== Find3M ====================
2009-11-26 20:11:21 23460 -c--a-w- c:\windows\system32\emptyregdb.dat
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 06:00:55 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00:55 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-13 10:53:29 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54:17 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54:17 112128 ----a-w- c:\windows\system32\rastls.dll
2008-12-20 14:55:51 1606064 ----a-w- c:\program files\googletalk-setup.exe
============= FINISH: 22:54:05.12 ===============
Thanks
sri
Attach.txt