Jump to content

cjo

Members
  • Posts

    7
  • Joined

  • Last visited

Everything posted by cjo

  1. Thanks again Chris for all of your help. I'll look into all of your suggestions. Much, much appreciated! Cathie
  2. Okay, Took care of all of those. Haven't noticed any problems so far. Fingers crossed! Any suggestions on what I can run in conjunction with Norton? Even if periodically? Thanks! Cathie
  3. Sorry about that. I had actually run the two, but I guess when I tried to re-post, I cut part of the reports off. Here they are again: Scanning Report Sunday, March 28, 2010 16:30:48 - 17:09:50 Computer name: VOSTRO400 Scanning type: Scan system for malware, spyware and rootkits Target: C:\ No malware found Statistics Scanned: * Files: 52959 * System: 3807 * Not scanned: 16 Actions: * Disinfected: 0 * Renamed: 0 * Deleted: 0 * Not cleaned: 0 * Submitted: 0 Files not scanned: * C:\HIBERFIL.SYS * C:\PAGEFILE.SYS * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT * C:\WINDOWS\SYSTEM32\CONFIG\SAM * C:\WINDOWS\SYSTEM32\CONFIG\SECURITY * C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE * C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM * C:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE * C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP560\A0053654.SYS * C:\DOCUMENTS AND SETTINGS\CATHIE\LOCAL SETTINGS\TEMP\HSPERFDATA_CATHIE\140 * C:\DOCUMENTS AND SETTINGS\CATHIE\LOCAL SETTINGS\TEMP\HSPERFDATA_CATHIE\3880 * C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COMMON CLIENT\_LCK\_AVPAPP_{BB639333-810A-4BF8-85F5-C537857F55FC}0 * C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COMMON CLIENT\_LCK\_ISDATAPR_{FF9AC67A-E394-46AE-B150-B3365343F166}G * C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COMMON CLIENT\_LCK\_NPC.TRAY.{1AFE47BB-FCF1-4096-9039-1FEBC9A0CCCF}0 * C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COMMON CLIENT\_LCK\_ISDATAPR_{E8EFD4CD-DE52-4444-9511-EFF3B158724B}0 * C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COMMON CLIENT\_LCK\_UI.HOST.{1AFE47BB-FCF1-4096-9039-1FEBC9A0CCCF}0 Options Scanning engines: Scanning options: * Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR * Use advanced heuristics Results of screen317's Security Check version 0.99.2 Windows XP Service Pack 3 Internet Explorer 7 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! ``````````````````````````````` Anti-malware/Other Utilities Check: Ad-Aware Malwarebytes' Anti-Malware HijackThis 2.0.2 Java 6 Update 11 Java 6 Update 3 Java 6 Update 5 Java 6 Update 7 Out of date Java installed! Adobe Flash Player 10 Adobe Reader 8.1.2 Adobe Reader 8.1.2 Security Update 1 (KB403742) Out of date Adobe Reader installed! ```````````````````````````````` Process Check: objlist.exe by Laurent Norton ccSvcHst.exe Ad-Aware AAWService.exe Ad-Aware AAWTray.exe ```````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) ``````````End of Log```````````` Cathie
  4. I ran the F-secure Online scanner and the Security Check and here are the reports. I did a couple of test searches on Google in Firefox and everything seems to be okay with that. However, as I tried to post this reply initially, my whole system seemed to lock up. Nothing would load but I was able to exit all programs. The computer wouldn't shut down or restart so I manually shut it down and restarted. Also, do I need to save any of the things I've downloaded (programs or reports)? I get Norton 360 free with my Comcast internet, so thats what I use. Do you recommend any other programs to use in conjunction with it? Or ones to avoid for that matter. Or do I only need them if I run into a problem? I really appreciate all of your help with this. Computers can be confusing and sometimes scary if you don't know so much about them! Cathie Scanning Report Sunday, March 28, 2010 16:30:48 - 17:09:50 Computer name: VOSTRO400 Scanning type: Scan system for malware, spyware and rootkits Target: C:\ No malware found Statistics Scanned: * Files: 52959 * System: 3807 * Not scanned: 16
  5. Hi, Here is the ComboFix log and new DDS log as requested. ComboFix 10-03-26.02 - Cathie 03/26/2010 17:33:41.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1571 [GMT -4:00] Running from: c:\documents and settings\Cathie\My Documents\Downloads\ComboFix.exe AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Security Suite *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\BSTIEPrintCtl1.dll c:\windows\system32\bszip.dll Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\atapi.sys . ((((((((((((((((((((((((( Files Created from 2010-02-26 to 2010-03-26 ))))))))))))))))))))))))))))))) . 2010-03-21 23:25 . 2010-03-21 23:25 396288 ----a-w- C:\HijackThis.exe 2010-03-21 21:50 . 2010-03-21 20:53 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-03-21 20:53 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-03-21 20:53 . 2010-03-21 20:53 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-03-21 20:51 . 2010-03-21 20:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-03-21 20:51 . 2010-03-21 20:51 -------- d-----w- c:\program files\Lavasoft 2010-03-21 16:45 . 2010-03-21 16:45 -------- d-----w- C:\N360_BACKUP 2010-03-16 21:04 . 2010-03-16 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2010-03-16 01:59 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe 2010-03-15 21:46 . 2010-03-15 21:46 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys 2010-03-15 21:46 . 2010-03-15 22:16 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-03-15 21:46 . 2010-03-15 21:46 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2010-03-15 21:46 . 2010-03-15 21:46 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2010-03-15 21:46 . 2010-03-15 21:46 -------- d-----w- c:\program files\Symantec 2010-03-15 21:46 . 2010-03-17 21:35 -------- d-----w- c:\windows\system32\drivers\N360 2010-03-15 21:46 . 2010-03-15 21:46 -------- d-----w- c:\program files\Norton Security Suite 2010-03-15 21:46 . 2010-03-15 21:46 -------- d-----w- c:\program files\Windows Sidebar 2010-03-15 21:46 . 2010-03-15 21:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2010-03-15 21:45 . 2010-03-15 21:45 -------- d-----w- c:\program files\NortonInstaller 2010-03-15 21:45 . 2010-03-15 21:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2010-03-15 21:27 . 2010-03-15 21:27 -------- d-----w- c:\documents and settings\Cathie\Local Settings\Application Data\ICS 2010-03-03 22:11 . 2010-03-03 22:11 -------- d-----w- c:\documents and settings\Cathie\Local Settings\Application Data\kgdbju . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-26 21:39 . 2008-01-18 16:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-03-25 22:28 . 2008-05-12 01:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-03-22 00:27 . 2008-01-30 21:38 -------- d-----w- c:\documents and settings\Cathie\Application Data\U3 2010-03-21 20:52 . 2008-01-18 16:51 -------- d-----w- c:\program files\Google 2010-03-21 20:51 . 2008-05-29 03:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-03-21 18:22 . 2009-12-27 23:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-21 18:21 . 2010-03-21 18:21 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-03-15 21:46 . 2010-03-15 21:46 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2010-03-15 21:46 . 2010-03-15 21:46 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2010-03-15 21:46 . 2008-01-29 16:01 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys 2010-03-15 21:46 . 2010-03-15 21:46 1291104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll 2010-03-15 21:46 . 2010-03-15 21:46 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll 2010-03-15 21:46 . 2008-01-29 16:02 107368 ----a-r- c:\windows\system32\GEARAspi.dll 2010-03-15 21:46 . 2010-03-15 21:46 776952 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll 2010-03-15 21:44 . 2008-01-18 16:52 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2010-03-15 07:16 . 2010-03-25 20:45 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100325.002\NAVENG.SYS 2010-03-15 07:16 . 2010-03-25 20:45 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100325.002\EECTRL.SYS 2010-03-15 07:16 . 2010-03-25 20:45 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100325.002\ECMSVR32.DLL 2010-03-15 07:16 . 2010-03-25 20:45 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100325.002\NAVENG32.DLL 2010-03-15 07:16 . 2010-03-25 20:45 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100325.002\NAVEX32A.DLL 2010-03-15 07:16 . 2010-03-25 20:45 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100325.002\NAVEX15.SYS 2010-03-15 07:16 . 2010-03-25 20:45 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100325.002\ERASER.SYS 2010-03-15 07:16 . 2010-03-25 20:45 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100325.002\CCERASER.DLL 2010-02-14 18:26 . 2010-02-14 18:26 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2010-02-14 18:26 . 2008-01-18 16:56 -------- d-----w- c:\program files\Microsoft Works 2010-02-12 22:27 . 2010-02-12 22:27 -------- d-----w- c:\program files\Microsoft Silverlight 2010-02-12 21:41 . 2010-03-26 21:39 558448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll 2010-02-04 15:53 . 2010-03-21 20:51 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe 2010-02-01 23:20 . 2010-03-26 21:39 165240 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll 2010-01-07 20:07 . 2009-12-27 23:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 20:07 . 2009-12-27 23:48 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-05 10:00 . 2004-08-10 18:51 832512 ----a-w- c:\windows\system32\wininet.dll 2010-01-05 10:00 . 2004-08-10 18:51 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-01-05 10:00 . 2004-08-10 18:50 17408 ------w- c:\windows\system32\corpol.dll 2009-12-31 16:50 . 2004-08-10 18:51 353792 ----a-w- c:\windows\system32\drivers\srv.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-18 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-28 8429568] "RTHDCPL"="RTHDCPL.EXE" [2007-07-22 16132608] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920] "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2008-1-18 7168] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-1-18 49152] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Citi Virtual Account Numbers] 2007-12-07 19:52 270336 ----a-w- c:\progra~1\VIRTUA~1\CitiVAN.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2008-01-18 16:52 1838592 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] 2004-05-12 20:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2004-02-12 18:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] 2004-04-06 10:28 172032 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06] 2004-06-07 04:42 659456 ----a-w- c:\windows\system32\hphmon06.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06] 2004-06-07 04:53 49152 ----a-w- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2008-06-02 15:13 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv] 2006-10-20 23:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc] 2006-08-17 15:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray] 2006-11-05 17:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-01-18 16:51 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10421:UDP"= 10421:UDP:SingleClick Discovery Protocol "10426:UDP"= 10426:UDP:SingleClick ICC R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/21/2010 4:53 PM 64288] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [3/15/2010 6:54 PM 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [3/15/2010 6:54 PM 259632] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [3/15/2010 6:54 PM 482432] R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100326.001\IDSXpx86.sys [3/26/2010 10:09 AM 329592] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1263728] R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [3/15/2010 6:54 PM 117640] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/15/2010 7:55 PM 102448] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/18/2009 8:31 PM 135664] . Contents of the 'Scheduled Tasks' folder 2010-03-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 20:53] 2010-03-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2010-03-26 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-18 00:09] 2010-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 00:31] 2010-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 00:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html Trusted Zone: internet Trusted Zone: mcafee.com FF - ProfilePath - c:\documents and settings\Cathie\Application Data\Mozilla\Firefox\Profiles\n47ixlez.default\ FF - prefs.js: browser.search.selectedEngine - Creative Commons FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll FF - plugin: c:\documents and settings\All Users\Application Data\RealArcade\npraclient.dll FF - plugin: c:\documents and settings\Cathie\Application Data\Mozilla\Firefox\Profiles\n47ixlez.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol305.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - ORPHANS REMOVED - - - - SafeBoot-mcmscsvc SafeBoot-MCODS ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-26 17:40 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\3.8.0.41\diMaster.dll\" /prefetch:1" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1124) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Roxio\Drag-to-Disc\Shellex.dll c:\windows\system32\DLAAPI_W.DLL c:\windows\system32\CDRTC.DLL c:\program files\Roxio\Drag-to-Disc\ShellRes.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Dell Network Assistant\hnm_svc.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\RTHDCPL.EXE c:\program files\Dell Network Assistant\ezi_hnm2.exe c:\windows\system32\nvsvc32.exe c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe c:\program files\Dell Support Center\bin\sprtsvc.exe c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\wscntfy.exe c:\program files\Lavasoft\Ad-Aware\AAWTray.exe . ************************************************************************** . Completion time: 2010-03-26 17:44:26 - machine was rebooted ComboFix-quarantined-files.txt 2010-03-26 21:44 Pre-Run: 224,692,056,064 bytes free Post-Run: 224,684,617,728 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - E33CBECF218901A51858979316D1DDDD DDS (Ver_10-03-17.01) - NTFSx86 Run by Cathie at 17:47:02.84 on Fri 03/26/2010 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1407 [GMT -4:00] AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Security Suite *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Dell Network Assistant\hnm_svc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Dell Network Assistant\ezi_hnm2.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Cathie\My Documents\Downloads\dds (1).scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: CitiUSBrowserHelper Class: {387edf53-1cf2-4523-bc2f-13462651be8c} - c:\program files\virtual account numbers\BhoCitUS.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\3.8.0.41\IPSBHO.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [RTHDCPL] RTHDCPL.EXE mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [ECenter] c:\dell\e-center\EULALauncher.exe mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe" mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellne~1.lnk - c:\windows\installer\{0240bdfb-2995-4a3f-8c96-18d41282b716}\Icon0240BDFB3.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html IE: {DE700910-58F7-4D2E-B7E6-3BA2DA1B6806} - c:\progra~1\virtua~1\CitiVAN.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Trusted Zone: internet Trusted Zone: mcafee.com DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://chill.comcast.net/Gameshell/GameHost/1.0/OberonGameHost.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://www.shockwave.com/content/feedingfrenzy/sis/SproutLauncher.cab Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton security suite\engine\3.8.0.41\CoIEPlg.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\cathie\applic~1\mozilla\firefox\profiles\n47ixlez.default\ FF - prefs.js: browser.search.selectedEngine - Creative Commons FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll FF - plugin: c:\documents and settings\all users\application data\realarcade\npraclient.dll FF - plugin: c:\documents and settings\cathie\application data\mozilla\firefox\profiles\n47ixlez.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPcol305.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-21 64288] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-3-15 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-3-15 259632] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-3-15 482432] R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100326.001\IDSXpx86.sys [2010-3-26 329592] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1263728] R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\3.8.0.41\ccSvcHst.exe [2010-3-15 117640] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-3-15 102448] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-18 135664] S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100325.002\NAVENG.SYS [2010-3-25 84912] S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100325.002\NAVEX15.SYS [2010-3-25 1324720] =============== Created Last 30 ================ 2010-03-26 21:30:39 0 d-sha-r- C:\cmdcons 2010-03-26 21:28:41 98816 ----a-w- c:\windows\sed.exe 2010-03-26 21:28:41 77312 ----a-w- c:\windows\MBR.exe 2010-03-26 21:28:41 261632 ----a-w- c:\windows\PEV.exe 2010-03-26 21:28:41 161792 ----a-w- c:\windows\SWREG.exe 2010-03-21 23:25:29 396288 ----a-w- C:\HijackThis.exe 2010-03-21 21:50:46 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-03-21 20:53:39 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-03-21 20:53:26 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-03-21 20:51:39 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-03-21 20:51:28 0 d-----w- c:\program files\Lavasoft 2010-03-21 16:45:07 0 d-----w- C:\N360_BACKUP 2010-03-16 21:04:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec 2010-03-16 01:59:45 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe 2010-03-15 21:46:44 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys 2010-03-15 21:46:40 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2010-03-15 21:46:40 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2010-03-15 21:46:40 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2010-03-15 21:46:40 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2010-03-15 21:46:40 0 d-----w- c:\program files\Symantec 2010-03-15 21:46:40 0 d-----w- c:\program files\common files\Symantec Shared 2010-03-15 21:46:08 0 d-----w- c:\windows\system32\drivers\N360 2010-03-15 21:46:06 0 d-----w- c:\program files\Norton Security Suite 2010-03-15 21:46:05 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton 2010-03-15 21:45:57 0 d-----w- c:\program files\NortonInstaller 2010-03-15 21:45:57 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller ==================== Find3M ==================== 2010-03-15 21:46:32 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys 2010-03-15 21:46:25 107368 ----a-r- c:\windows\system32\GEARAspi.dll 2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys 2009-12-31 15:33:06 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe 2009-12-31 15:33:06 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe 2008-08-06 14:43:45 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080620080807\index.dat ============= FINISH: 17:47:10.12 =============== Appreciate all of your help! Will await your further instructions. Cathie
  6. Here are the logs requested: Malwarebytes' Anti-Malware 1.44 Database version: 3902 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 3/22/2010 8:20:40 PM mbam-log-2010-03-22 (20-20-40).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 202857 Time elapsed: 57 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS (Ver_10-03-17.01) - NTFSx86 Run by Cathie at 20:22:56.60 on Mon 03/22/2010 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1167 [GMT -4:00] AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Dell Network Assistant\hnm_svc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Dell Network Assistant\ezi_hnm2.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Cathie\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb uDefault_Page_URL = hxxp://www.dellnet.com/ uStart Page = hxxp://www.google.com/ uWindow Title = Microsoft Internet Explorer provided by Comcast mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: CitiUSBrowserHelper Class: {387edf53-1cf2-4523-bc2f-13462651be8c} - c:\program files\virtual account numbers\BhoCitUS.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\3.8.0.41\IPSBHO.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [<NO NAME>] mRun: [ECenter] c:\dell\e-center\EULALauncher.exe mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe" mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellne~1.lnk - c:\windows\installer\{0240bdfb-2995-4a3f-8c96-18d41282b716}\Icon0240BDFB3.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe mPolicies-system: EnableLUA = 0 (0x0) IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html IE: {DE700910-58F7-4D2E-B7E6-3BA2DA1B6806} - c:\progra~1\virtua~1\CitiVAN.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Trusted Zone: internet Trusted Zone: mcafee.com DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://chill.comcast.net/Gameshell/GameHost/1.0/OberonGameHost.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://www.shockwave.com/content/feedingfrenzy/sis/SproutLauncher.cab Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton security suite\engine\3.8.0.41\CoIEPlg.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\cathie\applic~1\mozilla\firefox\profiles\n47ixlez.default\ FF - prefs.js: browser.search.selectedEngine - Creative Commons FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll FF - plugin: c:\documents and settings\all users\application data\realarcade\npraclient.dll FF - plugin: c:\documents and settings\cathie\application data\mozilla\firefox\profiles\n47ixlez.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPcol305.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-21 64288] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-3-15 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-3-15 259632] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-3-15 482432] R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100312.001\IDSXpx86.sys [2010-3-15 329592] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1263728] R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\3.8.0.41\ccSvcHst.exe [2010-3-15 117640] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-3-15 102448] R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100322.004\NAVENG.SYS [2010-3-22 84912] R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100322.004\NAVEX15.SYS [2010-3-22 1324720] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-18 135664] =============== Created Last 30 ================ 2010-03-21 23:25:29 396288 ----a-w- C:\HijackThis.exe 2010-03-21 21:50:46 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-03-21 20:53:39 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-03-21 20:53:26 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-03-21 20:51:39 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-03-21 20:51:28 0 d-----w- c:\program files\Lavasoft 2010-03-21 16:45:07 0 d-----w- C:\N360_BACKUP 2010-03-16 21:04:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec 2010-03-16 01:59:45 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe 2010-03-15 21:46:44 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys 2010-03-15 21:46:40 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2010-03-15 21:46:40 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2010-03-15 21:46:40 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2010-03-15 21:46:40 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2010-03-15 21:46:40 0 d-----w- c:\program files\Symantec 2010-03-15 21:46:40 0 d-----w- c:\program files\common files\Symantec Shared 2010-03-15 21:46:08 0 d-----w- c:\windows\system32\drivers\N360 2010-03-15 21:46:06 0 d-----w- c:\program files\Norton Security Suite 2010-03-15 21:46:05 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton 2010-03-15 21:45:57 0 d-----w- c:\program files\NortonInstaller 2010-03-15 21:45:57 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller ==================== Find3M ==================== 2010-03-15 21:46:32 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys 2010-03-15 21:46:25 107368 ----a-r- c:\windows\system32\GEARAspi.dll 2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys 2009-12-31 15:33:06 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe 2009-12-31 15:33:06 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe 2008-08-06 14:43:45 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080620080807\index.dat ============= FINISH: 20:23:25.04 ===============
  7. Hi, I have Windows XP and usually run Firefox. My searches through Google are being redirected to other sites. Sometimes I can use the back button to get to the site I actually wanted but not always. I've run Norton security, Malware Bytes and Ad aware but it's still happening. Here is my HJT log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:25:53 PM, on 3/21/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16981) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Dell Network Assistant\hnm_svc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Dell Network Assistant\ezi_hnm2.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Cathie\Application Data\U3\0000187FC5725CC3\LaunchPad.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080118 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\Program Files\Virtual Account Numbers\BhoCitUS.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.DLL O2 - BHO: Java
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.