Jump to content

kdilla

Members
  • Posts

    4
  • Joined

  • Last visited

Everything posted by kdilla

  1. I am having trouble with virus scan software but other programs seem to be less sluggish. I appreciate the help, let me know what else I can do. I did a quick scan first, then full scan... here are the reports: Scanning Report Thursday, August 11, 2011 21:00:01 - 21:23:28 Computer name: DA_PC Scanning type: Quick scan Target: System 8 malware found Trojan.Generic.6104246 (spyware) System (Disinfected) Trojan.Generic.6106632 (spyware) System (Disinfected) Application.Dialer.INF (spyware) System (Not cleaned) TrackingCookie.Webtrends (spyware) System (Disinfected) Trojan.Generic.6177083 (spyware) System (Disinfected) Trojan.Generic.6129073 (spyware) System (Disinfected) Trojan.Generic.1709709 (spyware) System (Disinfected) Trojan.Patched.HE (spyware) System (Disinfected) Statistics Scanned: Files: 6903 System: 6903 Not scanned: 0 Actions: Disinfected: 7 Renamed: 0 Deleted: 0 Not cleaned: 1 Submitted: 0 Options Scanning engines: Full Scan Report: Scanning Report Friday, August 12, 2011 17:25:55 - 20:17:34 Computer name: DA_PC Scanning type: Scan system for malware, spyware and rootkits Target: C:\ H:\ 1 malware found Application.Dialer.INF (spyware) System (Not cleaned) Statistics Scanned: Files: 110049 System: 5038 Not scanned: 36 Actions: Disinfected: 0 Renamed: 0 Deleted: 0 Not cleaned: 1 Submitted: 0 Files not scanned: C:\HIBERFIL.SYS C:\PAGEFILE.SYS C:\WINDOWS\SYSTEM32\ZONELABS\VSMON.EXE C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\WINDOWS\SYSTEM32\CONFIG\SAM C:\WINDOWS\SYSTEM32\CONFIG\SECURITY C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM C:\WINDOWS\ASSEMBLY\GAC_MSIL\ C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE C:\PROGRAM FILES\SEAGATE\BASICS\SERVICE\SYNCSERVICESBASICS.EXE C:\PROGRAM FILES\PROGRAM\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE C:\PROGRAM FILES\PROGRAM\NEW\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE C:\PROGRAM FILES\PROGRAM\NEW2\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\MBAM.EXE C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\FIREFOX.EXE C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\ISWSVC.EXE C:\DOCUMENTS AND SETTINGS\DA CHIEF\MY DOCUMENTS\DOWNLOADS\CWSHREDDER.EXE C:\DOCUMENTS AND SETTINGS\DA CHIEF\MY DOCUMENTS\DOWNLOADS\OTM.EXE C:\DOCUMENTS AND SETTINGS\DA CHIEF\LOCAL SETTINGS\TEMP\ETILQS_AKJEL09VBNSVXNF C:\DOCUMENTS AND SETTINGS\DA CHIEF\LOCAL SETTINGS\TEMP\ETILQS_JEIT2ETSDJP2BPE C:\DOCUMENTS AND SETTINGS\DA CHIEF\LOCAL SETTINGS\TEMP\TEMPORARY DIRECTORY 3 FOR ROOTKITBUSTER_3.60.1016.ZIP\ROOTKITBUSTER.EXE C:\DOCUMENTS AND SETTINGS\DA CHIEF\LOCAL SETTINGS\TEMP\TEMPORARY DIRECTORY 5 FOR ROOTKITBUSTER_3.60.1016.ZIP\ROOTKITBUSTER.EXE C:\DOCUMENTS AND SETTINGS\DA CHIEF\LOCAL SETTINGS\TEMP\TEMPORARY DIRECTORY 4 FOR ROOTKITBUSTER_3.60.1016.ZIP\ROOTKITBUSTER.EXE C:\DOCUMENTS AND SETTINGS\DA CHIEF\LOCAL SETTINGS\TEMP\TEMPORARY DIRECTORY 1 FOR ROOTKITBUSTER_3.60.1016.ZIP\ROOTKITBUSTER.EXE C:\DOCUMENTS AND SETTINGS\DA CHIEF\LOCAL SETTINGS\TEMP\TEMPORARY DIRECTORY 2 FOR ROOTKITBUSTER_3.60.1016.ZIP\ROOTKITBUSTER.EXE C:\DOCUMENTS AND SETTINGS\DA CHIEF\LOCAL SETTINGS\TEMP\HSPERFDATA_DA CHIEF\1220 C:\DOCUMENTS AND SETTINGS\DA CHIEF\LOCAL SETTINGS\TEMP\HSPERFDATA_DA CHIEF\700 C:\DOCUMENTS AND SETTINGS\DA CHIEF\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\CURRENT TABS C:\DOCUMENTS AND SETTINGS\DA CHIEF\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\CURRENT SESSION C:\DOCUMENTS AND SETTINGS\DA CHIEF\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_2 C:\DOCUMENTS AND SETTINGS\DA CHIEF\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_1 C:\DOCUMENTS AND SETTINGS\DA CHIEF\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_0 C:\DOCUMENTS AND SETTINGS\DA CHIEF\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_3 C:\DOCUMENTS AND SETTINGS\DA CHIEF\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\INDEX C:\DOCUMENTS AND SETTINGS\DA CHIEF\DESKTOP\0J9V3V06.EXE Options Scanning engines: Scanning options: Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR Use advanced heuristics
  2. Thanks for the continued help! I ran the scanner and looks as though there were some infected files that could not be deleted. I posted the scanner log and the security check log, let me know what else I can do. Here is the ESET log: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=bc33789e5679ff4a9a25f1b6c46b189b # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-08-05 04:28:39 # local_time=2011-08-04 11:28:39 (-0600, Central Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 892792 892792 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # compatibility_mode=9217 16777214 75 66 35020 11164317 0 0 # scanned=94514 # found=30 # cleaned=18 # scan_time=4735 C:\Documents and Settings\Da Chief\Application Data\WinPatrol\HOSTS Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe Win32/Patched.HN trojan (error while cleaning) 00000000000000000000000000000000 I C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe Win32/Patched.HN trojan (error while cleaning) 00000000000000000000000000000000 I C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe Win32/Patched.HN trojan (error while cleaning) 00000000000000000000000000000000 I C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE Win32/Patched.HN trojan (error while cleaning) 00000000000000000000000000000000 I C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE Win32/Patched.HN trojan (error while cleaning) 00000000000000000000000000000000 I C:\Program Files\iPod\bin\iPodService.exe Win32/Patched.HN trojan (error while cleaning) 00000000000000000000000000000000 I C:\Program Files\Java\jre6\bin\jqs.exe Win32/Patched.HN trojan (error while cleaning) 00000000000000000000000000000000 I C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe Win32/Patched.HN trojan (error while cleaning) 00000000000000000000000000000000 I C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe Win32/Patched.HN trojan (error while cleaning) 00000000000000000000000000000000 I C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\Program Files\Webroot\Washer\WasherSvc.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\l1rezerv.exe.vir Win32/TrojanDownloader.Delf.QSA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\services32.exe.vir a variant of Win32/Kryptik.QSI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\sysdriver32.exe.vir a variant of Win32/TrojanDownloader.Delf.QRH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\sysdriver32.exe100000.vir a variant of Win32/TrojanDownloader.Delf.QRH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\sysdriver32_.exe.vir a variant of Win32/TrojanDownloader.Delf.QRH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\systemup.exe.vir probably a variant of Win32/TrojanDownloader.Delf.QQI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\assembly\GAC_MSIL\desktop.ini.vir a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\wuauclt.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ipsec.sys.vir a variant of Win32/Sirefef.CO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\update.1\svchost.exe.vir a variant of Win32/Kryptik.QSI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\update.3\svchost.exe.vir a variant of Win32/TrojanDownloader.Delf.QRH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\WINDOWS\SYSTEM32\nvsvc32.exe Win32/Patched.HN trojan (error while cleaning) 00000000000000000000000000000000 I C:\WINDOWS\SYSTEM32\ScsiAccess.EXE Win32/Patched.HN trojan (error while cleaning) 00000000000000000000000000000000 I C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\WINDOWS\ufa\ufa.exe a variant of Win32/BitCoinMiner application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\WINDOWS\update.tray-10-0\svchost.exe a variant of Win32/Kryptik.QSI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\WINDOWS\update.tray-10-0-lnk\svchost.exe a variant of Win32/Kryptik.QSI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C ${Memory} Win32/Patched.HN trojan 00000000000000000000000000000000 I Here is the security check log: Results of screen317's Security Check version 0.99.18 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! ESET Online Scanner v3 ZoneAlarm ZoneAlarm Toolbar Trend Micro RUBotted 2.0 Beta ``````````````````````````````` Anti-malware/Other Utilities Check: Ad-Aware Malwarebytes' Anti-Malware CCleaner Driver Cleaner 3 Java Web Start Java 6 Update 26 Java 2 Runtime Environment, SE v1.4.1_02 Flash Player Out of Date! Adobe Flash Player 10.1.102.64 ```````````````````````````````` Process Check: objlist.exe by Laurent Ad-Aware AAWService.exe is disabled! Ad-Aware AAWTray.exe is disabled! WinPatrol winpatrol.exe Malwarebytes' Anti-Malware mbamservice.exe BillP Studios WinPatrol winpatrol.exe ``````````End of Log````````````
  3. Thanks for the response! I ran ComboFix and DDS again. The logs are below: ComboFix 11-08-02.03 - Da Chief 08/02/2011 19:23:07.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.692 [GMT -5:00] Running from: c:\documents and settings\Da Chief\Desktop\ComboFix.exe AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\WINDOWS c:\documents and settings\All Users\Start Menu\Programs\System Security c:\documents and settings\All Users\Start Menu\Programs\System Security\Lavasoft Ad-Aware SE Personal\Ad-Aware SE Manual.lnk c:\documents and settings\All Users\Start Menu\Programs\System Security\Lavasoft Ad-Aware SE Personal\Ad-Aware SE Personal.lnk c:\documents and settings\All Users\Start Menu\Programs\System Security\Lavasoft Ad-Aware SE Personal\Uninstall Ad-Aware SE Personal.lnk c:\documents and settings\All Users\Start Menu\Programs\System Security\RegSupreme Pro.lnk c:\documents and settings\All Users\Start Menu\Programs\System Security\SBC Yahoo! DSL\SBC Yahoo! Online Protection.lnk c:\documents and settings\All Users\Start Menu\Programs\System Security\SBC Yahoo! DSL\Uninstall SBC Yahoo! Applications.lnk c:\documents and settings\All Users\Start Menu\Programs\System Security\Spybot - Search & Destroy\Spybot - Search & Destroy.lnk c:\documents and settings\All Users\Start Menu\Programs\System Security\Spybot - Search & Destroy\Uninstall Spybot - Search & Destroy.lnk c:\documents and settings\All Users\Start Menu\Programs\System Security\Zone Labs\Readme.lnk c:\documents and settings\All Users\Start Menu\Programs\System Security\Zone Labs\Uninstall Zone Labs Security.lnk c:\documents and settings\All Users\Start Menu\Programs\System Security\Zone Labs\Zone Labs Security Tutorial.lnk c:\documents and settings\All Users\Start Menu\Programs\System Security\Zone Labs\Zone Labs Security.lnk c:\documents and settings\Da Chief\WINDOWS c:\documents and settings\Default User\WINDOWS c:\program files\Dynamic Toolbar c:\program files\Dynamic Toolbar\DivX\DivX Bundle.log c:\program files\Dynamic Toolbar\DivX\DivX Codec\config.exe c:\program files\Dynamic Toolbar\DivX\DivX Codec\DivX help guide.url c:\program files\Dynamic Toolbar\DivX\DivX Codec\DivX.com.url c:\program files\Dynamic Toolbar\DivX\DivX Codec\LICENSE.TXT c:\program files\Dynamic Toolbar\DivX\DivX Codec\mm.ico c:\program files\Dynamic Toolbar\DivX\DivX Codec\README.txt c:\program files\Dynamic Toolbar\DivX\DivX Player 2.1\DivX Player 2.1.exe c:\program files\Dynamic Toolbar\DivX\DivX Player 2.1\DivX.com.url c:\program files\Dynamic Toolbar\DivX\DivX Player 2.1\DivXPlayer.dbf c:\program files\Dynamic Toolbar\DivX\DivX Player 2.1\LICENSE.TXT c:\program files\Dynamic Toolbar\DivX\DivX Player 2.1\README.txt c:\program files\Dynamic Toolbar\DivX\DivX Player 2.1\Skins\Default.dps c:\program files\INSTALL.LOG c:\program files\messenger\msmsgsin.exe c:\program files\MyWay c:\windows\$NtUninstallKB44347$ c:\windows\$NtUninstallKB44347$\1623077498\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6} c:\windows\$NtUninstallKB44347$\1623077498\L\asobptkf c:\windows\$NtUninstallKB44347$\1623077498\loader.tlb c:\windows\$NtUninstallKB44347$\1623077498\U\$000000cf c:\windows\$NtUninstallKB44347$\1623077498\U\@00000001 c:\windows\$NtUninstallKB44347$\1623077498\U\@000000c0 c:\windows\$NtUninstallKB44347$\1623077498\U\@000000cb c:\windows\$NtUninstallKB44347$\1623077498\U\@000000cf c:\windows\$NtUninstallKB44347$\1623077498\U\@80000000 c:\windows\$NtUninstallKB44347$\1623077498\U\@800000c0 c:\windows\$NtUninstallKB44347$\1623077498\U\@800000cb c:\windows\$NtUninstallKB44347$\1623077498\U\@800000cf c:\windows\$NtUninstallKB44347$\3096786832 c:\windows\btc_client_iplist.txt c:\windows\ddh_iplist.txt c:\windows\Fonts\acrsec.fon c:\windows\Fonts\acrsecB.fon c:\windows\Fonts\acrsecI.fon c:\windows\front_ip_list.txt c:\windows\geoiplist c:\windows\geoiplist.rar c:\windows\iecheck_iplist.txt c:\windows\info1 c:\windows\iplist.txt c:\windows\l1rezerv.exe c:\windows\loader2.exe_ok c:\windows\phoenix c:\windows\phoenix.rar c:\windows\phoenix\kernels\phatk\__init__.py c:\windows\phoenix\kernels\phatk\BFIPatcher.py c:\windows\phoenix\kernels\phatk\kernel.cl c:\windows\phoenix\kernels\poclbm\__init__.py c:\windows\phoenix\kernels\poclbm\BFIPatcher.py c:\windows\phoenix\kernels\poclbm\kernel.cl c:\windows\phoenix\phoenix.exe c:\windows\proc_list1.log c:\windows\rpcminer c:\windows\rpcminer.rar c:\windows\rpcminer\bitcoinminercuda_10.cubin c:\windows\rpcminer\bitcoinminercuda_11.cubin c:\windows\rpcminer\bitcoinminercuda_20.cubin c:\windows\rpcminer\bitcoinmineropencl.cl c:\windows\rpcminer\cudart32_32_16.dll c:\windows\rpcminer\curllib.dll c:\windows\rpcminer\libeay32.dll c:\windows\rpcminer\libsasl.dll c:\windows\rpcminer\openldap.dll c:\windows\rpcminer\rpcminer-4way.exe c:\windows\rpcminer\rpcminer-cpu.exe c:\windows\rpcminer\rpcminer-cuda.exe c:\windows\rpcminer\rpcminer-opencl.exe c:\windows\rpcminer\ssleay32.dll c:\windows\services32.exe c:\windows\sysdriver32.exe c:\windows\sysdriver32.exe100000 c:\windows\sysdriver32_.exe c:\windows\system32\c_06904.nls c:\windows\system32\config\systemprofile\WINDOWS c:\windows\system32\drivers\etc\HSTS~1 c:\windows\system32\rnaph.dll c:\windows\systemup.exe c:\windows\TEMP\7614684.exe c:\windows\ufa.rar c:\windows\update.1 c:\windows\update.1\svchost.exe c:\windows\update.2 c:\windows\update.3 c:\windows\update.3\svchost.exe c:\windows\update.5.0 c:\windows\w_distrib_iplist.txt c:\windows\winlog-dirs.txt c:\windows\winlog-ids.txt . Infected copy of c:\windows\system32\drivers\ipsec.sys was found and disinfected Restored copy from - The cat found it Infected copy of c:\windows\SYSTEM32\wuauclt.exe was found and disinfected Restored copy from - c:\windows\system32\dllcache\wuauclt.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Legacy_SRVBTCCLIENT -------\Legacy_SRVIECHECK -------\Legacy_SRVSYSDRIVER32 -------\Legacy_WXPDRIVERS -------\Service_srvbtcclient -------\Service_srviecheck -------\Service_srvsysdriver32 -------\Service_wxpdrivers . . ((((((((((((((((((((((((( Files Created from 2011-07-03 to 2011-08-03 ))))))))))))))))))))))))))))))) . . 2011-08-03 00:12 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys 2011-08-03 00:12 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\dllcache\ipsec.sys 2011-07-28 04:08 . 2011-07-28 04:08 -------- d-----w- c:\program files\CCleaner 2011-07-28 03:48 . 2011-07-28 03:48 388096 ----a-r- c:\documents and settings\Da Chief\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-07-27 01:23 . 2011-07-27 01:23 -------- d-----w- c:\documents and settings\Da Chief\Application Data\Malwarebytes 2011-07-27 01:23 . 2011-07-07 00:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-27 01:23 . 2011-07-27 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-07-27 01:23 . 2011-07-27 02:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-07-27 01:23 . 2011-07-07 00:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-27 01:07 . 2011-07-27 01:07 -------- d-----w- c:\windows\ufa 2011-07-25 02:22 . 2011-07-25 02:22 -------- d-----w- C:\_OTM 2011-07-25 01:24 . 2011-07-25 01:24 -------- d-----w- c:\documents and settings\Da Chief\Application Data\CheckPoint 2011-07-25 01:24 . 2011-07-25 01:24 -------- d-----w- c:\program files\Conduit 2011-07-25 01:23 . 2011-07-25 01:23 -------- d-----w- c:\documents and settings\Da Chief\Local Settings\Application Data\ZoneAlarm_Security 2011-07-25 01:23 . 2011-07-25 01:24 -------- d-----w- c:\documents and settings\Da Chief\Local Settings\Application Data\Conduit 2011-07-25 01:23 . 2011-07-25 01:23 -------- d-----w- c:\program files\ZoneAlarm_Security 2011-07-25 01:23 . 2011-07-25 01:23 -------- d-----w- c:\program files\CheckPoint 2011-07-25 01:22 . 2011-03-18 06:24 69120 ----a-w- c:\windows\system32\zlcomm.dll 2011-07-25 01:22 . 2011-03-18 06:24 104448 ----a-w- c:\windows\system32\zlcommdb.dll 2011-07-25 01:22 . 2011-07-25 01:24 -------- d-----w- c:\windows\system32\ZoneLabs 2011-07-25 01:22 . 2011-03-18 06:24 1238528 ----a-w- c:\windows\system32\zpeng25.dll 2011-07-25 01:22 . 2011-07-25 01:22 -------- d-----w- c:\program files\Zone Labs 2011-07-24 20:17 . 2011-07-24 20:17 -------- d-----w- c:\documents and settings\Da Chief\Application Data\WinPatrol 2011-07-24 20:17 . 2011-07-24 20:17 -------- d-----w- c:\program files\BillP Studios 2011-07-24 20:17 . 2011-07-24 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate 2011-07-24 19:36 . 2011-07-28 03:47 -------- d-----w- c:\program files\Program 2011-07-24 19:14 . 2011-07-25 00:59 56400 ----a-w- c:\windows\system32\drivers\tmrkb.sys 2011-07-24 19:14 . 2011-07-24 19:14 -------- d-----w- c:\documents and settings\Da Chief\log 2011-07-24 19:13 . 2011-07-24 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro 2011-07-24 19:04 . 2011-07-24 19:10 -------- d-----w- c:\program files\Trend Micro 2011-07-24 18:37 . 2011-05-16 01:04 200464 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2011-07-24 18:34 . 2011-07-24 18:34 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2011-07-24 18:29 . 2011-07-27 01:06 246272 ----a-w- c:\windows\unrar.exe 2011-07-24 17:48 . 2011-07-24 17:48 -------- d-----w- c:\windows\av_ico 2011-07-24 17:38 . 2011-07-24 17:38 -------- d--h--w- c:\windows\update.tray-10-0 2011-07-24 17:38 . 2011-07-24 17:38 -------- d--h--w- c:\windows\update.tray-10-0-lnk . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-02 14:02 . 2010-10-09 18:38 1858944 ----a-w- c:\windows\system32\win32k.sys 2005-05-21 15:16 . 2005-10-26 02:25 125855 -c----w- c:\program files\SBC Self Support Tool . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936] . [HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}] 2011-03-28 16:22 176936 ----a-w- c:\program files\ZoneAlarm_Security\prxtbZone.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936] . [HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-01 39408] "Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320] "NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-10-06 49152] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560] "basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936] "ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-04 202256] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160] "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576] "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RealUpgradeHelper"="c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe" [2010-08-04 136744] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableSecureUIAPaths"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk backup=c:\windows\pss\HotSync Manager.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP OfficeJet Startup.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP OfficeJet Startup.lnk backup=c:\windows\pss\HP OfficeJet Startup.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] 1 [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD] 2002-12-17 18:28 684032 -c--a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-05-27 19:52 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion] 2007-11-16 19:20 91432 ----a-w- c:\program files\CyberLink\Shared files\brs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent] 2002-04-03 06:01 135264 ----a-w- c:\program files\Creative\SBLive\Diagnostics\diagent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry] 2002-08-15 00:22 28672 -c--a-r- c:\windows\SYSTEM32\DSentry.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-09-24 07:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] 2007-10-11 17:06 62760 ------w- c:\program files\CyberLink\PowerDVD\Language\Language.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot] 2006-01-19 15:06 11776 -c--a-w- c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0] 2001-07-25 15:00 241714 -c--a-w- c:\program files\Microsoft Money\System\Activation.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2003-10-06 20:16 49152 ----a-w- c:\windows\SYSTEM32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2003-10-06 20:16 741376 ----a-w- c:\windows\SYSTEM32\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2007-10-28 14:35 72736 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client] 2011-03-18 06:24 1043968 ----a-w- c:\program files\Zone Labs\ZoneAlarm\zlclient.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 "DisableThumbnailCache"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\WINDOWS\\SYSTEM32\\ZoneLabs\\vsmon.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= . R0 SymDS;Symantec Data Store;c:\windows\SYSTEM32\DRIVERS\N360\0403000.005\symds.sys [11/8/2010 1:13 AM 328752] R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\N360\0403000.005\symefa.sys [11/8/2010 1:13 AM 173104] R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\N360\0403000.005\cchpx86.sys [11/8/2010 1:13 AM 501888] R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [6/17/2009 12:49 PM 616408] R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2/15/2011 10:25 AM 26872] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/26/2011 8:23 PM 366640] R3 MBAMProtector;MBAMProtector;c:\windows\SYSTEM32\DRIVERS\mbam.sys [7/26/2011 8:23 PM 22712] S1 BHDrvx86;BHDrvx86;\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110701.001\BHDrvx86.sys --> c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110701.001\BHDrvx86.sys [?] S1 SymIRON;Symantec Iron Driver;c:\windows\SYSTEM32\DRIVERS\N360\0403000.005\ironx86.sys [11/8/2010 1:13 AM 116784] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/25/2010 10:55 AM 135664] S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [2/15/2011 10:25 AM 488952] S2 N360;Norton Security Suite;"c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe" /s "N360" /m "c:\program files\Norton Security Suite\Engine\4.3.0.5\diMaster.dll" /prefetch:1 --> c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe [?] S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\RUBotSrv.exe [7/24/2011 2:10 PM 439632] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/15/2011 10:27 AM 105592] S3 FlyUsb;FLY Fusion;c:\windows\SYSTEM32\DRIVERS\FlyUsb.sys [12/25/2010 4:38 PM 18560] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/25/2010 10:55 AM 135664] S3 IDSxpx86;IDSxpx86;\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110722.031\IDSxpx86.sys --> c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110722.031\IDSxpx86.sys [?] S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\SYSTEM32\DRIVERS\btblan.sys [12/25/2010 4:37 PM 33792] S3 RioS35;RioS35S driver;c:\windows\SYSTEM32\DRIVERS\RioS35.sys [11/24/2003 7:52 PM 12661] S3 Sunplus;Mega Camera Still Image Capture, Sunplus Version 1.00;c:\windows\system32\Drivers\Bulk504.sys --> c:\windows\system32\Drivers\Bulk504.sys [?] S3 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2/11/2008 1:59 PM 388936] S4 252AC355;252AC355;c:\windows\system32\503B02B6.EXE -k --> c:\windows\system32\503B02B6.EXE -k [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2011-07-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] . 2011-08-03 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-01 23:49] . 2011-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 15:55] . 2011-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 15:55] . 2011-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2537126677-2292340186-2005485673-1006Core.job - c:\documents and settings\Da Chief\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 06:15] . 2011-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2537126677-2292340186-2005485673-1006UA.job - c:\documents and settings\Da Chief\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 06:15] . 2011-08-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2537126677-2292340186-2005485673-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02] . 2011-08-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2537126677-2292340186-2005485673-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2645238 mSearch Bar = IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html TCP: DhcpNameServer = 208.67.222.222 DPF: DirectAnimation Java Classes DPF: Microsoft XML Parser for Java . - - - - ORPHANS REMOVED - - - - . HKLM-Run-tray_ico - (no file) HKLM-Run-tray_ico1 - (no file) HKLM-Run-tray_ico2 - (no file) HKLM-Run-tray_ico3 - (no file) HKLM-Run-tray_ico4 - (no file) MSConfigStartUp-7614684 - c:\windows\TEMP\7614684.exe MSConfigStartUp-DIGServices - c:\program files\ESPNRunTime\DIGServices.exe MSConfigStartUp-DIGStream - c:\program files\DIGStream\digstream.exe MSConfigStartUp-netoe - c:\windows\system32\netoe.exe MSConfigStartUp-SemanticInsight - c:\program files\RXToolBar\Semantic Insight\SemanticInsight.exe MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AddRemove-N360 - c:\program files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\7190B588\4.3.0.5\InstStub.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-02 19:43 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(732) c:\windows\system32\l3codeca.acm . - - - - - - - > 'explorer.exe'(1424) c:\windows\system32\WININET.dll c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe c:\windows\system32\nvsvc32.exe c:\windows\System32\ScsiAccess.EXE c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\iPod\bin\iPodService.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe . ************************************************************************** . Completion time: 2011-08-02 19:55:06 - machine was rebooted ComboFix-quarantined-files.txt 2011-08-03 00:55 . Pre-Run: 3,061,145,600 bytes free Post-Run: 3,271,102,464 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /SOS /noexecute=AlwaysOff . - - End Of File - - CE33AF61DAF86E5E619A6E50D352EF11 DDS: . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Da Chief at 20:09:13 on 2011-08-02 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.466 [GMT -5:00] . AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Security Suite *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\system32\svchost.exe -k HPService C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\ScsiAccess.EXE C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\SupportSoft\bin\bcont.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Da Chief\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Da Chief\Local Settings\Application Data\Google\Chrome\Application\chrome.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2645238 mSearch Bar = uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZone.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZone.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZone.dll TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll EB: MoneySide: {9404901d-06da-4b23-a0ee-3ea4f64ec9b3} - c:\program files\microsoft money\system\mnyviewer.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [basicsmssmenu] "c:\program files\seagate\basics\basics status\MaxMenuMgrBasics.exe" mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2 mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" dRunOnce: [RealUpgradeHelper] "c:\program files\common files\real\update_ob\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe mPolicies-explorer: <NO NAME> = mPolicies-system: EnableSecureUIAPaths = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} DPF: DirectAnimation Java Classes DPF: Microsoft XML Parser for Java DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1289663415859 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 208.67.222.222 TCP: Interfaces\{5CF3BE51-6AF6-44CB-BE3E-716AEACF4B28} : DhcpNameServer = 68.87.64.140 TCP: Interfaces\{A65E9A57-E5C3-406C-A1BF-D7848D03A58C} : DhcpNameServer = 68.87.64.196 68.87.66.196 68.42.44.6 TCP: Interfaces\{FACA92BF-8C92-4468-8385-3FC3AB1A456B} : DhcpNameServer = 208.67.222.222 SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-11-8 328752] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-11-8 173104] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-11-8 501888] R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408] R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-2-15 26872] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-26 366640] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-26 22712] S1 BHDrvx86;BHDrvx86;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20110701.001\bhdrvx86.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20110701.001\BHDrvx86.sys [?] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-11-8 116784] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-25 135664] S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-2-15 488952] S2 N360;Norton Security Suite;"c:\program files\norton security suite\engine\4.3.0.5\ccsvchst.exe" /s "n360" /m "c:\program files\norton security suite\engine\4.3.0.5\dimaster.dll" /prefetch:1 --> c:\program files\norton security suite\engine\4.3.0.5\ccSvcHst.exe [?] S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\RUBotSrv.exe [2011-7-24 439632] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-15 105592] S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2010-12-25 18560] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-25 135664] S3 IDSxpx86;IDSxpx86;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20110722.031\idsxpx86.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20110722.031\IDSxpx86.sys [?] S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [2010-12-25 33792] S3 NAVENG;NAVENG;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110723.002\naveng.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110723.002\NAVENG.SYS [?] S3 NAVEX15;NAVEX15;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110723.002\navex15.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110723.002\NAVEX15.SYS [?] S3 RioS35;RioS35S driver;c:\windows\system32\drivers\RioS35.sys [2003-11-24 12661] S3 Sunplus;Mega Camera Still Image Capture, Sunplus Version 1.00;c:\windows\system32\drivers\bulk504.sys --> c:\windows\system32\drivers\Bulk504.sys [?] S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-7-24 532224] S3 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2008-2-11 388936] S4 252AC355;252AC355;c:\windows\system32\503b02b6.exe -k --> c:\windows\system32\503B02B6.EXE -k [?] . =============== Created Last 30 ================ . 2011-08-03 00:12:55 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys 2011-08-03 00:12:55 75264 ----a-w- c:\windows\system32\dllcache\ipsec.sys 2011-08-03 00:09:17 -------- d-sha-r- C:\cmdcons 2011-08-03 00:06:59 98816 ----a-w- c:\windows\sed.exe 2011-08-03 00:06:59 518144 ----a-w- c:\windows\SWREG.exe 2011-08-03 00:06:59 256000 ----a-w- c:\windows\PEV.exe 2011-08-03 00:06:59 208896 ----a-w- c:\windows\MBR.exe 2011-07-28 04:08:48 -------- d-----w- c:\program files\CCleaner 2011-07-28 03:48:00 388096 ----a-r- c:\documents and settings\da chief\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-07-27 01:23:26 -------- d-----w- c:\documents and settings\da chief\application data\Malwarebytes 2011-07-27 01:23:15 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-27 01:23:14 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2011-07-27 01:23:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-27 01:23:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-07-27 01:07:00 -------- d-----w- c:\windows\ufa 2011-07-25 02:22:30 -------- d-----w- C:\_OTM 2011-07-25 01:24:39 -------- d-----w- c:\documents and settings\da chief\application data\CheckPoint 2011-07-25 01:24:04 -------- d-----w- c:\program files\Conduit 2011-07-25 01:23:59 -------- d-----w- c:\documents and settings\da chief\local settings\application data\ZoneAlarm_Security 2011-07-25 01:23:58 -------- d-----w- c:\documents and settings\da chief\local settings\application data\Conduit 2011-07-25 01:23:56 -------- d-----w- c:\program files\ZoneAlarm_Security 2011-07-25 01:23:01 -------- d-----w- c:\program files\CheckPoint 2011-07-25 01:22:45 1238528 ----a-w- c:\windows\system32\zpeng25.dll 2011-07-25 01:22:45 -------- d-----w- c:\windows\system32\ZoneLabs 2011-07-25 01:22:42 -------- d-----w- c:\program files\Zone Labs 2011-07-24 20:17:20 -------- d-----w- c:\documents and settings\da chief\application data\WinPatrol 2011-07-24 20:17:03 -------- d-----w- c:\program files\BillP Studios 2011-07-24 20:17:02 -------- d-----w- c:\documents and settings\all users\application data\InstallMate 2011-07-24 19:36:38 -------- d-----w- c:\program files\Program 2011-07-24 19:14:36 56400 ----a-w- c:\windows\system32\drivers\tmrkb.sys 2011-07-24 19:14:36 -------- d-----w- c:\documents and settings\da chief\log 2011-07-24 19:13:02 -------- d-----w- c:\documents and settings\all users\application data\Trend Micro 2011-07-24 19:04:04 -------- d-----w- c:\program files\Trend Micro 2011-07-24 18:37:05 200464 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2011-07-24 18:29:39 246272 ----a-w- c:\windows\unrar.exe 2011-07-24 17:48:47 -------- d-----w- c:\windows\av_ico 2011-07-24 17:38:00 -------- d--h--w- c:\windows\update.tray-10-0-lnk 2011-07-24 17:38:00 -------- d--h--w- c:\windows\update.tray-10-0 . ==================== Find3M ==================== . 2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys 2005-05-21 15:16:00 125855 -c----w- c:\program files\SBC Self Support Tool . ============= FINISH: 20:09:44.92 ===============
  4. Please help, I cannot run any software that attempts to scan/clean the registry. Malwarebytes and GMER do not run. Thank you for your help in advance! Here is the DDS log: . DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK Internet Explorer: 8.0.6001.18702 Run by Da Chief at 21:37:53 on 2011-07-26 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.651 [GMT -5:00] . AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Security Suite *Enabled* . ============== Running Processes =============== . "\\.\globalroot\Device\svchost.exe\svchost.exe" C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2645238 uSearch Page = mSearch Bar = mSearchAssistant = uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZone.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {0AA6C63C-09D3-E5E7-0A8E-04F7B826233B} - No File BHO: {23A77CDF-A00B-97AC-0C46-8F47AA1690AB} - No File BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: {33A52CAA-E6B2-6BF5-6851-6B2529CEB91F} - No File BHO: {38684DAB-CE7D-692F-F285-5CE5F24E21F4} - No File BHO: {4FFA43FF-72B3-546D-9E16-73461949C216} - No File BHO: {538ECC2F-29D9-9161-D485-51734843D8C5} - No File BHO: {6D630876-786A-8F26-109F-C41B095EC5DC} - No File BHO: {7429B660-821E-1F16-2AAC-597DCDB12248} - No File BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll BHO: {7DA550B2-7C5D-9846-4100-3702AC47DCB4} - No File BHO: {80D79146-9A94-94FC-2D86-344D3D04EE7A} - No File BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll BHO: {8D48267B-92A9-5684-83DC-0E47E94F8B80} - No File BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZone.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll BHO: {C147E648-9788-CC12-6EC4-B3F2FA7366D0} - No File BHO: {C3F84830-18F3-1D3D-C769-86D58A213F17} - No File BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: {E29CD8F5-8770-88FC-7869-830FD4AAE7E4} - No File BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: {fd36cb53-f43e-c115-ed98-e1f307c77fd6} - Class BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZone.dll TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File EB: MoneySide: {9404901d-06da-4b23-a0ee-3ea4f64ec9b3} - c:\program files\microsoft money\system\mnyviewer.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden uRun: [Google Update] "c:\documents and settings\da chief\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [basicsmssmenu] "c:\program files\seagate\basics\basics status\MaxMenuMgrBasics.exe" mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2 mRun: [<NO NAME>] mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [tray_ico] mRun: [tray_ico1] mRun: [tray_ico2] mRun: [tray_ico3] mRun: [tray_ico4] mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot mRun: [sysdriver32.exe] "c:\windows\sysdriver32.exe" rezerv mRun: [sysdriver32_.exe] "c:\windows\sysdriver32_.exe" rezerv mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent dRunOnce: [RealUpgradeHelper] "c:\program files\common files\real\update_ob\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe mPolicies-explorer: <NO NAME> = mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableSecureUIAPaths = 0 (0x0) IE: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} LSP: mswsock.dll DPF: DirectAnimation Java Classes DPF: Microsoft XML Parser for Java DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {10000000-1000-0000-1000-000000000000} DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - hxxp://stream10k.redhotnetworks.com/cabs/videox.cab DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1289663415859 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 208.67.222.222 TCP: Interfaces\{5CF3BE51-6AF6-44CB-BE3E-716AEACF4B28} : DhcpNameServer = 68.87.64.140 TCP: Interfaces\{A65E9A57-E5C3-406C-A1BF-D7848D03A58C} : DhcpNameServer = 68.87.64.196 68.87.66.196 68.42.44.6 TCP: Interfaces\{FACA92BF-8C92-4468-8385-3FC3AB1A456B} : DhcpNameServer = 208.67.222.222 SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Notification Packages = . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-11-8 328752] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-11-8 173104] S1 BHDrvx86;BHDrvx86;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20110701.001\bhdrvx86.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20110701.001\BHDrvx86.sys [?] S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-11-8 501888] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-11-8 116784] S2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-25 135664] S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-2-15 26872] S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-2-15 488952] S2 N360;Norton Security Suite;"c:\program files\norton security suite\engine\4.3.0.5\ccsvchst.exe" /s "n360" /m "c:\program files\norton security suite\engine\4.3.0.5\dimaster.dll" /prefetch:1 --> c:\program files\norton security suite\engine\4.3.0.5\ccSvcHst.exe [?] S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\RUBotSrv.exe [2011-7-24 439632] S2 srvsysdriver32;srvsysdriver32;c:\windows\sysdriver32.exe srv --> c:\windows\sysdriver32.exe srv [?] S2 wxpdrivers;wxpdrivers;c:\windows\update.1\svchost.exe srv --> c:\windows\update.1\svchost.exe srv [?] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-15 105592] S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2010-12-25 18560] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-25 135664] S3 IDSxpx86;IDSxpx86;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20110722.031\idsxpx86.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20110722.031\IDSxpx86.sys [?] S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [2010-12-25 33792] S3 NAVENG;NAVENG;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110723.002\naveng.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110723.002\NAVENG.SYS [?] S3 NAVEX15;NAVEX15;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110723.002\navex15.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110723.002\NAVEX15.SYS [?] S3 RioS35;RioS35S driver;c:\windows\system32\drivers\RioS35.sys [2003-11-24 12661] S3 srvbtcclient;srvbtcclient;c:\windows\update.5.0\svchost.exe srv --> c:\windows\update.5.0\svchost.exe srv [?] S3 srviecheck;srviecheck;c:\windows\update.2\svchost.exe srv --> c:\windows\update.2\svchost.exe srv [?] S3 Sunplus;Mega Camera Still Image Capture, Sunplus Version 1.00;c:\windows\system32\drivers\bulk504.sys --> c:\windows\system32\drivers\Bulk504.sys [?] S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-7-24 532224] S3 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2008-2-11 388936] S4 252AC355;252AC355;c:\windows\system32\503b02b6.exe -k --> c:\windows\system32\503B02B6.EXE -k [?] . =============== Created Last 30 ================ . 2011-07-27 02:11:24 -------- d-----w- c:\program files\CCleaner 2011-07-27 01:23:26 -------- d-----w- c:\documents and settings\da chief\application data\Malwarebytes 2011-07-27 01:23:15 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-27 01:23:14 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2011-07-27 01:23:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-27 01:23:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-07-27 01:07:00 -------- d-----w- c:\windows\ufa 2011-07-27 01:07:00 -------- d-----w- c:\windows\rpcminer 2011-07-27 01:07:00 -------- d-----w- c:\windows\phoenix 2011-07-27 00:44:07 261632 ----a-w- c:\windows\sysdriver32.exe 2011-07-25 04:20:39 -------- d--h--w- c:\windows\update.3 2011-07-25 02:22:30 -------- d-----w- C:\_OTM 2011-07-25 01:24:39 -------- d-----w- c:\documents and settings\da chief\application data\CheckPoint 2011-07-25 01:24:04 -------- d-----w- c:\program files\Conduit 2011-07-25 01:23:59 -------- d-----w- c:\documents and settings\da chief\local settings\application data\ZoneAlarm_Security 2011-07-25 01:23:58 -------- d-----w- c:\documents and settings\da chief\local settings\application data\Conduit 2011-07-25 01:23:56 -------- d-----w- c:\program files\ZoneAlarm_Security 2011-07-25 01:23:01 -------- d-----w- c:\program files\CheckPoint 2011-07-25 01:22:45 1238528 ----a-w- c:\windows\system32\zpeng25.dll 2011-07-25 01:22:45 -------- d-----w- c:\windows\system32\ZoneLabs 2011-07-25 01:22:42 -------- d-----w- c:\program files\Zone Labs 2011-07-25 00:54:08 388096 ----a-r- c:\documents and settings\da chief\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-07-24 20:17:20 -------- d-----w- c:\documents and settings\da chief\application data\WinPatrol 2011-07-24 20:17:03 -------- d-----w- c:\program files\BillP Studios 2011-07-24 20:17:02 -------- d-----w- c:\documents and settings\all users\application data\InstallMate 2011-07-24 19:36:38 -------- d-----w- c:\program files\Program 2011-07-24 19:14:36 56400 ----a-w- c:\windows\system32\drivers\tmrkb.sys 2011-07-24 19:14:36 -------- d-----w- c:\documents and settings\da chief\log 2011-07-24 19:13:02 -------- d-----w- c:\documents and settings\all users\application data\Trend Micro 2011-07-24 19:04:04 -------- d-----w- c:\program files\Trend Micro 2011-07-24 18:40:27 118784 ----a-w- c:\windows\systemup.exe 2011-07-24 18:37:05 200464 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2011-07-24 18:36:40 -------- d--h--w- c:\windows\update.5.0 2011-07-24 18:34:36 232960 ----a-w- c:\windows\l1rezerv.exe 2011-07-24 18:30:59 -------- d--h--w- c:\windows\update.2 2011-07-24 18:29:39 246272 ----a-w- c:\windows\unrar.exe 2011-07-24 17:48:47 -------- d-----w- c:\windows\av_ico 2011-07-24 17:48:19 256000 ----a-w- c:\windows\sysdriver32_.exe 2011-07-24 17:48:05 256000 ----a-w- c:\windows\sysdriver32.exe100000 2011-07-24 17:38:43 -------- d--h--w- c:\windows\update.1 2011-07-24 17:38:00 -------- d--h--w- c:\windows\update.tray-10-0-lnk 2011-07-24 17:38:00 -------- d--h--w- c:\windows\update.tray-10-0 2011-07-24 16:36:30 1174016 ----a-w- c:\windows\services32.exe 2011-06-28 18:10:35 -------- d-----w- c:\documents and settings\da chief\local settings\application data\CyberLink . ==================== Find3M ==================== . 2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-05-04 09:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-04 07:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2005-05-21 15:16:00 125855 -c----w- c:\program files\SBC Self Support Tool . ============= FINISH: 21:39:35.53 =============== attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.