Jump to content

mangopie

Members
  • Posts

    5
  • Joined

  • Last visited

Everything posted by mangopie

  1. I'm sorry for the delay! I couldn't get DDS to run, for some reason and we had to evacuate for Irene. My DDS logs are below. . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_15 Run by robyn davidson at 15:22:44 on 2011-08-28 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.190 [GMT -4:00] . AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton 360 *Enabled* . ============== Running Processes =============== . C:\windows\system32\Ati2evxx.exe C:\windows\system32\svchost.exe -k DcomLaunch svchost.exe C:\windows\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\windows\System32\WLTRYSVC.EXE C:\windows\System32\bcmwltry.exe C:\windows\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe C:\windows\system32\sxs32.exe C:\windows\System32\snmp.exe svchost.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files\Canon\CAL\CALMAIN.exe C:\windows\system32\wuauclt.exe C:\windows\system32\rdpdd32.exe C:\windows\system32\dllhost.exe C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe C:\windows\system32\Ati2evxx.exe C:\windows\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\iPod\bin\iPodService.exe C:\windows\system32\msiexec.exe C:\windows\system32\MsiExec.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP uInternet Settings,ProxyOverride = <local>;*.local BHO: {05e09440-59cd-4a2f-9724-ec650dca4a81} - c:\windows\system32\atikvmag32.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL BHO: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - c:\program files\freecordertoolbar\vmntemplateX.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe" mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe" mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" StartupFolder: c:\docume~1\robynd~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\robynd~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184275358437 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{E0412ADD-FCAC-4E0C-98B9-B34B89AA163B} : DhcpNameServer = 192.168.0.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll . ================= FIREFOX =================== . FF - ProfilePath - . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys [2011-5-28 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys [2011-5-28 744568] R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20110812.001\BHDrvx86.sys [2011-8-15 815736] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys [2011-5-28 136312] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-2-13 366640] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 N360;Norton 360;c:\program files\norton 360\engine\5.1.0.29\ccSvcHst.exe [2011-5-28 130008] R2 NtLmSsp32;NT LM Security Support Provider ;c:\windows\system32\sxs32.exe [2011-8-15 706560] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-28 105592] R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20110824.030\IDSXpx86.sys [2011-8-4 356280] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-2-13 22712] R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20110825.032\NAVENG.SYS [2011-8-26 86136] R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20110825.032\NAVEX15.SYS [2011-8-26 1576312] S3 CSVirtA;Cisco Systems SSL VPN Adapter;c:\windows\system32\drivers\csvirta.sys --> c:\windows\system32\drivers\CSVirtA.sys [?] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-2-13 41272] S4 Tcpsic;Tcpsic;c:\windows\system32\drivers\DRVMCDB.SYS [2007-7-4 89264] . =============== Created Last 30 ================ . 2011-08-26 05:43:45 0 ---ha-w- c:\documents and settings\robyn davidson\qbgnmtbsph.tmp 2011-08-23 02:06:05 -------- d-sha-r- C:\cmdcons 2011-08-23 02:05:49 -------- d-----w- c:\windows\setupupd 2011-08-23 02:01:09 -------- d-----w- c:\windows\setup.pss 2011-08-23 01:24:16 -------- d-----w- c:\documents and settings\robyn davidson\application data\vmntemplate 2011-08-22 23:13:57 98816 ----a-w- c:\windows\sed.exe 2011-08-22 23:13:57 518144 ----a-w- c:\windows\SWREG.exe 2011-08-22 23:13:57 256000 ----a-w- c:\windows\PEV.exe 2011-08-22 23:13:57 208896 ----a-w- c:\windows\MBR.exe 2011-08-18 00:06:04 -------- d-----w- c:\program files\iPod 2011-08-17 23:58:29 -------- d-----w- c:\program files\Bonjour 2011-08-17 22:43:49 -------- d-----w- C:\_OTM 2011-08-16 23:12:20 -------- d-----w- C:\N360_BACKUP 2011-08-16 02:51:43 706560 ----a-w- c:\windows\system32\rdpdd32.exe 2011-08-16 02:51:23 706560 ----a-w- c:\windows\system32\sxs32.exe 2011-08-16 02:51:06 328704 ----a-w- c:\windows\system32\atikvmag32.dll . ==================== Find3M ==================== . 2011-08-11 23:11:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-12 15:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe 2011-07-12 15:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll 2011-07-12 15:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll 2011-07-12 15:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll 2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-05 22:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-07-05 22:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts . ============= FINISH: 15:26:16.42 ===============
  2. ComboFix 11-08-25.05 - robyn davidson 08/26/2011 1:21.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.531 [GMT -4:00] Running from: c:\documents and settings\robyn davidson\My Documents\My Downloads\ComboFix.exe AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} * Created a new restore point . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\anyone else\Application Data\Mozilla\Firefox\Profiles\4islxgnf.default\extensions\{35c422f3-5093-4c02-8a49-d1af6d3b87cc} c:\documents and settings\anyone else\Application Data\Mozilla\Firefox\Profiles\4islxgnf.default\extensions\{35c422f3-5093-4c02-8a49-d1af6d3b87cc}\chrome.manifest c:\documents and settings\anyone else\Application Data\Mozilla\Firefox\Profiles\4islxgnf.default\extensions\{35c422f3-5093-4c02-8a49-d1af6d3b87cc}\chrome\xulcache.jar c:\documents and settings\anyone else\Application Data\Mozilla\Firefox\Profiles\4islxgnf.default\extensions\{35c422f3-5093-4c02-8a49-d1af6d3b87cc}\defaults\preferences\xulcache.js c:\documents and settings\anyone else\Application Data\Mozilla\Firefox\Profiles\4islxgnf.default\extensions\{35c422f3-5093-4c02-8a49-d1af6d3b87cc}\install.rdf c:\documents and settings\anyone else\Application Data\Mozilla\Firefox\Profiles\4islxgnf.default\extensions\{4303cc2f-1d80-420e-96df-dfc2a1118d4e} c:\documents and settings\anyone else\Application Data\Mozilla\Firefox\Profiles\4islxgnf.default\extensions\{4303cc2f-1d80-420e-96df-dfc2a1118d4e}\chrome.manifest c:\documents and settings\anyone else\Application Data\Mozilla\Firefox\Profiles\4islxgnf.default\extensions\{4303cc2f-1d80-420e-96df-dfc2a1118d4e}\chrome\xulcache.jar c:\documents and settings\anyone else\Application Data\Mozilla\Firefox\Profiles\4islxgnf.default\extensions\{4303cc2f-1d80-420e-96df-dfc2a1118d4e}\defaults\preferences\xulcache.js c:\documents and settings\anyone else\Application Data\Mozilla\Firefox\Profiles\4islxgnf.default\extensions\{4303cc2f-1d80-420e-96df-dfc2a1118d4e}\install.rdf c:\documents and settings\anyone else\Application Data\Mozilla\Firefox\Profiles\4islxgnf.default\extensions\{60ad7f0c-34ac-49cc-b8b9-7cc44d7976f6} c:\documents and settings\anyone else\Application Data\Mozilla\Firefox\Profiles\4islxgnf.default\extensions\{60ad7f0c-34ac-49cc-b8b9-7cc44d7976f6}\chrome.manifest c:\documents and settings\anyone else\Application Data\Mozilla\Firefox\Profiles\4islxgnf.default\extensions\{60ad7f0c-34ac-49cc-b8b9-7cc44d7976f6}\chrome\xulcache.jar c:\documents and settings\anyone else\Application Data\Mozilla\Firefox\Profiles\4islxgnf.default\extensions\{60ad7f0c-34ac-49cc-b8b9-7cc44d7976f6}\defaults\preferences\xulcache.js c:\documents and settings\anyone else\Application Data\Mozilla\Firefox\Profiles\4islxgnf.default\extensions\{60ad7f0c-34ac-49cc-b8b9-7cc44d7976f6}\install.rdf c:\documents and settings\anyone else\Application Data\Mozilla\Firefox\Profiles\4islxgnf.default\extensions\{7b996a84-fd25-413c-922c-d47fe6172bba} c:\documents and settings\anyone else\Application Data\Mozilla\Firefox\Profiles\4islxgnf.default\extensions\{7b996a84-fd25-413c-922c-d47fe6172bba}\chrome.manifest c:\documents and settings\anyone else\Application Data\Mozilla\Firefox\Profiles\4islxgnf.default\extensions\{7b996a84-fd25-413c-922c-d47fe6172bba}\chrome\xulcache.jar c:\documents and settings\anyone else\Application Data\Mozilla\Firefox\Profiles\4islxgnf.default\extensions\{7b996a84-fd25-413c-922c-d47fe6172bba}\defaults\preferences\xulcache.js c:\documents and settings\anyone else\Application Data\Mozilla\Firefox\Profiles\4islxgnf.default\extensions\{7b996a84-fd25-413c-922c-d47fe6172bba}\install.rdf c:\documents and settings\patrick\Application Data\Mozilla\Firefox\Profiles\9g0g61tc.default\extensions\{35c422f3-5093-4c02-8a49-d1af6d3b87cc} c:\documents and settings\patrick\Application Data\Mozilla\Firefox\Profiles\9g0g61tc.default\extensions\{35c422f3-5093-4c02-8a49-d1af6d3b87cc}\chrome.manifest c:\documents and settings\patrick\Application Data\Mozilla\Firefox\Profiles\9g0g61tc.default\extensions\{35c422f3-5093-4c02-8a49-d1af6d3b87cc}\chrome\xulcache.jar c:\documents and settings\patrick\Application Data\Mozilla\Firefox\Profiles\9g0g61tc.default\extensions\{35c422f3-5093-4c02-8a49-d1af6d3b87cc}\defaults\preferences\xulcache.js c:\documents and settings\patrick\Application Data\Mozilla\Firefox\Profiles\9g0g61tc.default\extensions\{35c422f3-5093-4c02-8a49-d1af6d3b87cc}\install.rdf c:\documents and settings\patrick\Application Data\Mozilla\Firefox\Profiles\9g0g61tc.default\extensions\{4303cc2f-1d80-420e-96df-dfc2a1118d4e} c:\documents and settings\patrick\Application Data\Mozilla\Firefox\Profiles\9g0g61tc.default\extensions\{4303cc2f-1d80-420e-96df-dfc2a1118d4e}\chrome.manifest c:\documents and settings\patrick\Application Data\Mozilla\Firefox\Profiles\9g0g61tc.default\extensions\{4303cc2f-1d80-420e-96df-dfc2a1118d4e}\chrome\xulcache.jar c:\documents and settings\patrick\Application Data\Mozilla\Firefox\Profiles\9g0g61tc.default\extensions\{4303cc2f-1d80-420e-96df-dfc2a1118d4e}\defaults\preferences\xulcache.js c:\documents and settings\patrick\Application Data\Mozilla\Firefox\Profiles\9g0g61tc.default\extensions\{4303cc2f-1d80-420e-96df-dfc2a1118d4e}\install.rdf c:\documents and settings\patrick\Application Data\Mozilla\Firefox\Profiles\9g0g61tc.default\extensions\{60ad7f0c-34ac-49cc-b8b9-7cc44d7976f6} c:\documents and settings\patrick\Application Data\Mozilla\Firefox\Profiles\9g0g61tc.default\extensions\{60ad7f0c-34ac-49cc-b8b9-7cc44d7976f6}\chrome.manifest c:\documents and settings\patrick\Application Data\Mozilla\Firefox\Profiles\9g0g61tc.default\extensions\{60ad7f0c-34ac-49cc-b8b9-7cc44d7976f6}\chrome\xulcache.jar c:\documents and settings\patrick\Application Data\Mozilla\Firefox\Profiles\9g0g61tc.default\extensions\{60ad7f0c-34ac-49cc-b8b9-7cc44d7976f6}\defaults\preferences\xulcache.js c:\documents and settings\patrick\Application Data\Mozilla\Firefox\Profiles\9g0g61tc.default\extensions\{60ad7f0c-34ac-49cc-b8b9-7cc44d7976f6}\install.rdf c:\documents and settings\patrick\Application Data\Mozilla\Firefox\Profiles\9g0g61tc.default\extensions\{7b996a84-fd25-413c-922c-d47fe6172bba} c:\documents and settings\patrick\Application Data\Mozilla\Firefox\Profiles\9g0g61tc.default\extensions\{7b996a84-fd25-413c-922c-d47fe6172bba}\chrome.manifest c:\documents and settings\patrick\Application Data\Mozilla\Firefox\Profiles\9g0g61tc.default\extensions\{7b996a84-fd25-413c-922c-d47fe6172bba}\chrome\xulcache.jar c:\documents and settings\patrick\Application Data\Mozilla\Firefox\Profiles\9g0g61tc.default\extensions\{7b996a84-fd25-413c-922c-d47fe6172bba}\defaults\preferences\xulcache.js c:\documents and settings\patrick\Application Data\Mozilla\Firefox\Profiles\9g0g61tc.default\extensions\{7b996a84-fd25-413c-922c-d47fe6172bba}\install.rdf c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\extensions\{35c422f3-5093-4c02-8a49-d1af6d3b87cc} c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\extensions\{35c422f3-5093-4c02-8a49-d1af6d3b87cc}\chrome.manifest c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\extensions\{35c422f3-5093-4c02-8a49-d1af6d3b87cc}\chrome\xulcache.jar c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\extensions\{35c422f3-5093-4c02-8a49-d1af6d3b87cc}\defaults\preferences\xulcache.js c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\extensions\{35c422f3-5093-4c02-8a49-d1af6d3b87cc}\install.rdf c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\extensions\{4303cc2f-1d80-420e-96df-dfc2a1118d4e} c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\extensions\{4303cc2f-1d80-420e-96df-dfc2a1118d4e}\chrome.manifest c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\extensions\{4303cc2f-1d80-420e-96df-dfc2a1118d4e}\chrome\xulcache.jar c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\extensions\{4303cc2f-1d80-420e-96df-dfc2a1118d4e}\defaults\preferences\xulcache.js c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\extensions\{4303cc2f-1d80-420e-96df-dfc2a1118d4e}\install.rdf c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\extensions\{60ad7f0c-34ac-49cc-b8b9-7cc44d7976f6} c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\extensions\{60ad7f0c-34ac-49cc-b8b9-7cc44d7976f6}\chrome.manifest c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\extensions\{60ad7f0c-34ac-49cc-b8b9-7cc44d7976f6}\chrome\xulcache.jar c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\extensions\{60ad7f0c-34ac-49cc-b8b9-7cc44d7976f6}\defaults\preferences\xulcache.js c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\extensions\{60ad7f0c-34ac-49cc-b8b9-7cc44d7976f6}\install.rdf c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\extensions\{7b996a84-fd25-413c-922c-d47fe6172bba} c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\extensions\{7b996a84-fd25-413c-922c-d47fe6172bba}\chrome.manifest c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\extensions\{7b996a84-fd25-413c-922c-d47fe6172bba}\chrome\xulcache.jar c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\extensions\{7b996a84-fd25-413c-922c-d47fe6172bba}\defaults\preferences\xulcache.js c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\extensions\{7b996a84-fd25-413c-922c-d47fe6172bba}\install.rdf c:\documents and settings\robyn davidson\qbgnmtbsph.tmp . . ((((((((((((((((((((((((( Files Created from 2011-07-26 to 2011-08-26 ))))))))))))))))))))))))))))))) . . 2011-08-23 01:24 . 2011-08-23 01:24 -------- d-----w- c:\documents and settings\robyn davidson\Application Data\vmntemplate 2011-08-18 00:06 . 2011-08-18 00:06 -------- d-----w- c:\program files\iPod 2011-08-17 23:58 . 2011-08-17 23:58 -------- d-----w- c:\program files\Bonjour 2011-08-17 23:46 . 2011-08-17 23:46 -------- d-----w- c:\program files\Apple Software Update 2011-08-17 22:43 . 2011-08-17 22:43 -------- d-----w- C:\_OTM 2011-08-17 22:38 . 2011-08-17 22:39 -------- d-----w- c:\program files\ERUNT 2011-08-16 23:12 . 2011-08-16 23:12 -------- d-----w- C:\N360_BACKUP 2011-08-16 02:51 . 2011-08-16 02:50 706560 ----a-w- c:\windows\system32\rdpdd32.exe 2011-08-16 02:51 . 2011-08-16 02:50 706560 ----a-w- c:\windows\system32\sxs32.exe 2011-08-16 02:51 . 2011-08-16 02:51 328704 ----a-w- c:\windows\system32\atikvmag32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-11 23:11 . 2011-06-26 17:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe 2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll 2011-07-12 15:20 . 2011-07-12 15:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll 2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\system32\dnssdX.dll 2011-07-06 23:52 . 2010-02-14 02:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 23:52 . 2010-02-14 02:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-05-28 18:22 . 2011-05-28 18:22 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL 2011-05-28 18:22 . 2011-05-28 18:22 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-04-01 02:47 . 2008-08-26 01:11 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-08-22_23.34.43 ))))))))))))))))))))))))))))))))))))))))) . + 2011-08-26 03:37 . 2011-08-26 03:37 16384 c:\windows\Temp\Perflib_Perfdata_d0.dat + 2011-08-26 03:37 . 2011-08-26 03:37 16384 c:\windows\Temp\Perflib_Perfdata_284.dat + 2011-08-26 03:39 . 2011-08-26 03:39 16384 c:\windows\Temp\Perflib_Perfdata_1a8.dat + 2007-06-23 03:38 . 2011-08-26 03:37 214755 c:\windows\system32\inetsrv\MetaBase.bin + 2011-08-26 03:39 . 2011-08-26 03:39 262144 c:\windows\ERDNT\AutoBackup\8-25-2011\Users\00000002\UsrClass.dat + 2011-08-26 03:39 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\8-25-2011\ERDNT.EXE + 2011-08-26 03:39 . 2011-08-26 03:39 9236480 c:\windows\ERDNT\AutoBackup\8-25-2011\Users\00000001\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05E09440-59CD-4A2F-9724-EC650DCA4A81}] 2011-08-16 02:51 328704 ----a-w- c:\windows\system32\atikvmag32.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}] 2011-03-16 11:59 81920 ----a-w- c:\program files\freecordertoolbar\vmntemplateX.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}"= "c:\program files\freecordertoolbar\vmntemplateX.dll" [2011-03-16 81920] . [HKEY_CLASSES_ROOT\clsid\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-30 2356088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736] . c:\documents and settings\robyn davidson\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-8-11 113664] ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653] . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SymDS.sys [5/28/2011 2:21 PM 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SymEFA.sys [5/28/2011 2:21 PM 744568] R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110812.001\BHDrvx86.sys [8/15/2011 8:17 PM 815736] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.sys [5/28/2011 2:21 PM 136312] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/13/2010 10:42 PM 366640] R2 N360;Norton 360;c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [5/28/2011 2:21 PM 130008] R2 NtLmSsp32;NT LM Security Support Provider ;c:\windows\system32\sxs32.exe [8/15/2011 10:51 PM 706560] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/28/2011 6:13 PM 105592] R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110819.030\IDSXpx86.sys [8/21/2011 8:57 PM 355256] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/13/2010 10:42 PM 22712] S3 CSVirtA;Cisco Systems SSL VPN Adapter;c:\windows\system32\DRIVERS\CSVirtA.sys --> c:\windows\system32\DRIVERS\CSVirtA.sys [?] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2/13/2010 10:42 PM 41272] S4 Tcpsic;Tcpsic;c:\windows\system32\drivers\DRVMCDB.SYS [7/4/2007 1:41 PM 89264] . Contents of the 'Scheduled Tasks' folder . 2011-08-17 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57] . 2011-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-813497703-2146900839-1003Core.job - c:\documents and settings\robyn davidson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-26 16:16] . 2011-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-813497703-2146900839-1003UA.job - c:\documents and settings\robyn davidson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-26 16:16] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP uInternet Settings,ProxyOverride = <local>;*.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_1_3 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-26 01:34 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(912) c:\windows\system32\Ati2evxx.dll c:\windows\System32\BCMLogon.dll . Completion time: 2011-08-26 01:38:12 ComboFix-quarantined-files.txt 2011-08-26 05:37 ComboFix2.txt 2011-08-22 23:49 . Pre-Run: 2,834,919,424 bytes free Post-Run: 2,823,225,344 bytes free . - - End Of File - - 8C180A29BB2B3A3EF38A5E877B7D9F72
  3. Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7573 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 8/25/2011 11:51:37 PM mbam-log-2011-08-25 (23-51-37).txt Scan type: Quick scan Objects scanned: 186536 Time elapsed: 8 minute(s), 29 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  4. DDS Text file . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_15 Run by robyn davidson at 21:38:49 on 2011-08-22 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.291 [GMT -4:00] . AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton 360 *Enabled* . ============== Running Processes =============== . C:\windows\system32\Ati2evxx.exe C:\windows\system32\svchost.exe -k DcomLaunch svchost.exe C:\windows\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\windows\System32\WLTRYSVC.EXE C:\windows\System32\bcmwltry.exe C:\windows\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe C:\windows\system32\sxs32.exe C:\windows\System32\snmp.exe svchost.exe C:\windows\system32\rdpdd32.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files\Canon\CAL\CALMAIN.exe C:\windows\system32\dllhost.exe C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe C:\windows\system32\Ati2evxx.exe C:\windows\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\iPod\bin\iPodService.exe C:\windows\system32\ctfmon.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP uInternet Settings,ProxyOverride = <local>;*.local BHO: {05e09440-59cd-4a2f-9724-ec650dca4a81} - c:\windows\system32\atikvmag32.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL BHO: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - c:\program files\freecordertoolbar\vmntemplateX.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll TB: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - c:\program files\freecordertoolbar\vmntemplateX.dll uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe" mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" StartupFolder: c:\docume~1\robynd~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\robynd~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184275358437 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{E0412ADD-FCAC-4E0C-98B9-B34B89AA163B} : DhcpNameServer = 192.168.0.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll AppInit_DLLs: c:\windows\system32\msrepl4032.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\robyn davidson\application data\mozilla\firefox\profiles\uy4h1i8q.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q= FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\coffplgn_2011_7_1_3\components\coFFPlgn.dll FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\ipsffplgn\components\IPSFFPl.dll FF - plugin: c:\documents and settings\robyn davidson\application data\mozilla\firefox\profiles\uy4h1i8q.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07074039.dll FF - plugin: c:\documents and settings\robyn davidson\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\documents and settings\robyn davidson\local settings\application data\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com FF - Ext: XUL Cache: {7b996a84-fd25-413c-922c-d47fe6172bba} - %profile%\extensions\{7b996a84-fd25-413c-922c-d47fe6172bba} FF - Ext: XUL Cache: {60ad7f0c-34ac-49cc-b8b9-7cc44d7976f6} - %profile%\extensions\{60ad7f0c-34ac-49cc-b8b9-7cc44d7976f6} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\IPSFFPlgn FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\coFFPlgn_2011_7_1_3 . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys [2011-5-28 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys [2011-5-28 744568] R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20110812.001\BHDrvx86.sys [2011-8-15 815736] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys [2011-5-28 136312] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-2-13 366640] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 N360;Norton 360;c:\program files\norton 360\engine\5.1.0.29\ccSvcHst.exe [2011-5-28 130008] R2 NtLmSsp32;NT LM Security Support Provider ;c:\windows\system32\sxs32.exe [2011-8-15 706560] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-28 105592] R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20110819.030\IDSXpx86.sys [2011-8-21 355256] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-2-13 22712] R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20110822.004\NAVENG.SYS [2011-8-22 86136] R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20110822.004\NAVEX15.SYS [2011-8-22 1576312] S3 CSVirtA;Cisco Systems SSL VPN Adapter;c:\windows\system32\drivers\csvirta.sys --> c:\windows\system32\drivers\CSVirtA.sys [?] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-2-13 41272] S4 Tcpsic;Tcpsic;c:\windows\system32\drivers\DRVMCDB.SYS [2007-7-4 89264] . =============== Created Last 30 ================ . 2011-08-23 01:24:16 -------- d-----w- c:\documents and settings\robyn davidson\application data\vmntemplate 2011-08-23 00:01:47 0 ---ha-w- c:\documents and settings\robyn davidson\qbgnmtbsph.tmp 2011-08-22 23:13:57 98816 ----a-w- c:\windows\sed.exe 2011-08-22 23:13:57 518144 ----a-w- c:\windows\SWREG.exe 2011-08-22 23:13:57 256000 ----a-w- c:\windows\PEV.exe 2011-08-22 23:13:57 208896 ----a-w- c:\windows\MBR.exe 2011-08-18 00:06:04 -------- d-----w- c:\program files\iPod 2011-08-17 23:58:29 -------- d-----w- c:\program files\Bonjour 2011-08-17 22:43:49 -------- d-----w- C:\_OTM 2011-08-16 23:12:20 -------- d-----w- C:\N360_BACKUP 2011-08-16 02:51:43 706560 ----a-w- c:\windows\system32\rdpdd32.exe 2011-08-16 02:51:23 706560 ----a-w- c:\windows\system32\sxs32.exe 2011-08-16 02:51:06 328704 ----a-w- c:\windows\system32\atikvmag32.dll . ==================== Find3M ==================== . 2011-08-11 23:11:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-12 15:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe 2011-07-12 15:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll 2011-07-12 15:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll 2011-07-12 15:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll 2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-05 22:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-07-05 22:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-05-28 18:22:07 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL 2011-05-28 18:22:07 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS . ============= FINISH: 21:39:46.60 =============== Attach text file . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-06-23.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 6/22/2007 9:51:57 PM System Uptime: 8/22/2011 9:21:26 PM (0 hours ago) . Motherboard: Dell Inc. | | 0XD720 Processor: Genuine Intel® CPU T2400 @ 1.83GHz | Microprocessor | 988/133mhz Processor: Genuine Intel® CPU T2400 @ 1.83GHz | Microprocessor | 988/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 54 GiB total, 2.891 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP617: 8/17/2011 10:50:05 PM - System Checkpoint RP618: 8/21/2011 9:30:01 PM - Norton 360 Registry Clean . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Media Player Adobe Reader 8.1.2 Adobe Shockwave Player AIM 6 Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft PhotoStudio 5.5 ATI - Software Uninstall Utility ATI Catalyst Control Center ATI Display Driver Audacity 1.2.6 AudioShell 1.3.5 BeatScanner 1.41 Bonjour Broadcom 440x 10/100 Integrated Controller Canon Camera Access Library Canon Camera Support Core Library Canon Camera Window DC_DV 5 for ZoomBrowser EX Canon Camera Window DC_DV 6 for ZoomBrowser EX Canon Camera Window MC 6 for ZoomBrowser EX Canon G.726 WMP-Decoder Canon MovieEdit Task for ZoomBrowser EX Canon MP Navigator 3.0 Canon MP160 Canon MP160 User Registration Canon My Printer Canon RAW Image Task for ZoomBrowser EX Canon RemoteCapture Task for ZoomBrowser EX Canon Utilities Easy-PhotoPrint Canon Utilities EOS Utility Canon Utilities PhotoStitch Canon Utilities ZoomBrowser EX Compatibility Pack for the 2007 Office system Conexant HDA D110 MDC V.92 Modem Dell ResourceCD Dell Wireless WLAN Card Easy-WebPrint EasyZip ERUNT 1.1j Exact Audio Copy 0.95b4 Final Draft 6 Freecorder 5 Freecorder Toolbar GearDrvs GemMaster Mystic GIMP 2.6.11 Google Chrome Google Earth High Definition Audio Driver Package - KB835221 Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows XP (KB888795) Hotfix for Windows XP (KB891593) Hotfix for Windows XP (KB895961) Hotfix for Windows XP (KB896256) Hotfix for Windows XP (KB899337) Hotfix for Windows XP (KB899510) Hotfix for Windows XP (KB902841) Hotfix for Windows XP (KB908673) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB914642) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB952287) IKEA Home Planner iTunes J2SE Runtime Environment 5.0 Update 11 Java 6 Update 15 Java 6 Update 2 Java 6 Update 5 Java SE Runtime Environment 6 Update 1 Last.fm 1.5.4.27091 LG USB Modem driver LimeWire 4.14.8 Malwarebytes' Anti-Malware version 1.51.1.1800 Microsoft .NET Framework 1.0 Hotfix (KB930494) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office XP Professional with FrontPage Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable - KB2467175 mkw Audio Compression Toolkit MobileMe Control Panel Mozilla Firefox (3.6.17) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MusicBrainz Picard 0.7.2 Norton 360 Otto PopCap Browser Plugin PowerDVD 5.7 QuickTime Roxio DLA Roxio MyDVD LE Roxio RecordNow Audio Roxio RecordNow Copy Roxio RecordNow Data ScanSoft OmniPage SE 4.0 Security Update for CAPICOM (KB931906) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917537) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926247) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933566) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937894) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB939373) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB941693) Security Update for Windows XP (KB942830) Security Update for Windows XP (KB942831) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB945553) Security Update for Windows XP (KB946026) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB948590) Security Update for Windows XP (KB948881) Security Update for Windows XP (KB950749) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Shareaza 2.3.1.0 SigmaTel Audio Skype Toolbars Skype™ 4.2 Sonic Encoders Sonic Foundry Sound Forge 6.0d Sonic Update Manager Sound Blaster ADVANCED MB Drivers Spybot - Search & Destroy Symantec Technical Support Web Controls tagtraum industries beaTunes 1.2.1 Unity Web Player Update for Windows Media Player 10 (KB913800) Update for Windows Media Player 10 (KB926251) Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB932823-v3) Update for Windows XP (KB933360) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update Rollup 2 for Windows XP Media Center Edition 2005 Viewpoint Media Player WebFldrs XP WIDCOMM Bluetooth Software Winamp (remove only) Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04) Windows Genuine Advantage Validation Tool (KB892130) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Media Format Runtime Windows Media Player Firefox Plugin Windows XP Hotfix - KB839210 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885855 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows XP Media Center Edition 2005 KB908250 Windows XP Service Pack 3 XPMedic Xvid 1.1.3 final uninstall . ==== Event Viewer Messages From Past Week ======== . 8/22/2011 9:23:53 PM, error: System Error [1003] - Error code 1000000a, parameter1 00000016, parameter2 0000001c, parameter3 00000000, parameter4 804fa246. 8/21/2011 8:42:45 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the N360 service. 8/21/2011 8:34:56 PM, error: Dhcp [1002] - The IP address lease 192.168.0.100 for the Network Card with network address 0016CF20913F has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message). 8/21/2011 10:25:15 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period. 8/17/2011 7:02:06 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s). 8/17/2011 7:02:06 PM, error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s). 8/17/2011 6:43:53 PM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s). 8/17/2011 6:43:52 PM, error: Service Control Manager [7034] - The World Wide Web Publishing service terminated unexpectedly. It has done this 1 time(s). 8/17/2011 6:43:52 PM, error: Service Control Manager [7034] - The Simple Mail Transfer Protocol (SMTP) service terminated unexpectedly. It has done this 1 time(s). 8/17/2011 6:43:52 PM, error: Service Control Manager [7034] - The Media Center Scheduler Service service terminated unexpectedly. It has done this 1 time(s). 8/17/2011 6:43:52 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). 8/17/2011 6:43:52 PM, error: Service Control Manager [7034] - The Creative Labs Licensing Service service terminated unexpectedly. It has done this 1 time(s). 8/17/2011 6:43:52 PM, error: Service Control Manager [7031] - The Media Center Receiver Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 8/17/2011 6:43:52 PM, error: Service Control Manager [7031] - The IIS Admin service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1 milliseconds: Run the configured recovery program. 8/17/2011 6:43:51 PM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s). 8/17/2011 6:43:51 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s). 8/17/2011 6:43:51 PM, error: Service Control Manager [7031] - The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 8/17/2011 6:43:51 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 8/17/2011 6:43:50 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s). 8/16/2011 9:47:49 PM, error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified. 8/16/2011 9:30:22 PM, error: Service Control Manager [7034] - The NT LM Security Support Provider service terminated unexpectedly. It has done this 6 time(s). 8/16/2011 7:36:42 PM, error: Service Control Manager [7034] - The NT LM Security Support Provider service terminated unexpectedly. It has done this 5 time(s). 8/16/2011 7:14:46 PM, error: Service Control Manager [7034] - The NT LM Security Support Provider service terminated unexpectedly. It has done this 4 time(s). 8/16/2011 7:03:27 PM, error: Service Control Manager [7034] - The NT LM Security Support Provider service terminated unexpectedly. It has done this 3 time(s). 8/16/2011 7:02:55 PM, error: Service Control Manager [7034] - The NT LM Security Support Provider service terminated unexpectedly. It has done this 2 time(s). 8/16/2011 7:02:46 PM, error: Service Control Manager [7034] - The NT LM Security Support Provider service terminated unexpectedly. It has done this 1 time(s). 8/15/2011 6:52:27 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 8/15/2011 6:48:15 AM, error: Dhcp [1002] - The IP address lease 192.168.1.124 for the Network Card with network address 0016CF20913F has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message). . ==== End Of File ===========================
  5. Good evening! For about a week I've been getting some (not all) of my google search results redirected to random other search sites, as well as pop-ups from Malware bytes that outbound connections have been blocked from different sites - one being 91.217.153.48 (if that matters). Also, Norton keeps notifying me that msrepl4032.dll (Trojan Horse) was detected by Auto-Protect - a file which I can't actually locate on the machine. Malware bytes log is below. DDS log follows. Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7539 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 8/22/2011 9:36:30 PM mbam-log-2011-08-22 (21-36-30).txt Scan type: Quick scan Objects scanned: 185605 Time elapsed: 5 minute(s), 54 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.