Jump to content

Malwarebytes will not detect and remove two viruses


Recommended Posts

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:40:06 PM, on 8/19/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Lexmark X74-X75\lxbbbmon.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\ASUS\Probe\AsusProb.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\SEC\MagicTune 2.5\GammaTray.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\NETGEAR\WPN111\wpn111.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

c:\program files\aol radio toolbar\aolradiotbServer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.marketwatch.com/?siteid=&av...n&dist=ctmw

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe

O2 - BHO: AOL Radio Toolbar Loader - {2abdb2f7-4cbf-4939-ba12-fddc827b6a2d} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll

O3 - Toolbar: AOL Radio Toolbar - {9167da98-6f9b-46f1-991d-826cae46cab6} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll

O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"

O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - Global Startup: Color Calibration.lnk = ?

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?

O8 - Extra context menu item: &AOL Radio Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL Radio Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab

O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/...ns.10.6.0.8.cab

O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/ht...ALStreaming.cab

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-24-0.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1142877182979

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144922415828

O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} - http://www.investors.com/member/ocx/plotwon.ocx

O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-27-0.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15034/CTPID.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Update Service (gupdate1c9f608d16768da) (gupdate1c9f608d16768da) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--

End of file - 16954 bytes

Malwarebytes' Anti-Malware 1.40

Database version: 2610

Windows 5.1.2600 Service Pack 3

8/17/2009 6:40:18 PM

mbam-log-2009-08-17 (18-40-18).txt

Scan type: Full Scan (C:\|D:\|E:\|H:\|)

Objects scanned: 435437

Time elapsed: 1 hour(s), 37 minute(s), 18 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hi rbdbadab and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Where are these trojans being detected and what are they detected as? What program is reporting them??

-screen317

Update to MBAM done. Here is the log. Norton 360 is reporting the viruses. I am not sure how to determine where the trojans are being detected, I assume on the C/ drive. Not sure what you mean " detected as". Norton says the viruses can not be removed with the program. When I go to a live person of course they want money to do anything. I purchased Malwarebyte and the first scan seem to locate and fix many issues. Now it does not detect anything malicious. Currently my Google searches are being redirected.

Malwarebytes' Anti-Malware 1.40

Database version: 2663

Windows 5.1.2600 Service Pack 3

8/20/2009 7:46:39 AM

mbam-log-2009-08-20 (07-46-39).txt

Scan type: Quick Scan

Objects scanned: 108622

Time elapsed: 17 minute(s), 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Staff

Okay thank you for the information.

Update to MBAM done. Here is the log. Norton 360 is reporting the viruses. I am not sure how to determine where the trojans are being detected, I assume on the C/ drive. Not sure what you mean " detected as". Norton says the viruses can not be removed with the program. When I go to a live person of course they want money to do anything. I purchased Malwarebyte and the first scan seem to locate and fix many issues. Now it does not detect anything malicious. Currently my Google searches are being redirected.
Do you pay for Norton 360? I can recommend far better antivirus programs that are free if you would like to stop using Norton. We appreciate that you purchased MBAM. <_<

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Okay thank you for the information.

Do you pay for Norton 360? I can recommend far better antivirus programs that are free if you would like to stop using Norton. We appreciate that you purchased MBAM. <_<

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

-screen317

ComboFix 09-08-19.0C - media user 08/20/2009 16:24.1.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1606 [GMT -5:00]

Running from: c:\documents and settings\media user\Desktop\ComboFix.exe

AV: Norton 360 *On-access scanning disabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}

FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\-2133644063

c:\documents and settings\media user\Application Data\inst.exe

c:\recycler\NPROTECT

c:\windows\a3kebook.ini

c:\windows\akebook.ini

c:\windows\ANS2000.INI

c:\windows\COUPON~1.OCX

c:\windows\CouponPrinter.ocx

c:\windows\Installer\1354ea.msi

c:\windows\Installer\eaeab9.msp

c:\windows\system32\_004915_.tmp.dll

c:\windows\system32\_004916_.tmp.dll

c:\windows\system32\_004917_.tmp.dll

c:\windows\system32\_004918_.tmp.dll

c:\windows\system32\_004925_.tmp.dll

c:\windows\system32\_004926_.tmp.dll

c:\windows\system32\_004927_.tmp.dll

c:\windows\system32\_004929_.tmp.dll

c:\windows\system32\_004930_.tmp.dll

c:\windows\system32\_004933_.tmp.dll

c:\windows\system32\_004934_.tmp.dll

c:\windows\system32\_004936_.tmp.dll

c:\windows\system32\_004937_.tmp.dll

c:\windows\system32\_004938_.tmp.dll

c:\windows\system32\_004940_.tmp.dll

c:\windows\system32\_004943_.tmp.dll

c:\windows\system32\_004944_.tmp.dll

c:\windows\system32\_004945_.tmp.dll

c:\windows\system32\_004946_.tmp.dll

c:\windows\system32\_004947_.tmp.dll

c:\windows\system32\_004948_.tmp.dll

c:\windows\system32\_004949_.tmp.dll

c:\windows\system32\_004950_.tmp.dll

c:\windows\system32\_004951_.tmp.dll

c:\windows\system32\_004954_.tmp.dll

c:\windows\system32\_004955_.tmp.dll

c:\windows\system32\_004956_.tmp.dll

c:\windows\system32\_004957_.tmp.dll

c:\windows\system32\_004958_.tmp.dll

c:\windows\system32\_004959_.tmp.dll

c:\windows\system32\_004960_.tmp.dll

c:\windows\system32\_004961_.tmp.dll

c:\windows\system32\_004962_.tmp.dll

c:\windows\system32\_004963_.tmp.dll

c:\windows\system32\_004964_.tmp.dll

c:\windows\system32\_004965_.tmp.dll

c:\windows\system32\_004966_.tmp.dll

c:\windows\system32\_004967_.tmp.dll

c:\windows\system32\_004968_.tmp.dll

c:\windows\system32\_004969_.tmp.dll

c:\windows\system32\_004970_.tmp.dll

c:\windows\system32\_004971_.tmp.dll

c:\windows\system32\_004972_.tmp.dll

c:\windows\system32\_004973_.tmp.dll

c:\windows\system32\_004974_.tmp.dll

c:\windows\system32\_004975_.tmp.dll

c:\windows\system32\_004976_.tmp.dll

c:\windows\system32\_004977_.tmp.dll

c:\windows\system32\_004978_.tmp.dll

c:\windows\system32\_004979_.tmp.dll

c:\windows\system32\_004980_.tmp.dll

c:\windows\system32\_004981_.tmp.dll

c:\windows\system32\_004982_.tmp.dll

c:\windows\system32\_004983_.tmp.dll

c:\windows\system32\_004984_.tmp.dll

c:\windows\system32\_004986_.tmp.dll

c:\windows\system32\_004988_.tmp.dll

c:\windows\system32\_004989_.tmp.dll

c:\windows\system32\_004990_.tmp.dll

c:\windows\system32\_004991_.tmp.dll

c:\windows\system32\_004992_.tmp.dll

c:\windows\system32\_004994_.tmp.dll

c:\windows\system32\_004995_.tmp.dll

c:\windows\system32\_004996_.tmp.dll

c:\windows\system32\_004997_.tmp.dll

c:\windows\system32\_004998_.tmp.dll

c:\windows\system32\_005000_.tmp.dll

c:\windows\system32\_005002_.tmp.dll

c:\windows\system32\_005003_.tmp.dll

c:\windows\system32\_005004_.tmp.dll

c:\windows\system32\_005005_.tmp.dll

c:\windows\system32\_005006_.tmp.dll

c:\windows\system32\_005007_.tmp.dll

c:\windows\system32\_005008_.tmp.dll

c:\windows\system32\_005009_.tmp.dll

c:\windows\system32\_005010_.tmp.dll

c:\windows\system32\_005011_.tmp.dll

c:\windows\system32\_005012_.tmp.dll

c:\windows\system32\_005014_.tmp.dll

c:\windows\system32\_005015_.tmp.dll

c:\windows\system32\_005016_.tmp.dll

c:\windows\system32\_005017_.tmp.dll

c:\windows\system32\_005018_.tmp.dll

c:\windows\system32\_005019_.tmp.dll

c:\windows\system32\_005020_.tmp.dll

c:\windows\system32\_005021_.tmp.dll

c:\windows\system32\_005022_.tmp.dll

c:\windows\system32\_005023_.tmp.dll

c:\windows\system32\_005024_.tmp.dll

c:\windows\system32\_005025_.tmp.dll

c:\windows\system32\_005027_.tmp.dll

c:\windows\system32\_005028_.tmp.dll

c:\windows\system32\_005029_.tmp.dll

c:\windows\system32\_005030_.tmp.dll

c:\windows\system32\_005032_.tmp.dll

c:\windows\system32\_005034_.tmp.dll

c:\windows\system32\_005035_.tmp.dll

c:\windows\system32\_005036_.tmp.dll

c:\windows\system32\_005037_.tmp.dll

c:\windows\system32\_005038_.tmp.dll

c:\windows\system32\_005039_.tmp.dll

c:\windows\system32\_005040_.tmp.dll

c:\windows\system32\_005042_.tmp.dll

c:\windows\system32\_005043_.tmp.dll

c:\windows\system32\_005044_.tmp.dll

c:\windows\system32\_005045_.tmp.dll

c:\windows\system32\_005046_.tmp.dll

c:\windows\system32\_005047_.tmp.dll

c:\windows\system32\_005048_.tmp.dll

c:\windows\system32\_005049_.tmp.dll

c:\windows\system32\_005051_.tmp.dll

c:\windows\system32\_005052_.tmp.dll

c:\windows\system32\_005054_.tmp.dll

c:\windows\system32\_005055_.tmp.dll

c:\windows\system32\_005057_.tmp.dll

c:\windows\system32\_005058_.tmp.dll

c:\windows\system32\_005062_.tmp.dll

c:\windows\system32\_005063_.tmp.dll

c:\windows\system32\_005065_.tmp.dll

c:\windows\system32\_005068_.tmp.dll

c:\windows\system32\_005070_.tmp.dll

c:\windows\system32\_005071_.tmp.dll

c:\windows\system32\_005072_.tmp.dll

c:\windows\system32\_005073_.tmp.dll

c:\windows\system32\_005076_.tmp.dll

c:\windows\system32\_005077_.tmp.dll

c:\windows\system32\_005078_.tmp.dll

c:\windows\system32\_005079_.tmp.dll

c:\windows\system32\_005080_.tmp.dll

c:\windows\system32\_005085_.tmp.dll

c:\windows\system32\_005087_.tmp.dll

c:\windows\system32\_005088_.tmp.dll

c:\windows\system32\drivers\gxvxcnelamxejyptlisjmwxwiyloappvudneo.sys

c:\windows\system32\drivers\gxvxcohbmlidwkmrdftujyrobrrpiisvqwbwa.sys

c:\windows\system32\drivers\gxvxcqmoougextfhlrionukjitaorjunrdwky.sys

c:\windows\system32\gxvxccount

c:\windows\system32\gxvxckdnlrlmetvasoklonaatxprgpqitfkcv.dll

c:\windows\system32\gxvxcpysxjdpaowmeksxugeaealdboypxdhxr.dll

c:\windows\system32\SET464.tmp

c:\windows\system32\SET4E4.tmp

c:\windows\system32\SET673.tmp

c:\windows\system32\SET6D6.tmp

c:\windows\system32\SET7AB.tmp

c:\windows\system32\SET8C8.tmp

H:\Autorun.inf

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_gxvxcserv.sys

-------\Legacy_gxvxcserv.sys

((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 )))))))))))))))))))))))))))))))

.

2009-08-19 19:39 . 2009-08-19 19:39 -------- d-----w- c:\program files\Trend Micro

2009-08-16 17:21 . 2009-08-19 18:15 -------- d-----w- C:\NSS

2009-08-16 17:18 . 2009-08-16 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZipSE

2009-08-16 17:18 . 2009-08-16 17:18 -------- d-----w- c:\program files\WinZip Self-Extractor

2009-08-16 17:13 . 2009-08-16 17:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Help

2009-08-16 15:19 . 2009-08-16 15:40 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-08-13 00:02 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-08-09 21:36 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-09 21:36 . 2009-08-12 00:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-09 21:36 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-06 11:12 . 2009-08-09 20:43 -------- d-----w- c:\program files\Carbonite

2009-08-06 11:10 . 2009-08-06 11:10 152576 ----a-w- c:\documents and settings\media user\Application Data\Sun\Java\jre1.6.0_15\lzma.dll

2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-20 21:43 . 2006-03-25 21:47 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-08-13 01:57 . 2008-06-26 14:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-08-09 20:40 . 2008-08-04 18:57 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-08-06 11:12 . 2006-06-13 11:41 -------- d-----w- c:\program files\Java

2009-08-05 09:01 . 2001-08-23 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-01 01:15 . 2009-02-17 17:09 -------- d-----w- c:\program files\Microsoft Silverlight

2009-07-25 10:23 . 2008-11-25 13:52 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-07-17 19:01 . 2001-08-23 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 04:43 . 2006-03-20 17:08 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-12 12:34 . 2006-03-21 00:37 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI MMC

2009-07-04 15:40 . 2009-07-04 15:40 -------- d-----w- c:\program files\SEC

2009-07-04 15:40 . 2006-03-20 17:20 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-07-03 17:09 . 2001-08-23 12:00 915456 ----a-w- c:\windows\system32\wininet.dll

2009-06-28 14:55 . 2008-06-17 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Corporation

2009-06-28 14:54 . 2006-07-15 14:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint

2009-06-28 14:53 . 2006-03-25 16:14 -------- d-----w- c:\program files\Common Files\Real

2009-06-28 14:50 . 2006-07-15 14:03 -------- d-----w- c:\program files\QuickTime

2009-06-28 14:48 . 2007-05-13 12:11 -------- d-----w- c:\program files\PlayLinc

2009-06-27 22:50 . 2009-02-17 17:08 -------- d-----w- c:\program files\Windows Desktop Search

2009-06-26 11:08 . 2007-10-27 17:45 499712 ----a-w- c:\windows\system32\msvcp71.dll

2009-06-26 11:08 . 2007-10-27 17:45 348160 ----a-w- c:\windows\system32\msvcr71.dll

2009-06-26 02:52 . 2009-06-26 02:52 25214 ----a-r- c:\documents and settings\media user\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe

2009-06-26 02:52 . 2009-06-26 02:52 25214 ----a-r- c:\documents and settings\media user\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe

2009-06-26 02:52 . 2009-06-26 02:52 25214 ----a-r- c:\documents and settings\media user\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe

2009-06-26 02:52 . 2009-06-26 02:52 25214 ----a-r- c:\documents and settings\media user\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe

2009-06-26 02:52 . 2009-06-26 02:52 25214 ----a-r- c:\documents and settings\media user\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe

2009-06-26 02:52 . 2009-06-26 02:52 25214 ----a-r- c:\documents and settings\media user\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\ARPPRODUCTICON.exe

2009-06-26 02:49 . 2006-04-03 23:04 -------- d-----w- c:\program files\Google

2009-06-26 02:48 . 2009-06-26 02:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2009-06-26 02:04 . 2009-06-26 02:04 -------- d-----w- c:\program files\Enigma Software Group

2009-06-25 08:25 . 2008-08-05 14:16 730112 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:25 . 2008-08-05 14:16 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:25 . 2008-08-05 14:16 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-25 08:25 . 2001-08-23 12:00 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:25 . 2001-08-23 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:25 . 2001-08-23 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-24 11:18 . 2008-08-05 14:16 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-16 14:36 . 2001-08-23 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:36 . 2001-08-23 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-15 10:51 . 2009-06-15 10:51 152576 ----a-w- c:\documents and settings\media user\Application Data\Sun\Java\jre1.6.0_14\lzma.dll

2009-06-12 12:31 . 2001-08-23 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-12 12:31 . 2001-08-23 12:00 76288 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 14:19 . 2006-03-20 15:46 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 14:13 . 2001-08-23 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 06:14 . 2008-08-05 14:16 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-07 13:30 . 2008-01-27 00:33 47360 ----a-w- c:\documents and settings\media user\Application Data\pcouffin.sys

2009-06-07 13:30 . 2008-01-27 00:33 47360 ----a-w- c:\documents and settings\media user\Application Data\pcouffin.sys

2009-06-03 19:09 . 2001-08-23 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll

2009-05-25 05:24 . 2008-05-27 04:18 350208 ------w- c:\windows\system32\mssph.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-11-23 851968]

"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-04 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Lexmark X74-X75"="c:\program files\Lexmark X74-X75\lxbbbmgr.exe" [2002-06-25 57344]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-30 29744]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]

"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]

"ASUS Probe"="c:\program files\ASUS\Probe\AsusProb.exe" [2002-12-06 617984]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-08-03 419088]

"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\CTXFIHLP.EXE [2006-08-11 18944]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Color Calibration.lnk - c:\program files\SEC\MagicTune 2.5\GammaTray.exe [2009-7-4 36864]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-12-29 67128]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-29 805392]

NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2009-2-17 884795]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 08:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0ouxx.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2bhxx.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3afxx.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4tyxx.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati5nsxx.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati5sxxx.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6mrxx.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati7gmxx.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

"VerizonServicepoint.exe"=c:\program files\Verizon\Servicepoint\VerizonServicepoint.exe

"AOLDialer"=c:\program files\Common Files\AOL\ACS\AOLDial.exe

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

"ATIPTA"=c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"

"ASUS Probe"=c:\program files\ASUS\Probe\AsusProb.exe

"CTHelper"=CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\LEXPPS.EXE"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\winver.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [1/12/2006 12:56 PM 116264]

R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 2:37 PM 149352]

R2 lowpp;Lowrance MMC Parallel Port Driver;c:\windows\system32\drivers\lowpp.sys [8/5/2007 2:39 PM 7787]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/9/2009 4:36 PM 232720]

R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [12/31/2001 11:08 PM 17149]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/26/2009 1:50 PM 101936]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/9/2009 4:36 PM 19096]

R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [2/17/2009 8:23 AM 384608]

S0 ati0ouxx;ati0ouxx;c:\windows\system32\Drivers\ati0ouxx.sys --> c:\windows\system32\Drivers\ati0ouxx.sys [?]

S0 ati2bhxx;ati2bhxx;c:\windows\system32\Drivers\ati2bhxx.sys --> c:\windows\system32\Drivers\ati2bhxx.sys [?]

S0 ati3afxx;ati3afxx;c:\windows\system32\Drivers\ati3afxx.sys --> c:\windows\system32\Drivers\ati3afxx.sys [?]

S0 ati4tyxx;ati4tyxx;c:\windows\system32\Drivers\ati4tyxx.sys --> c:\windows\system32\Drivers\ati4tyxx.sys [?]

S0 ati5nsxx;ati5nsxx;c:\windows\system32\Drivers\ati5nsxx.sys --> c:\windows\system32\Drivers\ati5nsxx.sys [?]

S0 ati5sxxx;ati5sxxx;c:\windows\system32\Drivers\ati5sxxx.sys --> c:\windows\system32\Drivers\ati5sxxx.sys [?]

S0 ati6mrxx;ati6mrxx;c:\windows\system32\Drivers\ati6mrxx.sys --> c:\windows\system32\Drivers\ati6mrxx.sys [?]

S0 ati7gmxx;ati7gmxx;c:\windows\system32\Drivers\ati7gmxx.sys --> c:\windows\system32\Drivers\ati7gmxx.sys [?]

S2 gupdate1c9f608d16768da;Google Update Service (gupdate1c9f608d16768da);c:\program files\Google\Update\GoogleUpdate.exe [6/25/2009 9:50 PM 133104]

S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [10/22/2003 3:27 PM 344800]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 9:32 PM 23888]

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/25/2006 6:57 PM 29744]

S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [10/19/2006 11:11 AM 10664]

S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [12/23/2007 9:49 AM 14095]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

2009-08-20 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]

2009-08-20 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-14 02:47]

2009-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 02:49]

2009-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 02:49]

2009-08-20 c:\windows\Tasks\User_Feed_Synchronization-{E690E9BB-0350-41B0-AEF7-F0E5CA9D96B4}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]

.

- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.marketwatch.com/?siteid=&avatar=seen&dist=ctmw

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

IE: &AOL Radio Toolbar Search - c:\documents and settings\All Users\Application Data\AOL Radio Toolbar\ieToolbar\resources\en-US\local\search.html

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-20 16:40

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(912)

c:\windows\system32\Ati2evxx.dll

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(1760)

c:\windows\system32\WININET.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll

c:\program files\Windows Media Player\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\windows\system32\LEXBCES.EXE

c:\windows\system32\LEXPPS.EXE

c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe

c:\windows\system32\ati2evxx.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\CTSVCCDA.EXE

c:\program files\CA\PPRT\bin\ITMRTSVC.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\MsPMSPSv.exe

c:\windows\system32\searchindexer.exe

c:\program files\Lexmark X74-X75\lxbbbmon.exe

c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe

c:\windows\system32\searchprotocolhost.exe

c:\windows\system32\searchfilterhost.exe

.

**************************************************************************

.

Completion time: 2009-08-20 16:52 - machine was rebooted

ComboFix-quarantined-files.txt 2009-08-20 21:52

Pre-Run: 76,836,466,688 bytes free

Post-Run: 76,707,332,096 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

450 --- E O F --- 2009-08-17 01:15

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:55:34 PM, on 8/20/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Lexmark X74-X75\lxbbbmon.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\ASUS\Probe\AsusProb.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\SEC\MagicTune 2.5\GammaTray.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\NETGEAR\WPN111\wpn111.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE

C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.marketwatch.com/?siteid=&av...n&dist=ctmw

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AOL Radio Toolbar Loader - {2abdb2f7-4cbf-4939-ba12-fddc827b6a2d} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll

O3 - Toolbar: AOL Radio Toolbar - {9167da98-6f9b-46f1-991d-826cae46cab6} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll

O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"

O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - Global Startup: Color Calibration.lnk = ?

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?

O8 - Extra context menu item: &AOL Radio Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL Radio Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab

O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/...ns.10.6.0.8.cab

O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/ht...ALStreaming.cab

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-24-0.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1142877182979

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144922415828

O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} - http://www.investors.com/member/ocx/plotwon.ocx

O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-27-0.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15034/CTPID.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Update Service (gupdate1c9f608d16768da) (gupdate1c9f608d16768da) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--

End of file - 16606 bytes

Link to post
Share on other sites

  • Staff

Hi,

Please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the quotebox below into Notepad:

Driver::

ati0ouxx

ati2bhxx

ati3afxx

ati4tyxx

ati5nsxx

ati5sxxx

ati6mrxx

ati7gmxx

Registry::

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0ouxx.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2bhxx.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3afxx.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4tyxx.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati5nsxx.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati5sxxx.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6mrxx.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati7gmxx.sys]

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

After that, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now.

-screen317

Link to post
Share on other sites

Hi,

Please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the quotebox below into Notepad:

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

After that, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now.

-screen317

ComboFix 09-08-20.07 - media user 08/21/2009 16:08.2.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1387 [GMT -5:00]

Running from: c:\documents and settings\media user\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\media user\Desktop\CFScript.txt

AV: Norton 360 *On-access scanning disabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}

FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\wpd99.drv

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_ati0ouxx

-------\Service_ati2bhxx

-------\Service_ati3afxx

-------\Service_ati4tyxx

-------\Service_ati5nsxx

-------\Service_ati5sxxx

-------\Service_ati6mrxx

-------\Service_ati7gmxx

((((((((((((((((((((((((( Files Created from 2009-07-21 to 2009-08-21 )))))))))))))))))))))))))))))))

.

2009-08-19 19:39 . 2009-08-19 19:39 -------- d-----w- c:\program files\Trend Micro

2009-08-16 17:21 . 2009-08-19 18:15 -------- d-----w- C:\NSS

2009-08-16 17:18 . 2009-08-16 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZipSE

2009-08-16 17:18 . 2009-08-16 17:18 -------- d-----w- c:\program files\WinZip Self-Extractor

2009-08-16 17:13 . 2009-08-16 17:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Help

2009-08-16 15:19 . 2009-08-16 15:40 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-08-13 00:02 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-08-09 21:36 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-09 21:36 . 2009-08-12 00:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-09 21:36 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-06 11:12 . 2009-08-09 20:43 -------- d-----w- c:\program files\Carbonite

2009-08-06 11:10 . 2009-08-06 11:10 152576 ----a-w- c:\documents and settings\media user\Application Data\Sun\Java\jre1.6.0_15\lzma.dll

2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-21 21:25 . 2006-03-25 21:47 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-08-13 01:57 . 2008-06-26 14:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-08-09 20:40 . 2008-08-04 18:57 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-08-06 11:12 . 2006-06-13 11:41 -------- d-----w- c:\program files\Java

2009-08-05 09:01 . 2001-08-23 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-01 01:15 . 2009-02-17 17:09 -------- d-----w- c:\program files\Microsoft Silverlight

2009-07-25 10:23 . 2008-11-25 13:52 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-07-17 19:01 . 2001-08-23 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 04:43 . 2006-03-20 17:08 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-12 12:34 . 2006-03-21 00:37 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI MMC

2009-07-04 15:40 . 2009-07-04 15:40 -------- d-----w- c:\program files\SEC

2009-07-04 15:40 . 2006-03-20 17:20 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-07-03 17:09 . 2001-08-23 12:00 915456 ----a-w- c:\windows\system32\wininet.dll

2009-06-28 14:55 . 2008-06-17 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Corporation

2009-06-28 14:54 . 2006-07-15 14:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint

2009-06-28 14:53 . 2006-03-25 16:14 -------- d-----w- c:\program files\Common Files\Real

2009-06-28 14:50 . 2006-07-15 14:03 -------- d-----w- c:\program files\QuickTime

2009-06-28 14:48 . 2007-05-13 12:11 -------- d-----w- c:\program files\PlayLinc

2009-06-27 22:50 . 2009-02-17 17:08 -------- d-----w- c:\program files\Windows Desktop Search

2009-06-26 11:08 . 2007-10-27 17:45 499712 ----a-w- c:\windows\system32\msvcp71.dll

2009-06-26 11:08 . 2007-10-27 17:45 348160 ----a-w- c:\windows\system32\msvcr71.dll

2009-06-26 02:52 . 2009-06-26 02:52 25214 ----a-r- c:\documents and settings\media user\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe

2009-06-26 02:52 . 2009-06-26 02:52 25214 ----a-r- c:\documents and settings\media user\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe

2009-06-26 02:52 . 2009-06-26 02:52 25214 ----a-r- c:\documents and settings\media user\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe

2009-06-26 02:52 . 2009-06-26 02:52 25214 ----a-r- c:\documents and settings\media user\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe

2009-06-26 02:52 . 2009-06-26 02:52 25214 ----a-r- c:\documents and settings\media user\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe

2009-06-26 02:52 . 2009-06-26 02:52 25214 ----a-r- c:\documents and settings\media user\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\ARPPRODUCTICON.exe

2009-06-26 02:49 . 2006-04-03 23:04 -------- d-----w- c:\program files\Google

2009-06-26 02:48 . 2009-06-26 02:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2009-06-26 02:04 . 2009-06-26 02:04 -------- d-----w- c:\program files\Enigma Software Group

2009-06-25 08:25 . 2008-08-05 14:16 730112 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:25 . 2008-08-05 14:16 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:25 . 2008-08-05 14:16 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-25 08:25 . 2001-08-23 12:00 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:25 . 2001-08-23 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:25 . 2001-08-23 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-24 11:18 . 2008-08-05 14:16 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-16 14:36 . 2001-08-23 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:36 . 2001-08-23 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-15 10:51 . 2009-06-15 10:51 152576 ----a-w- c:\documents and settings\media user\Application Data\Sun\Java\jre1.6.0_14\lzma.dll

2009-06-12 12:31 . 2001-08-23 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-12 12:31 . 2001-08-23 12:00 76288 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 14:19 . 2006-03-20 15:46 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 14:13 . 2001-08-23 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 06:14 . 2008-08-05 14:16 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-07 13:30 . 2008-01-27 00:33 47360 ----a-w- c:\documents and settings\media user\Application Data\pcouffin.sys

2009-06-07 13:30 . 2008-01-27 00:33 47360 ----a-w- c:\documents and settings\media user\Application Data\pcouffin.sys

2009-06-03 19:09 . 2001-08-23 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll

2009-05-25 05:24 . 2008-05-27 04:18 350208 ------w- c:\windows\system32\mssph.dll

.

------- Sigcheck -------

[7] 2004-08-04 05:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys

[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys

[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\dllcache\ip6fw.sys

c:\windows\system32\drivers\ip6fw.sys ... is missing !!

.

((((((((((((((((((((((((((((( SnapShot@2009-08-20_21.41.49 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-08-21 21:23 . 2009-08-21 21:23 40960 c:\windows\Temp\rtdrvmon.exe

- 2009-08-20 21:39 . 2009-08-20 21:39 40960 c:\windows\Temp\rtdrvmon.exe

+ 2009-08-21 21:23 . 2009-08-21 21:23 16384 c:\windows\Temp\Perflib_Perfdata_ac0.dat

+ 2009-08-21 21:22 . 2009-08-21 21:22 16384 c:\windows\Temp\Perflib_Perfdata_7c0.dat

+ 2009-08-21 12:11 . 2009-08-21 12:11 16384 c:\windows\Temp\Perflib_Perfdata_788.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-11-23 851968]

"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-04 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Lexmark X74-X75"="c:\program files\Lexmark X74-X75\lxbbbmgr.exe" [2002-06-25 57344]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-30 29744]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]

"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]

"ASUS Probe"="c:\program files\ASUS\Probe\AsusProb.exe" [2002-12-06 617984]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-08-03 419088]

"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\CTXFIHLP.EXE [2006-08-11 18944]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Color Calibration.lnk - c:\program files\SEC\MagicTune 2.5\GammaTray.exe [2009-7-4 36864]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-12-29 67128]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-29 805392]

NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2009-2-17 884795]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 08:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

"VerizonServicepoint.exe"=c:\program files\Verizon\Servicepoint\VerizonServicepoint.exe

"AOLDialer"=c:\program files\Common Files\AOL\ACS\AOLDial.exe

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

"ATIPTA"=c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"

"ASUS Probe"=c:\program files\ASUS\Probe\AsusProb.exe

"CTHelper"=CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\LEXPPS.EXE"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\winver.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [1/12/2006 12:56 PM 116264]

R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 2:37 PM 149352]

R2 lowpp;Lowrance MMC Parallel Port Driver;c:\windows\system32\drivers\lowpp.sys [8/5/2007 2:39 PM 7787]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/9/2009 4:36 PM 232720]

R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [12/31/2001 11:08 PM 17149]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/26/2009 1:50 PM 101936]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/9/2009 4:36 PM 19096]

R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [2/17/2009 8:23 AM 384608]

S2 gupdate1c9f608d16768da;Google Update Service (gupdate1c9f608d16768da);c:\program files\Google\Update\GoogleUpdate.exe [6/25/2009 9:50 PM 133104]

S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [10/22/2003 3:27 PM 344800]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 9:32 PM 23888]

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/25/2006 6:57 PM 29744]

S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [10/19/2006 11:11 AM 10664]

S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [12/23/2007 9:49 AM 14095]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

2009-08-21 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]

2009-08-21 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-14 02:47]

2009-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 02:49]

2009-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 02:49]

2009-08-21 c:\windows\Tasks\User_Feed_Synchronization-{E690E9BB-0350-41B0-AEF7-F0E5CA9D96B4}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.marketwatch.com/?siteid=&avatar=seen&dist=ctmw

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

IE: &AOL Radio Toolbar Search - c:\documents and settings\All Users\Application Data\AOL Radio Toolbar\ieToolbar\resources\en-US\local\search.html

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-21 16:24

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(944)

c:\windows\system32\Ati2evxx.dll

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(1384)

c:\windows\system32\WININET.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll

c:\program files\Windows Media Player\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\windows\system32\ati2evxx.exe

c:\windows\system32\LEXBCES.EXE

c:\windows\system32\LEXPPS.EXE

c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\CTSVCCDA.EXE

c:\program files\CA\PPRT\bin\ITMRTSVC.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\MsPMSPSv.exe

c:\windows\system32\searchindexer.exe

c:\program files\Lexmark X74-X75\lxbbbmon.exe

c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe

.

**************************************************************************

.

Completion time: 2009-08-21 16:34 - machine was rebooted

ComboFix-quarantined-files.txt 2009-08-21 21:34

ComboFix2.txt 2009-08-20 21:52

Pre-Run: 76,608,290,816 bytes free

Post-Run: 76,671,946,752 bytes free

282 --- E O F --- 2009-08-17 01:15

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:35:47 PM, on 8/21/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe

C:\Program Files\Lexmark X74-X75\lxbbbmon.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\ASUS\Probe\AsusProb.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\NETGEAR\WPN111\wpn111.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.marketwatch.com/?siteid=&av...n&dist=ctmw

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AOL Radio Toolbar Loader - {2abdb2f7-4cbf-4939-ba12-fddc827b6a2d} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll

O3 - Toolbar: AOL Radio Toolbar - {9167da98-6f9b-46f1-991d-826cae46cab6} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll

O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"

O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - Global Startup: Color Calibration.lnk = ?

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?

O8 - Extra context menu item: &AOL Radio Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL Radio Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab

O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/...ns.10.6.0.8.cab

O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/ht...ALStreaming.cab

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-24-0.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1142877182979

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144922415828

O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} - http://www.investors.com/member/ocx/plotwon.ocx

O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-27-0.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15034/CTPID.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Update Service (gupdate1c9f608d16768da) (gupdate1c9f608d16768da) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--

End of file - 16158 bytes

I am doing the last steps now. I will post results.

Link to post
Share on other sites

Scanning Report

Friday, August 21, 2009 16:54:03 - 21:09:21

Computer name: BRUCKBAUER

Scanning type: Scan system for malware, spyware and rootkits

Target: C:\ D:\ H:\

--------------------------------------------------------------------------------

24 malware found

TrackingCookie.Questionmarket (spyware)

System (Disinfected)

TrackingCookie.Adinterax (spyware)

System (Disinfected)

TrackingCookie.2o7 (spyware)

System (Disinfected)

TrackingCookie.Advertising (spyware)

System (Disinfected)

TrackingCookie.Atdmt (spyware)

System (Disinfected)

TrackingCookie.Doubleclick (spyware)

System (Disinfected)

TrackingCookie.Revsci (spyware)

System (Disinfected)

TrackingCookie.Adbrite (spyware)

System (Disinfected)

TrackingCookie.Statcounter (spyware)

System (Disinfected)

TrackingCookie.Emediate (spyware)

System (Disinfected)

TrackingCookie.Atwola (spyware)

System (Disinfected)

Trojan-Downloader:W32/Fakevimes.gen!A (virus)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E57448A-894E-4385-A5D5-871A752A34ED}\RP0\A0000001.DLL (Renamed & Submitted)

Trojan-Downloader:W32/Fakevimes.gen!A (virus)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E57448A-894E-4385-A5D5-871A752A34ED}\RP0\A0000003.DLL (Renamed & Submitted)

Trojan.Script.104915 (virus)

C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\16210057.HTM (Renamed & Submitted)

Generic.XPL.ADODB.7027F9F6 (virus)

C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\509F7B5D.HTM (Renamed & Submitted)

Exploit.HTML.Agent.AO (virus)

C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\50A22559.HTM (Renamed & Submitted)

Exploit.Win32.WMF-PFV (virus)

C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\50AC234E.WMF (Renamed & Submitted)

Generic.XPL.ADODB.7027F9F6 (virus)

C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\51562A93.HTM (Renamed & Submitted)

Exploit.HTML.Agent.AO (virus)

C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\51595490.HTM (Renamed & Submitted)

Exploit.Win32.WMF-PFV (virus)

C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\515C7E8C.WMF (Renamed & Submitted)

Trojan.JS.Obsq.C (virus)

C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\74054E96.HTM (Renamed & Submitted)

Trojan.SWF.Downloader.Gen (virus)

C:\DOCUMENTS AND SETTINGS\MEDIA USER\MY DOCUMENTS\DARLENE DOCUMENTS\ROGER BRUCKBAUER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\WEL1YT0L\IMM728MM[1].SWF (Renamed & Submitted)

Trojan.SWF.Downloader.Gen (virus)

C:\DOCUMENTS AND SETTINGS\MEDIA USER\MY DOCUMENTS\DARLENE DOCUMENTS\ROGER BRUCKBAUER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\MGH91BJH\IMM728MM[1].SWF (Renamed & Submitted)

Trojan.SWF.Downloader.Gen (virus)

C:\DOCUMENTS AND SETTINGS\MEDIA USER\MY DOCUMENTS\DARLENE DOCUMENTS\ROGER BRUCKBAUER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\2L9FBQY2\IMM728MM[1].SWF (Renamed & Submitted)

--------------------------------------------------------------------------------

Statistics

Scanned:

Files: 132721

System: 6667

Not scanned: 10

Actions:

Disinfected: 11

Renamed: 13

Deleted: 0

Not cleaned: 0

Submitted: 13

Files not scanned:

C:\HIBERFIL.SYS

C:\PAGEFILE.SYS

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

C:\WINDOWS\SYSTEM32\CONFIG\SAM

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\LFS201OO\RICHI[1].EXE

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\780UTMMJ\K1113[1].EXE

C:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE

--------------------------------------------------------------------------------

Options

Scanning engines:

Scanning options:

Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR

Use advanced heuristics

--------------------------------------------------------------------------------

Copyright

Link to post
Share on other sites

  • Staff

Do uninstall Norton 360 before installing the new antivirus. Having more than one will cause them to conflict with one another and reduce their effectiveness.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) It is vital that you have a firewall. The one that comes with Windows XP is not sufficient in that it only checks incoming data. I recommend selecting one of the following free firewalls. Be sure to only install one.

Kerio

Comodo

Outpost

2) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

3) Download and install IE-Spyad, which will place over 5000 'bad' sites on your Internet Explorer Restricted List. A tutorial on it can be found here.

4) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

5) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

6) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

7) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.