Jump to content

google redirection to plexfind.com


Recommended Posts

Had vius infectino whcih was cleaned by Malwarebyte SW. Now run Malwarebyte sofrware and symante, both are clean but something is wrong. Google redirects to otehr web-site, e.g. plexfind.com.

In addition couple of other things don't work. Remote desktop connection does not functino anymore (doe snothing after clicking it).

Any ideas?

Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.

Reply:

I should also add that I have issues with the keyboard sometimes more, sometimes less. Mostly with captialization, but also order of characters. Tried different keyboard and different USB board, no change. Might be completely unrelated, though.

Updated MBAM and ran, still clean:

Malwarebytes' Anti-Malware 1.44

Database version: 3620

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

1/23/2010 9:29:57 AM

mbam-log-2010-01-23 (09-29-57).txt

Scan type: Quick Scan

Objects scanned: 161088

Time elapsed: 3 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS log:

DDS (Ver_09-12-01.01) - NTFSx86

Run by gxh at 9:30:30.53 on Sat 01/23/2010

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2567 [GMT -8:00]

AV: Live PC Care *On-access scanning enabled* (Updated) {04A8777D-EF6D-4ACD-9861-47843A999B7E}

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Live PC Care *enabled* {C941A628-ED4F-4EDB-AC6D-F7805CFDFED9}

============== Running Processes ===============

C:\WINNT\system32\Ati2evxx.exe

C:\WINNT\system32\svchost -k DcomLaunch

svchost.exe

C:\WINNT\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINNT\system32\Ati2evxx.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINNT\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Avaya\Avaya one-X Communicator\QosServM.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Intel\AMT\LMS.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINNT\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

C:\WINNT\system32\CCM\CcmExec.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\CCM\SMSCliUI.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe

C:\Program Files\Dell Photo AIO Printer 942\memcard.exe

C:\WINNT\system32\WDBtnMgr.exe

C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINNT\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\gxh\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=c:\winnt\system32\userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: AvayaIEHlprObj Class: {e6df0b46-7d6f-407a-a6a2-62d17a021a9a} - c:\program files\avaya\avaya one-x communicator\AvayaIEHelper.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"

mRun: [<NO NAME>]

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [vptray] c:\progra~1\symant~1\VPTray.exe

mRun: [Dell Photo AIO Printer 942] "c:\program files\dell photo aio printer 942\dlbubmgr.exe"

mRun: [DellMCM] "c:\program files\dell photo aio printer 942\memcard.exe"

mRun: [DLBUCATS] rundll32 c:\winnt\system32\spool\drivers\w32x86\3\DLBUtime.dll,_RunDLLEntry@16

mRun: [WD Button Manager] WDBtnMgr.exe

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\camera~1.lnk - c:\program files\pixela\everio mediabrowser hd edition\MBCameraMonitor.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\winnt\installer\{871df2be-41d2-4334-ac33-839af16fc8fe}\Icon3E5562ED7.ico

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237491250312

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238002861267

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://ilc.webex.com/client/T26L/webex/ieatgpc.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: AtiExtEvent - Ati2evxx.dll

Notify: NavLogon - c:\winnt\system32\NavLogon.dll

Notify: polsumgr - sdmngr.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll

IFEO: image file execution options - svchost.exe

IFEO: brastk.exe - svchost.exe

IFEO: mstsc.exe - svchost.exe

Hosts: 74.125.45.100 4-open-davinci.com

Hosts: 74.125.45.100 securitysoftwarepayments.com

Hosts: 74.125.45.100 privatesecuredpayments.com

Hosts: 74.125.45.100 secure.privatesecuredpayments.com

Hosts: 74.125.45.100 getantivirusplusnow.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gxh\applic~1\mozilla\firefox\profiles\3ltmo7p5.default\

FF - plugin: c:\documents and settings\gxh\application data\move networks\plugins\npqmp071701000002.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 SFAUDIO;Sonic Focus DSP Driver;c:\winnt\system32\drivers\sfaudio.sys [2009-3-20 24064]

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]

R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]

R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2009-3-25 2054680]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\winnt\system32\drivers\e1k5132.sys [2009-3-19 144992]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-30 102448]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100114.008\naveng.sys [2010-1-14 84912]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100114.008\navex15.sys [2010-1-14 1323568]

S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe --> c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [?]

S2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-6-6 1821376]

S3 vsdatant;vsdatant;c:\winnt\system32\vsdatant.sys [2005-1-26 280344]

=============== Created Last 30 ================

2010-01-20 21:24:50 221184 ----a-w- c:\winnt\system32\wmpns.dll

2010-01-20 21:11:33 79872 -c----w- c:\winnt\system32\dllcache\msxml6r.dll

2010-01-20 21:11:32 102912 -c----w- c:\winnt\system32\dllcache\dpcdll.dll

2010-01-20 21:11:11 19569 ----a-w- c:\winnt\000001_.tmp

2010-01-20 20:51:03 1033728 -c--a-w- c:\winnt\system32\dllcache\lhmstsc.exe

2010-01-20 20:51:03 1033728 ----a-w- c:\winnt\system32\mstsc.exe

2010-01-15 18:37:32 0 d-----w- c:\docume~1\gxh\applic~1\Malwarebytes

2010-01-15 18:37:29 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys

2010-01-15 18:37:28 19160 ----a-w- c:\winnt\system32\drivers\mbam.sys

2010-01-15 18:37:28 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-15 18:37:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-01-15 01:28:37 0 d-sh--w- c:\docume~1\alluse~1\applic~1\LPKUJXARNCG

2010-01-15 01:28:16 0 d-sh--w- c:\docume~1\alluse~1\applic~1\old-bdec4f7

2010-01-13 15:23:13 471552 -c----w- c:\winnt\system32\dllcache\aclayers.dll

2010-01-13 15:22:21 153088 -c----w- c:\winnt\system32\dllcache\triedit.dll

2010-01-13 15:21:44 1172480 -c----w- c:\winnt\system32\dllcache\msxml3.dll

2010-01-13 15:21:20 512000 -c----w- c:\winnt\system32\dllcache\jscript.dll

2010-01-13 15:18:38 274288 ----a-w- c:\winnt\system32\mucltui.dll

2010-01-13 15:18:38 16736 ----a-w- c:\winnt\system32\mucltui.dll.mui

2010-01-10 01:36:32 73728 ----a-w- c:\winnt\system32\javacpl.cpl

2010-01-10 01:36:32 411368 ----a-w- c:\winnt\system32\deploytk.dll

2010-01-06 05:18:13 0 d-----w- c:\program files\iPod

2010-01-06 05:18:10 0 d-----w- c:\program files\iTunes

2010-01-05 10:00:24 192512 -c----w- c:\winnt\system32\dllcache\iepeers.dll

2009-12-25 03:01:16 7680 --sha-w- c:\winnt\Thumbs.db

==================== Find3M ====================

2010-01-05 10:00:29 832512 ----a-w- c:\winnt\system32\wininet.dll

2010-01-05 10:00:21 78336 ----a-w- c:\winnt\system32\ieencode.dll

2010-01-05 10:00:20 17408 ----a-w- c:\winnt\system32\corpol.dll

============= FINISH: 9:30:36.09 ===============

Link to post
Share on other sites

When starting combofix it compained about symatec antivirus and PC Live running but when going to Services symatec was stopped and coould not fnd anything PC live. So ran anyways. When it rebooted some windows poped up with Visual C++ runtime library runtime error: program RTVscan.exe. So for some reason symatec seems to be disabled.

ComboFix 10-01-23.02 - gxh 01/23/2010 12:09:03.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2576 [GMT -8:00]

Running from: c:\documents and settings\gxh\Desktop\ComboFix.exe

AV: Live PC Care *On-access scanning enabled* (Updated) {04A8777D-EF6D-4ACD-9861-47843A999B7E}

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Live PC Care *enabled* {C941A628-ED4F-4EDB-AC6D-F7805CFDFED9}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

c:\documents and settings\gxh\My Documents\regfile9-26-09.reg

c:\recycler\S-1-5-21-1220945662-1450960922-839522115-500

----- BITS: Possible infected sites -----

hxxp://sccm01.win.slac.stanford.edu:80

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_MYWEBSEARCHSERVICE

-------\Service_MyWebSearchService

((((((((((((((((((((((((( Files Created from 2009-12-23 to 2010-01-23 )))))))))))))))))))))))))))))))

.

2010-01-22 19:59 . 2010-01-22 19:59 0 ----a-w- c:\winnt\nsreg.dat

2010-01-22 19:59 . 2010-01-22 19:59 -------- d-----w- c:\documents and settings\gxh\Local Settings\Application Data\Mozilla

2010-01-20 21:24 . 2008-04-14 13:42 221184 ----a-w- c:\winnt\system32\wmpns.dll

2010-01-20 21:11 . 2008-04-14 06:57 79872 -c----w- c:\winnt\system32\dllcache\msxml6r.dll

2010-01-20 21:11 . 2008-04-14 13:40 102912 -c----w- c:\winnt\system32\dllcache\dpcdll.dll

2010-01-20 20:51 . 2009-10-19 21:06 1033728 -c--a-w- c:\winnt\system32\dllcache\lhmstsc.exe

2010-01-20 20:51 . 2009-10-19 21:06 1033728 ----a-w- c:\winnt\system32\mstsc.exe

2010-01-20 00:48 . 2010-01-20 00:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

2010-01-15 18:37 . 2010-01-15 18:37 -------- d-----w- c:\documents and settings\gxh\Application Data\Malwarebytes

2010-01-15 18:37 . 2010-01-08 00:07 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys

2010-01-15 18:37 . 2010-01-15 18:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-15 18:37 . 2010-01-15 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-01-15 18:37 . 2010-01-08 00:07 19160 ----a-w- c:\winnt\system32\drivers\mbam.sys

2010-01-15 01:28 . 2010-01-15 01:28 -------- d-sh--w- c:\documents and settings\All Users\Application Data\LPKUJXARNCG

2010-01-15 01:28 . 2010-01-15 01:28 -------- d-sh--w- c:\documents and settings\All Users\Application Data\old-bdec4f7

2010-01-14 11:02 . 2010-01-14 11:02 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help

2010-01-13 15:23 . 2009-11-21 15:51 471552 -c----w- c:\winnt\system32\dllcache\aclayers.dll

2010-01-13 15:22 . 2009-06-21 21:44 153088 -c----w- c:\winnt\system32\dllcache\triedit.dll

2010-01-13 15:21 . 2009-07-31 04:35 1172480 -c----w- c:\winnt\system32\dllcache\msxml3.dll

2010-01-13 15:21 . 2009-08-13 15:16 512000 -c----w- c:\winnt\system32\dllcache\jscript.dll

2010-01-13 15:18 . 2009-08-07 03:23 274288 ----a-w- c:\winnt\system32\mucltui.dll

2010-01-10 01:36 . 2010-01-10 01:36 -------- d-----w- c:\winnt\Sun

2010-01-10 01:36 . 2010-01-10 01:36 411368 ----a-w- c:\winnt\system32\deploytk.dll

2010-01-10 01:36 . 2010-01-10 01:36 -------- d-----w- c:\program files\Java

2010-01-10 01:36 . 2010-01-10 01:36 152576 ----a-w- c:\documents and settings\gxh\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2010-01-10 01:36 . 2010-01-10 01:36 79488 ----a-w- c:\documents and settings\gxh\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2010-01-06 05:18 . 2010-01-06 05:18 -------- d-----w- c:\program files\iPod

2010-01-06 05:18 . 2010-01-06 05:18 -------- d-----w- c:\program files\iTunes

2010-01-06 05:16 . 2010-01-06 05:16 -------- d-----w- c:\program files\QuickTime

2010-01-06 05:14 . 2010-01-06 05:14 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe

2010-01-06 05:11 . 2010-01-06 05:11 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe

2010-01-05 10:00 . 2010-01-05 10:00 192512 -c----w- c:\winnt\system32\dllcache\iepeers.dll

2009-12-31 14:58 . 2009-12-30 09:00 259440 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2f3c37.vdb\ECMSVR32.DLL

2009-12-31 14:58 . 2009-12-08 00:01 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2f3c37.vdb\CCERASER.DLL

2009-12-31 14:58 . 2009-11-10 22:48 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2f3c37.vdb\NAVEX32A.DLL

2009-12-31 14:58 . 2009-11-10 22:48 84912 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2f3c37.vdb\NAVENG.SYS

2009-12-31 14:58 . 2009-11-10 22:48 177520 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2f3c37.vdb\NAVENG32.DLL

2009-12-31 14:58 . 2009-11-10 22:48 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2f3c37.vdb\NAVEX15.SYS

2009-12-31 14:58 . 2009-08-18 00:15 102448 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2f3c37.vdb\ERASER.SYS

2009-12-31 14:58 . 2009-08-18 00:15 371248 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2f3c37.vdb\EECTRL.SYS

2009-12-25 03:12 . 2009-12-25 03:12 -------- d-----w- c:\documents and settings\gxh\Local Settings\Application Data\Apple_Inc

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-20 02:53 . 2009-04-12 00:53 -------- d-----w- c:\program files\Dl_cats

2010-01-15 18:35 . 2009-05-09 01:07 1324 ----a-w- c:\winnt\system32\d3d9caps.dat

2010-01-15 18:35 . 2009-04-12 02:50 -------- d-----w- c:\documents and settings\gxh\Application Data\Apple Computer

2010-01-15 01:43 . 2009-03-25 17:11 -------- d---a-w- c:\program files\Symantec AntiVirus

2010-01-14 11:02 . 2009-03-25 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-01-06 05:18 . 2009-04-12 02:49 -------- d-----w- c:\program files\Common Files\Apple

2010-01-06 05:13 . 2009-08-24 19:44 -------- d-----w- c:\program files\Safari

2010-01-05 10:00 . 2009-03-19 19:30 832512 ----a-w- c:\winnt\system32\wininet.dll

2010-01-05 10:00 . 2009-03-19 19:28 78336 ----a-w- c:\winnt\system32\ieencode.dll

2010-01-05 10:00 . 2009-03-19 19:27 17408 ----a-w- c:\winnt\system32\corpol.dll

2010-01-04 18:07 . 2009-06-19 21:38 596240 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2009-12-12 04:17 . 2009-12-12 03:50 -------- d-----w- c:\documents and settings\gxh\Application Data\Move Networks

2009-12-12 03:50 . 2009-12-12 03:50 143976 ----a-w- c:\documents and settings\gxh\Application Data\Move Networks\uninstall.exe

2009-12-12 03:50 . 2009-10-15 00:50 5642688 ----a-w- c:\documents and settings\gxh\Application Data\Move Networks\plugins\npqmp071701000002.dll

2009-12-12 02:02 . 2009-07-16 01:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2009-12-12 02:02 . 2009-06-12 20:22 -------- d-----w- c:\program files\Norton Security Scan

2009-11-21 15:51 . 2009-03-19 19:27 471552 ----a-w- c:\winnt\AppPatch\aclayers.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-07-23 773144]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-06-06 125632]

"Dell Photo AIO Printer 942"="c:\program files\Dell Photo AIO Printer 942\dlbubmgr.exe" [2005-04-28 294912]

"DellMCM"="c:\program files\Dell Photo AIO Printer 942\memcard.exe" [2004-07-27 262144]

"DLBUCATS"="c:\winnt\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll" [2004-11-10 69632]

"WD Button Manager"="WDBtnMgr.exe" [2009-04-12 364544]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-07-24 1044480]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-10 149280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Camera Monitor HD.lnk - c:\program files\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe [2009-9-19 541976]

VPN Client.lnk - c:\winnt\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2009-4-11 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\polsumgr]

2005-03-07 23:45 312832 ----a-w- c:\winnt\system32\sdmngr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2109753547-1507289723-1169898988-14116\Scripts\Logon\0\0]

"Script"=\\win.slac.stanford.edu\SysVol\win.slac.stanford.edu\scripts\domainlogon.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINNT\\system32\\dlbucoms.exe"=

"c:\\WINNT\\system32\\spool\\drivers\\w32x86\\3\\DLBUPSWX.EXE"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\WINNT\\system32\\ftp.exe"=

"c:\\Program Files\\Avaya\\Avaya one-X Communicator\\SparkEmulator.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"135:TCP"= 135:TCP:TCP Port 135

"5000:TCP"= 5000:TCP:TCP Port 5000

"5001:TCP"= 5001:TCP:TCP Port 5001

"5002:TCP"= 5002:TCP:TCP Port 5002

"5003:TCP"= 5003:TCP:TCP Port 5003

"5004:TCP"= 5004:TCP:TCP Port 5004

"5005:TCP"= 5005:TCP:TCP Port 5005

"5006:TCP"= 5006:TCP:TCP Port 5006

"5007:TCP"= 5007:TCP:TCP Port 5007

"5008:TCP"= 5008:TCP:TCP Port 5008

"5009:TCP"= 5009:TCP:TCP Port 5009

"5010:TCP"= 5010:TCP:TCP Port 5010

"5011:TCP"= 5011:TCP:TCP Port 5011

"5012:TCP"= 5012:TCP:TCP Port 5012

"5013:TCP"= 5013:TCP:TCP Port 5013

"5014:TCP"= 5014:TCP:TCP Port 5014

"5015:TCP"= 5015:TCP:TCP Port 5015

"5016:TCP"= 5016:TCP:TCP Port 5016

"5017:TCP"= 5017:TCP:TCP Port 5017

"5018:TCP"= 5018:TCP:TCP Port 5018

"5019:TCP"= 5019:TCP:TCP Port 5019

"5020:TCP"= 5020:TCP:TCP Port 5020

R0 SFAUDIO;Sonic Focus DSP Driver;c:\winnt\system32\drivers\sfaudio.sys [3/20/2009 2:48 PM 24064]

R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [3/25/2009 8:52 AM 2054680]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\winnt\system32\drivers\e1k5132.sys [3/19/2009 11:32 AM 144992]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/30/2009 8:28 AM 102448]

.

Contents of the 'Scheduled Tasks' folder

2010-01-19 c:\winnt\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-01-22 c:\winnt\Tasks\Norton Security Scan for gxh.job

- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-12 00:54]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

FF - ProfilePath - c:\documents and settings\gxh\Application Data\Mozilla\Firefox\Profiles\3ltmo7p5.default\

FF - plugin: c:\documents and settings\gxh\Application Data\Move Networks\plugins\npqmp071701000002.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

**************************************************************************

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DLBUCATS = rundll32 c:\winnt\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(988)

c:\winnt\system32\Ati2evxx.dll

c:\winnt\system32\sdmngr.dll

- - - - - - - > 'explorer.exe'(2276)

c:\winnt\system32\WININET.dll

c:\winnt\system32\IEFRAME.dll

c:\winnt\system32\WPDShServiceObj.dll

c:\program files\WinSCP\DragExt.dll

c:\winnt\system32\PortableDeviceTypes.dll

c:\winnt\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\winnt\system32\Ati2evxx.exe

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe

c:\winnt\system32\Ati2evxx.exe

c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Cisco Systems\VPN Client\cvpnd.exe

c:\program files\Symantec AntiVirus\DefWatch.exe

c:\program files\Avaya\Avaya one-X Communicator\QosServM.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Intel\AMT\LMS.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\winnt\system32\CCM\CcmExec.exe

c:\winnt\system32\msiexec.exe

c:\winnt\system32\CCM\SMSCliUI.exe

c:\winnt\system32\WDBtnMgr.exe

c:\program files\Dell Photo AIO Printer 942\dlbubmon.exe

c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2010-01-23 12:18:06 - machine was rebooted

ComboFix-quarantined-files.txt 2010-01-23 20:18

Pre-Run: 182,754,164,736 bytes free

Post-Run: 183,007,813,632 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINNT

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - AE772DE6383FBFA8FDE2CB90EF6D0F83

Then downloaded hyjackthis and ran, below is the liog, I did not fix anything

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 12:19:05 PM, on 1/23/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16981)

Boot mode: Normal

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\Ati2evxx.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINNT\system32\Ati2evxx.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Avaya\Avaya one-X Communicator\QosServM.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Intel\AMT\LMS.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINNT\system32\svchost.exe

C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

C:\WINNT\system32\CCM\CcmExec.exe

C:\WINNT\system32\msiexec.exe

C:\WINNT\system32\CCM\SMSCliUI.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe

C:\Program Files\Dell Photo AIO Printer 942\memcard.exe

C:\WINNT\system32\WDBtnMgr.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\ComboFix\CF9021.cfxxe

C:\ComboFix\mbr.cfxxe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINNT\explorer.exe

C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: AvayaIEHlprObj Class - {E6DF0B46-7D6F-407A-A6A2-62D17A021A9A} - C:\Program Files\Avaya\Avaya one-X Communicator\AvayaIEHelper.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [picon] "C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"

O4 - HKLM\..\Run: [DellMCM] "C:\Program Files\Dell Photo AIO Printer 942\memcard.exe"

O4 - HKLM\..\Run: [DLBUCATS] rundll32 C:\WINNT\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - Global Startup: Camera Monitor HD.lnk = ?

O4 - Global Startup: VPN Client.lnk = ?

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://today.slac.stanford.edu/

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1237491250312

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1238002861267

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ilc.webex.com/client/T26L/webex/ieatgpc.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - Winlogon Notify: polsumgr - sdmngr.dll (file missing)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: dlbu_device - Dell - C:\WINNT\system32\dlbucoms.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iClarityQoSService - AVAYA Communication - C:\Program Files\Avaya\Avaya one-X Communicator\QosServM.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

--

End of file - 9502 bytes

Link to post
Share on other sites

  • Staff

Hi,

Please go to VirusTotal, and upload the following file for analysis:

c:\winnt\system32\sdmngr.dll

Post the results in your reply.

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

File sdmngr.dll received on 2010.01.23 20:55:35 (UTC)

Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 0/41 (0%)

Loading server information...

Your file is queued in position: ___.

Estimated start time is between ___ and ___ .

Do not close the window until scan is complete.

The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.

If you are waiting for more than five minutes you have to resend your file.

Your file is being scanned by VirusTotal in this moment,

results will be shown as they're generated.

Compact Print results

Your file has expired or does not exists.

Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.

Email:

Antivirus Version Last Update Result

a-squared 4.5.0.50 2010.01.23 -

AhnLab-V3 5.0.0.2 2010.01.23 -

AntiVir 7.9.1.146 2010.01.22 -

Antiy-AVL 2.0.3.7 2010.01.22 -

Authentium 5.2.0.5 2010.01.23 -

Avast 4.8.1351.0 2010.01.23 -

AVG 9.0.0.730 2010.01.23 -

BitDefender 7.2 2010.01.23 -

CAT-QuickHeal 10.00 2010.01.22 -

ClamAV 0.94.1 2010.01.22 -

Comodo 3683 2010.01.23 -

DrWeb 5.0.1.12222 2010.01.23 -

eSafe 7.0.17.0 2010.01.21 -

eTrust-Vet 35.2.7255 2010.01.22 -

F-Prot 4.5.1.85 2010.01.23 -

F-Secure 9.0.15370.0 2010.01.23 -

Fortinet 4.0.14.0 2010.01.23 -

GData 19 2010.01.23 -

Ikarus T3.1.1.80.0 2010.01.23 -

Jiangmin 13.0.900 2010.01.23 -

K7AntiVirus 7.10.952 2010.01.22 -

Kaspersky 7.0.0.125 2010.01.23 -

McAfee 5870 2010.01.23 -

McAfee+Artemis 5870 2010.01.23 -

McAfee-GW-Edition 6.8.5 2010.01.23 -

Microsoft 1.5405 2010.01.23 -

NOD32 4800 2010.01.23 -

Norman 6.04.03 2010.01.23 -

nProtect 2009.1.8.0 2010.01.23 -

Panda 10.0.2.2 2010.01.23 -

PCTools 7.0.3.5 2010.01.23 -

Prevx 3.0 2010.01.23 -

Rising 22.31.04.04 2010.01.22 -

Sophos 4.50.0 2010.01.23 -

Sunbelt 3.2.1858.2 2010.01.23 -

Symantec 20091.2.0.41 2010.01.23 -

TheHacker 6.5.0.9.160 2010.01.23 -

TrendMicro 9.120.0.1004 2010.01.23 -

VBA32 3.12.12.1 2010.01.23 -

ViRobot 2010.1.23.2152 2010.01.23 -

VirusBuster 5.0.21.0 2010.01.23 -

Additional information

File size: 312832 bytes

MD5...: 3ef2c0e817614a7277a8e8cc15be5ffc

SHA1..: 06479729aa744fb3451f4c04d58afe16ff5c0c4a

SHA256: 873a418571d86d9377b73562636992f13e19466eb0524bb8796b8b4c4b125902

ssdeep: 3072:ALTe3/QDy3TCvlSGFznOqIKvuqDGsV/J5oGRnDrs3UJWkU0UBlkHUfjvL1m

zVKId:kTu/ekIRuqRJ5ossVxmzVtX4wlh3mIP

PEiD..: -

PEInfo: PE Structure information

( base data )

entrypointaddress.: 0x20123

timedatestamp.....: 0x422ccb63 (Mon Mar 07 21:45:07 2005)

machinetype.......: 0x14c (I386)

( 6 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x2ad5e 0x2ae00 6.43 68f279d87d31a5be97b07ac44af130a7

.orpc 0x2c000 0x73 0x200 1.73 7531f2808cf5023c11aee5171875c429

.rdata 0x2d000 0xed49 0xee00 4.69 923ad4501e5cd04aa564147927cfc8ca

.data 0x3c000 0x3cbc 0x2400 3.84 4bb647c1afb8396fdead996bdb2488eb

.rsrc 0x40000 0x9fb8 0xa000 4.44 bc30371a899c822d71b1b7fc8fb2cb9a

.reloc 0x4a000 0x5e54 0x6000 4.03 d62b7f3b2b02b41952425d4b81513507

( 10 imports )

> ADVAPI32.dll: RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegCreateKeyExW, RegOpenKeyExW, RegSetValueExW, RegQueryInfoKeyW, RegEnumKeyExW, CreateProcessAsUserW, InitiateSystemShutdownExW, ConvertStringSecurityDescriptorToSecurityDescriptorW, RegOpenCurrentUser, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegQueryValueExW, DeregisterEventSource

> RPCRT4.dll: CStdStubBuffer_DebugServerRelease, CStdStubBuffer_CountRefs, CStdStubBuffer_IsIIDSupported, CStdStubBuffer_Invoke, CStdStubBuffer_Disconnect, CStdStubBuffer_Connect, CStdStubBuffer_AddRef, CStdStubBuffer_QueryInterface, NdrOleFree, NdrOleAllocate, IUnknown_Release_Proxy, IUnknown_AddRef_Proxy, IUnknown_QueryInterface_Proxy, NdrDllGetClassObject, NdrDllCanUnloadNow, NdrCStdStubBuffer_Release, NdrDllRegisterProxy, NdrDllUnregisterProxy, UuidCreate, UuidToStringW, RpcStringFreeW, CStdStubBuffer_DebugServerQueryInterface

> USERENV.dll: CreateEnvironmentBlock, DestroyEnvironmentBlock

> KERNEL32.dll: HeapDestroy, TlsGetValue, TlsSetValue, TlsFree, TlsAlloc, FlushFileBuffers, LCMapStringW, LCMapStringA, GetModuleHandleA, GetModuleHandleW, GetProcAddress, GetFileAttributesW, GetVersion, InterlockedExchange, GetACP, GetLocaleInfoA, GetThreadLocale, GetVersionExW, lstrlenW, lstrcpyW, RaiseException, InitializeCriticalSection, DeleteCriticalSection, GetLastError, InterlockedIncrement, InterlockedDecrement, lstrcmpiW, LoadLibraryW, SetLastError, GetModuleFileNameW, OutputDebugStringA, LoadLibraryExW, lstrcpynW, LeaveCriticalSection, EnterCriticalSection, FreeLibrary, MultiByteToWideChar, SizeofResource, LoadResource, FindResourceW, CloseHandle, CreateMutexW, ReleaseMutex, WaitForSingleObject, LoadLibraryA, FlushInstructionCache, GetCurrentProcess, HeapAlloc, GetProcessHeap, GetCurrentThreadId, HeapFree, Sleep, GetSystemTime, GetExitCodeProcess, CreateProcessW, SetEvent, LocalFree, CreateEventW, GetWindowsDirectoryW, GetLocalTime, GetCurrentThread, GetCurrentProcessId, lstrlenA, WideCharToMultiByte, OutputDebugStringW, lstrcatW, ExitProcess, lstrcmpW, CompareStringW, FormatMessageW, SystemTimeToFileTime, FileTimeToSystemTime, FileTimeToLocalFileTime, GetTickCount, GetComputerNameW, ExpandEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStringsW, DeleteFileW, LocalFileTimeToFileTime, OpenProcess, CreateFileW, SetFilePointer, WriteFile, CreateDirectoryW, SetFileAttributesW, RemoveDirectoryW, FindClose, FindNextFileW, FindFirstFileW, GlobalLock, GlobalFree, GlobalAlloc, IsBadCodePtr, GetFileType, GetSystemTimeAsFileTime, GetCommandLineA, HeapReAlloc, RtlUnwind, GetVersionExA, HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, QueryPerformanceCounter, GetModuleFileNameA, SetUnhandledExceptionFilter, GetOEMCP, GetCPInfo, GetStringTypeA, GetStringTypeW, VirtualProtect, GetSystemInfo, VirtualQuery, TerminateProcess, HeapSize, SetHandleCount, GetStdHandle, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, UnhandledExceptionFilter, SetStdHandle, IsBadReadPtr, SetConsoleCtrlHandler

> USER32.dll: GetSystemMetrics, MsgWaitForMultipleObjects, PeekMessageW, IsWindowUnicode, GetMessageW, GetMessageA, MapWindowPoints, GetDlgItem, ShowWindow, RedrawWindow, SetWindowTextW, GetWindowLongW, LoadIconW, GetWindowTextLengthW, EndDialog, GetCursorPos, SetWindowPos, CreateDialogParamW, SendMessageW, SetWindowLongW, DestroyWindow, CharUpperW, UnregisterClassW, TranslateMessage, DispatchMessageW, DispatchMessageA, MessageBoxW, wvsprintfW, SetForegroundWindow, PostMessageW, DestroyMenu, GetClientRect, SystemParametersInfoW, GetWindowRect, GetWindow, GetParent, DialogBoxParamW, PostQuitMessage, DefWindowProcW, CallWindowProcW, GetKeyState, CreatePopupMenu, CharPrevW, AnimateWindow, TrackPopupMenu, UpdateWindow, AppendMenuW, CharNextW

> GDI32.dll: DeleteObject, CreateFontW

> SHELL32.dll: Shell_NotifyIconW

> ole32.dll: CoCreateInstance, CoTaskMemAlloc, CoInitializeEx, StringFromGUID2, CoUninitialize, CLSIDFromString, CoTaskMemRealloc, CoTaskMemFree

> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -

> SHLWAPI.dll: PathFindExtensionW, PathIsRootW

( 10 exports )

DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer, StateMgrMainW, TrayAppMainW, WLEventLogoff, WLEventShutdown, WLEventStartShell, WLEventStartup

RDS...: NSRL Reference Data Set

-

pdfid.: -

sigcheck:

publisher....: AutoProf_

copyright....: © 2004, AutoProf_. All rights reserved.

product......: Policy Maker Software Deployment Manager

description..: Policy Maker Software Deployment Manager

original name: sdmngr.dll

internal name: sdmngr.dll

file version.: 1.3.0.106

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

trid..: DirectShow filter (52.6%)

Windows OCX File (32.2%)

Win32 Executable MS Visual C++ (generic) (9.8%)

Win32 Executable Generic (2.2%)

Win32 Dynamic Link Library (generic) (1.9%)

others to follow

Link to post
Share on other sites

note to below: the firefoxsetup.exe I downloaded when I wanted firefox but did not install since I noticed that it was a different website.

After this there is one more reply

10 malware found

TrackingCookie.2o7 (spyware)

* System (Disinfected)

TrackingCookie.Advertising (spyware)

* System (Disinfected)

TrackingCookie.Atdmt (spyware)

* System (Disinfected)

TrackingCookie.Doubleclick (spyware)

* System (Disinfected)

TrackingCookie.Revsci (spyware)

* System (Disinfected)

TrackingCookie.Adbrite (spyware)

* System (Disinfected)

TrackingCookie.Webtrends (spyware)

* System (Disinfected)

TrackingCookie.Mediaplex (spyware)

* System (Disinfected)

TrackingCookie.Yieldmanager (spyware)

* System (Disinfected)

Trojan.Generic.2834912 (virus)

* C:\DOWNLOAD\FIREFOXSETUP.EXE (Renamed & Submitted)

Statistics

Scanned:

* Files: 55724

* System: 3603

* Not scanned: 6

Actions:

* Disinfected: 9

* Renamed: 1

* Deleted: 0

* Not cleaned: 0

* Submitted: 1

Files not scanned:

* C:\PAGEFILE.SYS

* C:\WINNT\SYSTEM32\CONFIG\DEFAULT

* C:\WINNT\SYSTEM32\CONFIG\SAM

* C:\WINNT\SYSTEM32\CONFIG\SECURITY

* C:\WINNT\SYSTEM32\CONFIG\SOFTWARE

* C:\WINNT\SYSTEM32\CONFIG\SYSTEM

Options

Scanning engines:

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR

* Use advanced heuristics

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.1

Windows XP Service Pack 3

``````````````````````````````

Antivirus/Firewall Check:

Symantec AntiVirus

Antivirus up to date!

``````````````````````````````

Anti-malware/Other Utilities Check:

Java 6 Update 17

Adobe Flash Player 10

Adobe Reader 9.1

``````````````````````````````

Process Check:

objlist.exe by Laurent

Symantec AntiVirus DefWatch.exe

``````````````````````````````

DNS Vulnerability Check:

nslookup.exe missing!

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Next I will see whether it all works again

Link to post
Share on other sites

google does not redirect anymore

remote desktop connection is back

but symatec still gets runtime error as in my earlier email.

PGoing into services symatec is stopped and when starting I get above error

Plus when I start combofix it detects antivirus: Live PC Care

and symatec.

so I can't stop antivirus (since it is already stopped in teh Services) and why is ther Live PC Care?

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterwards. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

Restart your computer and let me know specifically what issues remain.

-screen317

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.