Jump to content

Searches redirected & HJT log


cjo
 Share

Recommended Posts

Hi,

I have Windows XP and usually run Firefox. My searches through Google are being redirected to other sites. Sometimes I can use the back button to get to the site I actually wanted but not always. I've run Norton security, Malware Bytes and Ad aware but it's still happening.

Here is my HJT log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:25:53 PM, on 3/21/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16981)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Dell Network Assistant\hnm_svc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Dell Network Assistant\ezi_hnm2.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Cathie\Application Data\U3\0000187FC5725CC3\LaunchPad.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080118

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\Program Files\Virtual Account Numbers\BhoCitUS.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.DLL

O2 - BHO: Java

Link to post
Share on other sites

Here are the logs requested:

Malwarebytes' Anti-Malware 1.44

Database version: 3902

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

3/22/2010 8:20:40 PM

mbam-log-2010-03-22 (20-20-40).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 202857

Time elapsed: 57 minute(s), 4 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS (Ver_10-03-17.01) - NTFSx86

Run by Cathie at 20:22:56.60 on Mon 03/22/2010

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1167 [GMT -4:00]

AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Dell Network Assistant\hnm_svc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Dell Network Assistant\ezi_hnm2.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Cathie\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb

uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb

uDefault_Page_URL = hxxp://www.dellnet.com/

uStart Page = hxxp://www.google.com/

uWindow Title = Microsoft Internet Explorer provided by Comcast

mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: CitiUSBrowserHelper Class: {387edf53-1cf2-4523-bc2f-13462651be8c} - c:\program files\virtual account numbers\BhoCitUS.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\3.8.0.41\IPSBHO.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [<NO NAME>]

mRun: [ECenter] c:\dell\e-center\EULALauncher.exe

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellne~1.lnk - c:\windows\installer\{0240bdfb-2995-4a3f-8c96-18d41282b716}\Icon0240BDFB3.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

mPolicies-system: EnableLUA = 0 (0x0)

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: {DE700910-58F7-4D2E-B7E6-3BA2DA1B6806} - c:\progra~1\virtua~1\CitiVAN.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://chill.comcast.net/Gameshell/GameHost/1.0/OberonGameHost.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://www.shockwave.com/content/feedingfrenzy/sis/SproutLauncher.cab

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton security suite\engine\3.8.0.41\CoIEPlg.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\cathie\applic~1\mozilla\firefox\profiles\n47ixlez.default\

FF - prefs.js: browser.search.selectedEngine - Creative Commons

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll

FF - plugin: c:\documents and settings\all users\application data\realarcade\npraclient.dll

FF - plugin: c:\documents and settings\cathie\application data\mozilla\firefox\profiles\n47ixlez.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol305.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-21 64288]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-3-15 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-3-15 259632]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-3-15 482432]

R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100312.001\IDSXpx86.sys [2010-3-15 329592]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1263728]

R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\3.8.0.41\ccSvcHst.exe [2010-3-15 117640]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-3-15 102448]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100322.004\NAVENG.SYS [2010-3-22 84912]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100322.004\NAVEX15.SYS [2010-3-22 1324720]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-18 135664]

=============== Created Last 30 ================

2010-03-21 23:25:29 396288 ----a-w- C:\HijackThis.exe

2010-03-21 21:50:46 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-03-21 20:53:39 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-03-21 20:53:26 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-03-21 20:51:39 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

2010-03-21 20:51:28 0 d-----w- c:\program files\Lavasoft

2010-03-21 16:45:07 0 d-----w- C:\N360_BACKUP

2010-03-16 21:04:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec

2010-03-16 01:59:45 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2010-03-15 21:46:44 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys

2010-03-15 21:46:40 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-03-15 21:46:40 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-03-15 21:46:40 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-03-15 21:46:40 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-03-15 21:46:40 0 d-----w- c:\program files\Symantec

2010-03-15 21:46:40 0 d-----w- c:\program files\common files\Symantec Shared

2010-03-15 21:46:08 0 d-----w- c:\windows\system32\drivers\N360

2010-03-15 21:46:06 0 d-----w- c:\program files\Norton Security Suite

2010-03-15 21:46:05 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton

2010-03-15 21:45:57 0 d-----w- c:\program files\NortonInstaller

2010-03-15 21:45:57 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller

==================== Find3M ====================

2010-03-15 21:46:32 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys

2010-03-15 21:46:25 107368 ----a-r- c:\windows\system32\GEARAspi.dll

2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys

2009-12-31 15:33:06 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe

2009-12-31 15:33:06 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe

2008-08-06 14:43:45 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080620080807\index.dat

============= FINISH: 20:23:25.04 ===============

Link to post
Share on other sites

Hi,

Here is the ComboFix log and new DDS log as requested.

ComboFix 10-03-26.02 - Cathie 03/26/2010 17:33:41.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1571 [GMT -4:00]

Running from: c:\documents and settings\Cathie\My Documents\Downloads\ComboFix.exe

AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\BSTIEPrintCtl1.dll

c:\windows\system32\bszip.dll

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected

Restored copy from - c:\windows\ServicePackFiles\i386\atapi.sys

.

((((((((((((((((((((((((( Files Created from 2010-02-26 to 2010-03-26 )))))))))))))))))))))))))))))))

.

2010-03-21 23:25 . 2010-03-21 23:25 396288 ----a-w- C:\HijackThis.exe

2010-03-21 21:50 . 2010-03-21 20:53 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-03-21 20:53 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-03-21 20:53 . 2010-03-21 20:53 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-03-21 20:51 . 2010-03-21 20:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

2010-03-21 20:51 . 2010-03-21 20:51 -------- d-----w- c:\program files\Lavasoft

2010-03-21 16:45 . 2010-03-21 16:45 -------- d-----w- C:\N360_BACKUP

2010-03-16 21:04 . 2010-03-16 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2010-03-16 01:59 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2010-03-15 21:46 . 2010-03-15 21:46 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys

2010-03-15 21:46 . 2010-03-15 22:16 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-03-15 21:46 . 2010-03-15 21:46 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-03-15 21:46 . 2010-03-15 21:46 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-03-15 21:46 . 2010-03-15 21:46 -------- d-----w- c:\program files\Symantec

2010-03-15 21:46 . 2010-03-17 21:35 -------- d-----w- c:\windows\system32\drivers\N360

2010-03-15 21:46 . 2010-03-15 21:46 -------- d-----w- c:\program files\Norton Security Suite

2010-03-15 21:46 . 2010-03-15 21:46 -------- d-----w- c:\program files\Windows Sidebar

2010-03-15 21:46 . 2010-03-15 21:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2010-03-15 21:45 . 2010-03-15 21:45 -------- d-----w- c:\program files\NortonInstaller

2010-03-15 21:45 . 2010-03-15 21:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

2010-03-15 21:27 . 2010-03-15 21:27 -------- d-----w- c:\documents and settings\Cathie\Local Settings\Application Data\ICS

2010-03-03 22:11 . 2010-03-03 22:11 -------- d-----w- c:\documents and settings\Cathie\Local Settings\Application Data\kgdbju

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-26 21:39 . 2008-01-18 16:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-03-25 22:28 . 2008-05-12 01:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2010-03-22 00:27 . 2008-01-30 21:38 -------- d-----w- c:\documents and settings\Cathie\Application Data\U3

2010-03-21 20:52 . 2008-01-18 16:51 -------- d-----w- c:\program files\Google

2010-03-21 20:51 . 2008-05-29 03:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-03-21 18:22 . 2009-12-27 23:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-03-21 18:21 . 2010-03-21 18:21 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-03-15 21:46 . 2010-03-15 21:46 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-03-15 21:46 . 2010-03-15 21:46 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-03-15 21:46 . 2008-01-29 16:01 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys

2010-03-15 21:46 . 2010-03-15 21:46 1291104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll

2010-03-15 21:46 . 2010-03-15 21:46 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll

2010-03-15 21:46 . 2008-01-29 16:02 107368 ----a-r- c:\windows\system32\GEARAspi.dll

2010-03-15 21:46 . 2010-03-15 21:46 776952 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll

2010-03-15 21:44 . 2008-01-18 16:52 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-03-15 07:16 . 2010-03-25 20:45 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100325.002\NAVENG.SYS

2010-03-15 07:16 . 2010-03-25 20:45 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100325.002\EECTRL.SYS

2010-03-15 07:16 . 2010-03-25 20:45 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100325.002\ECMSVR32.DLL

2010-03-15 07:16 . 2010-03-25 20:45 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100325.002\NAVENG32.DLL

2010-03-15 07:16 . 2010-03-25 20:45 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100325.002\NAVEX32A.DLL

2010-03-15 07:16 . 2010-03-25 20:45 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100325.002\NAVEX15.SYS

2010-03-15 07:16 . 2010-03-25 20:45 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100325.002\ERASER.SYS

2010-03-15 07:16 . 2010-03-25 20:45 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100325.002\CCERASER.DLL

2010-02-14 18:26 . 2010-02-14 18:26 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

2010-02-14 18:26 . 2008-01-18 16:56 -------- d-----w- c:\program files\Microsoft Works

2010-02-12 22:27 . 2010-02-12 22:27 -------- d-----w- c:\program files\Microsoft Silverlight

2010-02-12 21:41 . 2010-03-26 21:39 558448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll

2010-02-04 15:53 . 2010-03-21 20:51 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe

2010-02-01 23:20 . 2010-03-26 21:39 165240 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll

2010-01-07 20:07 . 2009-12-27 23:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-07 20:07 . 2009-12-27 23:48 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-05 10:00 . 2004-08-10 18:51 832512 ----a-w- c:\windows\system32\wininet.dll

2010-01-05 10:00 . 2004-08-10 18:51 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-01-05 10:00 . 2004-08-10 18:50 17408 ------w- c:\windows\system32\corpol.dll

2009-12-31 16:50 . 2004-08-10 18:51 353792 ----a-w- c:\windows\system32\drivers\srv.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-18 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-28 8429568]

"RTHDCPL"="RTHDCPL.EXE" [2007-07-22 16132608]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]

"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2008-1-18 7168]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-1-18 49152]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk

backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Citi Virtual Account Numbers]

2007-12-07 19:52 270336 ----a-w- c:\progra~1\VIRTUA~1\CitiVAN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2008-01-18 16:52 1838592 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

2004-05-12 20:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2004-02-12 18:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

2004-04-06 10:28 172032 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]

2004-06-07 04:42 659456 ----a-w- c:\windows\system32\hphmon06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]

2004-06-07 04:53 49152 ----a-w- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2008-06-02 15:13 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]

2006-10-20 23:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

2006-08-17 15:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]

2006-11-05 17:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2008-01-18 16:51 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol

"10426:UDP"= 10426:UDP:SingleClick ICC

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/21/2010 4:53 PM 64288]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [3/15/2010 6:54 PM 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [3/15/2010 6:54 PM 259632]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [3/15/2010 6:54 PM 482432]

R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100326.001\IDSXpx86.sys [3/26/2010 10:09 AM 329592]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1263728]

R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [3/15/2010 6:54 PM 117640]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/15/2010 7:55 PM 102448]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/18/2009 8:31 PM 135664]

.

Contents of the 'Scheduled Tasks' folder

2010-03-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 20:53]

2010-03-22 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-03-26 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-18 00:09]

2010-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 00:31]

2010-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 00:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

Trusted Zone: internet

Trusted Zone: mcafee.com

FF - ProfilePath - c:\documents and settings\Cathie\Application Data\Mozilla\Firefox\Profiles\n47ixlez.default\

FF - prefs.js: browser.search.selectedEngine - Creative Commons

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll

FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll

FF - plugin: c:\documents and settings\All Users\Application Data\RealArcade\npraclient.dll

FF - plugin: c:\documents and settings\Cathie\Application Data\Mozilla\Firefox\Profiles\n47ixlez.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol305.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

- - - - ORPHANS REMOVED - - - -

SafeBoot-mcmscsvc

SafeBoot-MCODS

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-26 17:40

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1124)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Roxio\Drag-to-Disc\Shellex.dll

c:\windows\system32\DLAAPI_W.DLL

c:\windows\system32\CDRTC.DLL

c:\program files\Roxio\Drag-to-Disc\ShellRes.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Dell Network Assistant\hnm_svc.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\RTHDCPL.EXE

c:\program files\Dell Network Assistant\ezi_hnm2.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\wscntfy.exe

c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

.

**************************************************************************

.

Completion time: 2010-03-26 17:44:26 - machine was rebooted

ComboFix-quarantined-files.txt 2010-03-26 21:44

Pre-Run: 224,692,056,064 bytes free

Post-Run: 224,684,617,728 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - E33CBECF218901A51858979316D1DDDD

DDS (Ver_10-03-17.01) - NTFSx86

Run by Cathie at 17:47:02.84 on Fri 03/26/2010

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1407 [GMT -4:00]

AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Dell Network Assistant\hnm_svc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Dell Network Assistant\ezi_hnm2.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Cathie\My Documents\Downloads\dds (1).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: CitiUSBrowserHelper Class: {387edf53-1cf2-4523-bc2f-13462651be8c} - c:\program files\virtual account numbers\BhoCitUS.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\3.8.0.41\IPSBHO.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [ECenter] c:\dell\e-center\EULALauncher.exe

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellne~1.lnk - c:\windows\installer\{0240bdfb-2995-4a3f-8c96-18d41282b716}\Icon0240BDFB3.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: {DE700910-58F7-4D2E-B7E6-3BA2DA1B6806} - c:\progra~1\virtua~1\CitiVAN.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://chill.comcast.net/Gameshell/GameHost/1.0/OberonGameHost.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://www.shockwave.com/content/feedingfrenzy/sis/SproutLauncher.cab

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton security suite\engine\3.8.0.41\CoIEPlg.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\cathie\applic~1\mozilla\firefox\profiles\n47ixlez.default\

FF - prefs.js: browser.search.selectedEngine - Creative Commons

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll

FF - plugin: c:\documents and settings\all users\application data\realarcade\npraclient.dll

FF - plugin: c:\documents and settings\cathie\application data\mozilla\firefox\profiles\n47ixlez.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol305.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-21 64288]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-3-15 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-3-15 259632]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-3-15 482432]

R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100326.001\IDSXpx86.sys [2010-3-26 329592]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1263728]

R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\3.8.0.41\ccSvcHst.exe [2010-3-15 117640]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-3-15 102448]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-18 135664]

S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100325.002\NAVENG.SYS [2010-3-25 84912]

S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100325.002\NAVEX15.SYS [2010-3-25 1324720]

=============== Created Last 30 ================

2010-03-26 21:30:39 0 d-sha-r- C:\cmdcons

2010-03-26 21:28:41 98816 ----a-w- c:\windows\sed.exe

2010-03-26 21:28:41 77312 ----a-w- c:\windows\MBR.exe

2010-03-26 21:28:41 261632 ----a-w- c:\windows\PEV.exe

2010-03-26 21:28:41 161792 ----a-w- c:\windows\SWREG.exe

2010-03-21 23:25:29 396288 ----a-w- C:\HijackThis.exe

2010-03-21 21:50:46 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-03-21 20:53:39 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-03-21 20:53:26 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-03-21 20:51:39 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

2010-03-21 20:51:28 0 d-----w- c:\program files\Lavasoft

2010-03-21 16:45:07 0 d-----w- C:\N360_BACKUP

2010-03-16 21:04:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec

2010-03-16 01:59:45 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2010-03-15 21:46:44 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys

2010-03-15 21:46:40 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-03-15 21:46:40 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-03-15 21:46:40 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-03-15 21:46:40 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-03-15 21:46:40 0 d-----w- c:\program files\Symantec

2010-03-15 21:46:40 0 d-----w- c:\program files\common files\Symantec Shared

2010-03-15 21:46:08 0 d-----w- c:\windows\system32\drivers\N360

2010-03-15 21:46:06 0 d-----w- c:\program files\Norton Security Suite

2010-03-15 21:46:05 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton

2010-03-15 21:45:57 0 d-----w- c:\program files\NortonInstaller

2010-03-15 21:45:57 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller

==================== Find3M ====================

2010-03-15 21:46:32 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys

2010-03-15 21:46:25 107368 ----a-r- c:\windows\system32\GEARAspi.dll

2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys

2009-12-31 15:33:06 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe

2009-12-31 15:33:06 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe

2008-08-06 14:43:45 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080620080807\index.dat

============= FINISH: 17:47:10.12 ===============

Appreciate all of your help! Will await your further instructions.

Cathie

Link to post
Share on other sites

  • Staff

Hi,

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

I ran the F-secure Online scanner and the Security Check and here are the reports. I did a couple of test searches on Google in Firefox and everything seems to be okay with that. However, as I tried to post this reply initially, my whole system seemed to lock up. Nothing would load but I was able to exit all programs. The computer wouldn't shut down or restart so I manually shut it down and restarted.

Also, do I need to save any of the things I've downloaded (programs or reports)? I get Norton 360 free with my Comcast internet, so thats what I use. Do you recommend any other programs to use in conjunction with it? Or ones to avoid for that matter. Or do I only need them if I run into a problem?

I really appreciate all of your help with this. Computers can be confusing and sometimes scary if you don't know so much about them!

Cathie

Scanning Report

Sunday, March 28, 2010 16:30:48 - 17:09:50

Computer name: VOSTRO400

Scanning type: Scan system for malware, spyware and rootkits

Target: C:\

No malware found

Statistics

Scanned:

* Files: 52959

* System: 3807

* Not scanned: 16

Link to post
Share on other sites

  • Staff

Hi,

Also, do I need to save any of the things I've downloaded (programs or reports)? I get Norton 360 free with my Comcast internet, so thats what I use. Do you recommend any other programs to use in conjunction with it? Or ones to avoid for that matter. Or do I only need them if I run into a problem?
Norton360 isn't that great, but free is hard to beat.. :) I can offer you a great protection lineup for free which I believe far exceeds Norton...

The tools you have run during this topic (such as ComboFix) are specialized tools that I do not recommend keeping. We will actually be removing them when we are all done.

Please run my SecurityCheck application as outlined above, and we will take it from there.

-screen317

Link to post
Share on other sites

Please run my SecurityCheck application as outlined above, and we will take it from there.

-screen317

Sorry about that. I had actually run the two, but I guess when I tried to re-post, I cut part of the reports off. Here they are again:

Scanning Report

Sunday, March 28, 2010 16:30:48 - 17:09:50

Computer name: VOSTRO400

Scanning type: Scan system for malware, spyware and rootkits

Target: C:\

No malware found

Statistics

Scanned:

* Files: 52959

* System: 3807

* Not scanned: 16

Actions:

* Disinfected: 0

* Renamed: 0

* Deleted: 0

* Not cleaned: 0

* Submitted: 0

Files not scanned:

* C:\HIBERFIL.SYS

* C:\PAGEFILE.SYS

* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

* C:\WINDOWS\SYSTEM32\CONFIG\SAM

* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

* C:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE

* C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP560\A0053654.SYS

* C:\DOCUMENTS AND SETTINGS\CATHIE\LOCAL SETTINGS\TEMP\HSPERFDATA_CATHIE\140

* C:\DOCUMENTS AND SETTINGS\CATHIE\LOCAL SETTINGS\TEMP\HSPERFDATA_CATHIE\3880

* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COMMON CLIENT\_LCK\_AVPAPP_{BB639333-810A-4BF8-85F5-C537857F55FC}0

* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COMMON CLIENT\_LCK\_ISDATAPR_{FF9AC67A-E394-46AE-B150-B3365343F166}G

* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COMMON CLIENT\_LCK\_NPC.TRAY.{1AFE47BB-FCF1-4096-9039-1FEBC9A0CCCF}0

* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COMMON CLIENT\_LCK\_ISDATAPR_{E8EFD4CD-DE52-4444-9511-EFF3B158724B}0

* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COMMON CLIENT\_LCK\_UI.HOST.{1AFE47BB-FCF1-4096-9039-1FEBC9A0CCCF}0

Options

Scanning engines:

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR

* Use advanced heuristics

Results of screen317's Security Check version 0.99.2

Windows XP Service Pack 3

Internet Explorer 7 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

```````````````````````````````

Anti-malware/Other Utilities Check:

Ad-Aware

Malwarebytes' Anti-Malware

HijackThis 2.0.2

Java 6 Update 11

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

Out of date Java installed!

Adobe Flash Player 10

Adobe Reader 8.1.2

Adobe Reader 8.1.2 Security Update 1 (KB403742)

Out of date Adobe Reader installed!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Norton ccSvcHst.exe

Ad-Aware AAWService.exe

Ad-Aware AAWTray.exe

````````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Cathie

Link to post
Share on other sites

  • Staff

Hi Cathie,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

Adobe Reader 8.1.2

Java

Link to post
Share on other sites

  • Staff

Hi Cathie,

I highly recommend upgrading to the PRO version of MBAM; it will keep you protected from malware and one license will protect this computer for life.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Download and install IE-Spyad, which will place over 5000 'bad' sites on your Internet Explorer Restricted List. A tutorial on it can be found here.

3) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

4) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

5) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

6) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.