Jump to content

Recommended Posts

Some Google search results are being redirected in both IE and Firefox. Chrome seems unaffected. Nothing was found by Virus Scan or Malwarebytes.

Logs below.

Thanks,

Solus

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/2/2010 8:15:32 AM

mbam-log-2010-05-02 (08-15-32).txt

Scan type: Quick scan

Objects scanned: 138429

Time elapsed: 19 minute(s), 8 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS (Ver_10-03-17.01) - NTFSx86

Run by Meera Gill at 21:21:52.70 on Mon 05/03/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.231 [GMT -4:00]

AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Command Software\dvpapi.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe

C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe

C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Meera Gill\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = <local>

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: ElnkScamBHO Class: {15f4d456-5baa-4076-8486-eecb38cd3e57} - c:\program files\earthlink totalaccess\toolbar\EScamBlk.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: ElnkPubBHO Class: {512acf1b-64d9-4928-b382-a80556f28db4} - c:\program files\earthlink totalaccess\toolbar\ElnkPuB.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\3.8.0.41\IPSBHO.DLL

BHO: ElnkProtectionBHO Class: {9579d574-d4d8-4335-9560-fe8641a013bd} - c:\program files\earthlink totalaccess\toolbar\ProtctIE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: ElnkLegacyUninstBHO Class: {e713904c-df05-4c79-bbad-02db923253be} - c:\program files\earthlink totalaccess\toolbar\uninsttb.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File

TB: EarthLink Toolbar: {c7768536-96f8-4001-b1a2-90ee21279187} - c:\program files\earthlink totalaccess\toolbar\Toolbar.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll

TB: {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\meera gill\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [intelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe

mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"

mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r

mRun: [Dell Photo AIO Printer 922] "c:\program files\dell photo aio printer 922\dlbtbmgr.exe"

mRun: [DLBTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBTtime.dll,_RunDLLEntry@16

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter

StartupFolder: c:\docume~1\meerag~1\startm~1\programs\startup\seagat~1.lnk - c:\documents and settings\meera gill\application data\leadertech\powerregister\Seagate 2GHJLLZ3 Product Registration.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/viewers/ipixx.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab

DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5892/mcfscan.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton security suite\engine\3.8.0.41\CoIEPlg.dll

Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\meerag~1\applic~1\mozilla\firefox\profiles\vy60qra0.default\

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll

FF - plugin: c:\documents and settings\meera gill\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-2-14 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-2-14 259632]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-2-14 482432]

R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100429.001\IDSXpx86.sys [2010-5-3 329592]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100503.021\NAVENG.SYS [2010-5-3 84912]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100503.021\NAVEX15.SYS [2010-5-3 1324720]

R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2007-12-26 272128]

S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2005-8-25 547744]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-2-15 38224]

S3 USR;U.S. Robotics Wireless Access 802.11b Driver;c:\windows\system32\drivers\USRNDS.sys [2002-4-25 51712]

=============== Created Last 30 ================

2010-05-04 01:20:16 0 ----a-w- c:\documents and settings\meera gill\defogger_reenable

==================== Find3M ====================

2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-31 10:01:06 47116 ----a-w- c:\docume~1\meerag~1\applic~1\wklnhst.dat

2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll

2010-02-25 15:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll

2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys

2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe

2010-02-17 13:10:28 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-17 13:10:28 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe

2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe

2010-02-16 13:25:04 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe

2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe

2010-02-14 04:33:45 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-02-14 04:32:23 107368 ----a-r- c:\windows\system32\GEARAspi.dll

2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll

2010-02-12 04:33:11 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll

2010-02-11 12:02:15 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys

2008-09-11 01:49:19 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091020080911\index.dat

============= FINISH: 21:23:34.37 ===============

Attach.zip

Link to post
Share on other sites

  • Staff

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • 1.Please do not run any other tool untill instructed to do so!
    2.Please reply to this thread, do not start another!
    3.Please tell me about any problems that have occurred during the fix.
    4.Please tell me of any other symptoms you may be having as these can help also.
    5.Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

The ark report was blank I would like you to rerun it again for me thanks - use the settings that I have below

Gmer

Download GMER Rootkit Scanner from here.

  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
    GMER_2.png
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)

    [*]Then click the Scan button & wait for it to finish

    [*]Once done click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file

    [*]Save it where you can easily find it, such as your desktop, and post it in reply

**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.

Please send me the report when complete or if you have problems come back here and let me know

gringo

Link to post
Share on other sites

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-05-03 22:07:36

Windows 5.1.2600 Service Pack 3

Running: e5h0orde.exe; Driver: C:\DOCUME~1\MEERAG~1\LOCALS~1\Temp\uxtdypob.sys

---- System - GMER 1.0.15 ----

SSDT 8295D570 ZwAlertResumeThread

SSDT 8290B5C0 ZwAlertThread

SSDT 82936178 ZwAllocateVirtualMemory

SSDT 829C7AF0 ZwAssignProcessToJobObject

SSDT 82D7B370 ZwConnectPort

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xEF128130]

SSDT 829030F8 ZwCreateMutant

SSDT 828E8510 ZwCreateSymbolicLinkObject

SSDT 82A6B9F8 ZwCreateThread

SSDT 829C5340 ZwDebugActiveProcess

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xEF1283B0]

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xEF128910]

SSDT 828AD0A0 ZwDuplicateObject

SSDT 82936058 ZwFreeVirtualMemory

SSDT 829AC1F8 ZwImpersonateAnonymousToken

SSDT 82A0C540 ZwImpersonateThread

SSDT 82A25170 ZwLoadDriver

SSDT 82A610C8 ZwMapViewOfSection

SSDT 829B69B8 ZwOpenEvent

SSDT 828AD008 ZwOpenProcess

SSDT 8293F1C8 ZwOpenProcessToken

SSDT 829D8958 ZwOpenSection

SSDT 828AD130 ZwOpenThread

SSDT 828E85E0 ZwProtectVirtualMemory

SSDT 82A44998 ZwResumeThread

SSDT 8293DE78 ZwSetContextThread

SSDT 82787198 ZwSetInformationProcess

SSDT 829D9A08 ZwSetSystemInformation

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xEF128B60]

SSDT 829D6E78 ZwSuspendProcess

SSDT 82975F00 ZwSuspendThread

SSDT 82A3E0E8 ZwTerminateProcess

SSDT 828C8690 ZwTerminateThread

SSDT 82A3E530 ZwUnmapViewOfSection

SSDT 829360E8 ZwWriteVirtualMemory

Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) ZwClose [0xEE806B4C]

Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) ZwCreateSection [0xEE806DB7]

Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) ZwSetInformationFile [0xEE806235]

Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) ZwWriteFile [0xEE805E81]

Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) IoCreateFile

Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) NtClose

Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) NtCreateSection

Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) NtSetInformationFile

Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) NtWriteFile

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 450 804E2ABC 8 Bytes CALL 10D0CEA1

.text ntoskrnl.exe!_abnormal_termination + 4A0 804E2B0C 4 Bytes CALL 36D0BE71

PAGE ntoskrnl.exe!NtCreateSection 805652B3 7 Bytes JMP EE806DBB \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.)

PAGE ntoskrnl.exe!NtClose 805678CD 5 Bytes JMP EE806B50 \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.)

PAGE ntoskrnl.exe!IoCreateFile 8056CE43 5 Bytes JMP EE8059AA \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.)

PAGE ntoskrnl.exe!NtSetInformationFile 80574B2A 5 Bytes JMP EE806239 \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.)

PAGE ntoskrnl.exe!NtWriteFile 80574DD5 7 Bytes JMP EE805E85 \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.)

? SYMEFA.SYS The system cannot find the file specified. !

init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF8A43760]

init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF7460F80]

PAGE Fastfat.SYS EE7D49C8 7 Bytes JMP EE80739E \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Java\jre6\bin\jqs.exe[156] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00C72862

.text C:\Program Files\Java\jre6\bin\jqs.exe[156] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C726EE

.text C:\Program Files\Java\jre6\bin\jqs.exe[156] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00C727E0

.text C:\Program Files\Java\jre6\bin\jqs.exe[156] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00C72726

.text C:\Program Files\Java\jre6\bin\jqs.exe[156] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00C7275E

.text C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe[184] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 010E2862

.text C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe[184] ws2_32.dll!send 71AB4C27 5 Bytes JMP 010E26EE

.text C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe[184] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 010E27E0

.text C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe[184] ws2_32.dll!recv 71AB676F 5 Bytes JMP 010E2726

.text C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe[184] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 010E275E

.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[312] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 02032862

.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[312] WS2_32.dll!send 71AB4C27 5 Bytes JMP 020326EE

.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[312] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 020327E0

.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[312] WS2_32.dll!recv 71AB676F 5 Bytes JMP 02032726

.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[312] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0203275E

.text C:\WINDOWS\system32\wdfmgr.exe[628] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00A72862

.text C:\WINDOWS\system32\wdfmgr.exe[628] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00A726EE

.text C:\WINDOWS\system32\wdfmgr.exe[628] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00A727E0

.text C:\WINDOWS\system32\wdfmgr.exe[628] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00A72726

.text C:\WINDOWS\system32\wdfmgr.exe[628] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00A7275E

.text C:\WINDOWS\system32\dla\tfswctrl.exe[728] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E72862

.text C:\WINDOWS\system32\dla\tfswctrl.exe[728] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E726EE

.text C:\WINDOWS\system32\dla\tfswctrl.exe[728] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E727E0

.text C:\WINDOWS\system32\dla\tfswctrl.exe[728] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E72726

.text C:\WINDOWS\system32\dla\tfswctrl.exe[728] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E7275E

.text C:\Program Files\Dell\Media Experience\PCMService.exe[1304] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 020B2862

.text C:\Program Files\Dell\Media Experience\PCMService.exe[1304] ws2_32.dll!send 71AB4C27 5 Bytes JMP 020B26EE

.text C:\Program Files\Dell\Media Experience\PCMService.exe[1304] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 020B27E0

.text C:\Program Files\Dell\Media Experience\PCMService.exe[1304] ws2_32.dll!recv 71AB676F 5 Bytes JMP 020B2726

.text C:\Program Files\Dell\Media Experience\PCMService.exe[1304] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 020B275E

.text C:\WINDOWS\Explorer.EXE[1592] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 023A2862

.text C:\WINDOWS\Explorer.EXE[1592] ws2_32.dll!send 71AB4C27 5 Bytes JMP 023A26EE

.text C:\WINDOWS\Explorer.EXE[1592] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 023A27E0

.text C:\WINDOWS\Explorer.EXE[1592] ws2_32.dll!recv 71AB676F 5 Bytes JMP 023A2726

.text C:\WINDOWS\Explorer.EXE[1592] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 023A275E

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 15, 00]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 15, 00]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 15, 00]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EB1A

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 15, 00]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 15, 00]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 15, 00]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EB8B

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 15, 00]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90ECB9

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 15, 00]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 15, 00]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]

.text C:\Program Files\Common Files\Command Software\dvpapi.exe[2032] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00692862

.text C:\Program Files\Common Files\Command Software\dvpapi.exe[2032] WS2_32.dll!send 71AB4C27 5 Bytes JMP 006926EE

.text C:\Program Files\Common Files\Command Software\dvpapi.exe[2032] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 006927E0

.text C:\Program Files\Common Files\Command Software\dvpapi.exe[2032] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00692726

.text C:\Program Files\Common Files\Command Software\dvpapi.exe[2032] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0069275E

.text C:\WINDOWS\system32\hkcmd.exe[2056] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00D92862

.text C:\WINDOWS\system32\hkcmd.exe[2056] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D926EE

.text C:\WINDOWS\system32\hkcmd.exe[2056] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00D927E0

.text C:\WINDOWS\system32\hkcmd.exe[2056] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00D92726

.text C:\WINDOWS\system32\hkcmd.exe[2056] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00D9275E

.text C:\WINDOWS\system32\igfxpers.exe[2204] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00D82862

.text C:\WINDOWS\system32\igfxpers.exe[2204] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D826EE

.text C:\WINDOWS\system32\igfxpers.exe[2204] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00D827E0

.text C:\WINDOWS\system32\igfxpers.exe[2204] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00D82726

.text C:\WINDOWS\system32\igfxpers.exe[2204] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00D8275E

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2312] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 012E2862

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2312] WS2_32.dll!send 71AB4C27 5 Bytes JMP 012E26EE

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2312] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 012E27E0

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2312] WS2_32.dll!recv 71AB676F 5 Bytes JMP 012E2726

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2312] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 012E275E

.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[2364] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00992862

.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[2364] WS2_32.dll!send 71AB4C27 5 Bytes JMP 009926EE

.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[2364] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 009927E0

.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[2364] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00992726

.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[2364] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0099275E

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E42862

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E426EE

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E427E0

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E42726

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E4275E

.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2648] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 04182862

.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2648] WS2_32.dll!send 71AB4C27 5 Bytes JMP 041826EE

.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2648] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 041827E0

.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2648] WS2_32.dll!recv 71AB676F 5 Bytes JMP 04182726

.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2648] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0418275E

.text C:\Documents and Settings\Meera Gill\Desktop\e5h0orde.exe[2932] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01002862

.text C:\Documents and Settings\Meera Gill\Desktop\e5h0orde.exe[2932] WS2_32.dll!send 71AB4C27 5 Bytes JMP 010026EE

.text C:\Documents and Settings\Meera Gill\Desktop\e5h0orde.exe[2932] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 010027E0

.text C:\Documents and Settings\Meera Gill\Desktop\e5h0orde.exe[2932] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01002726

.text C:\Documents and Settings\Meera Gill\Desktop\e5h0orde.exe[2932] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0100275E

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3376] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01292862

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3376] WS2_32.dll!send 71AB4C27 5 Bytes JMP 012926EE

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3376] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 012927E0

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3376] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01292726

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3376] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0129275E

.text C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe[3660] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01092862

.text C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe[3660] ws2_32.dll!send 71AB4C27 5 Bytes JMP 010926EE

.text C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe[3660] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 010927E0

.text C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe[3660] ws2_32.dll!recv 71AB676F 5 Bytes JMP 01092726

.text C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe[3660] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0109275E

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 15, 00]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 15, 00]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 15, 00]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EB1A

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 15, 00]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 15, 00]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 15, 00]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EB8B

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 15, 00]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90ECB9

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 15, 00]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 15, 00]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 15, 00]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 15, 00]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 15, 00]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EB1A

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 15, 00]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 15, 00]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 15, 00]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EB8B

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 15, 00]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90ECB9

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 15, 00]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 15, 00]

.text C:\Documents and Settings\Meera Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]

.text C:\WINDOWS\System32\alg.exe[4040] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00B62862

.text C:\WINDOWS\System32\alg.exe[4040] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B626EE

.text C:\WINDOWS\System32\alg.exe[4040] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00B627E0

.text C:\WINDOWS\System32\alg.exe[4040] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00B62726

.text C:\WINDOWS\System32\alg.exe[4040] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B6275E

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 FF393158

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 FF393158

Device \Driver\atapi \Device\Ide\IdePort0 FF393158

Device \Driver\atapi \Device\Ide\IdePort1 FF393158

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f FF393158

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sector 11: rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

---- EOF - GMER 1.0.15 ----

name='gringo_pr' date='May 4 2010, 10:16 AM' post='244413']

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • 1.Please do not run any other tool untill instructed to do so!
    2.Please reply to this thread, do not start another!
    3.Please tell me about any problems that have occurred during the fix.
    4.Please tell me of any other symptoms you may be having as these can help also.
    5.Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

The ark report was blank I would like you to rerun it again for me thanks - use the settings that I have below

Gmer

Download GMER Rootkit Scanner from here.

  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
    GMER_2.png
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)

    [*]Then click the Scan button & wait for it to finish

    [*]Once done click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file

    [*]Save it where you can easily find it, such as your desktop, and post it in reply

**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.

Please send me the report when complete or if you have problems come back here and let me know

gringo

Link to post
Share on other sites

  • Staff

Hello

Run Combofix:

  • Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:
  • The Recovery Console was successfully installed.

Please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the report in your next post:

C:\ComboFix.txt

"information and logs"

  • In your next post I need the following
  1. Log from Combofix
  2. let me know of any problems you may have had
  3. How is the computer doing now?

Gringo

Link to post
Share on other sites

No problems running combo fix,

searches seem to be running properly.

Thanks for the help. Anything else I need to do?

ComboFix 10-05-04.06 - Meera Gill 05/05/2010 8:45.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.259 [GMT -4:00]

Running from: c:\documents and settings\Meera Gill\Desktop\ComboFix.exe

AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\WindowsUpdate

c:\windows\Fonts\acrsec.fon

c:\windows\system32\logs

.

original MBR restored successfully !

.

((((((((((((((((((((((((( Files Created from 2010-04-05 to 2010-05-05 )))))))))))))))))))))))))))))))

.

No new files created in this timespan

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-02 11:56 . 2010-02-16 02:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-02 11:05 . 2005-02-22 00:14 -------- d-----w- c:\program files\Dl_cats

2010-04-29 19:39 . 2010-02-16 02:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 19:39 . 2010-02-16 02:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-28 01:39 . 2008-04-02 00:34 -------- d-----w- c:\documents and settings\Meera Gill\Application Data\OpenOffice.org2

2010-03-31 10:01 . 2005-02-22 00:05 47116 ----a-w- c:\documents and settings\Meera Gill\Application Data\wklnhst.dat

2010-03-30 20:01 . 2008-09-04 00:06 -------- d-----w- c:\documents and settings\Meera Gill\Application Data\skypePM

2010-03-22 02:07 . 2008-09-04 00:05 -------- d-----w- c:\documents and settings\Meera Gill\Application Data\Skype

2010-03-10 06:15 . 2004-08-04 11:00 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-02-25 06:24 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-24 13:11 . 2004-08-04 11:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-17 13:10 . 2004-08-04 11:00 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-16 13:25 . 2004-08-04 11:00 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-16 02:31 . 2008-09-04 00:07 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2010-02-14 04:33 . 2010-02-14 04:33 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-02-14 04:33 . 2010-02-14 04:33 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-02-14 04:32 . 2010-02-14 06:41 217136 ----a-w- c:\windows\system32\drivers\symtdi.sys

2010-02-14 04:32 . 2010-02-14 06:41 310320 ----a-w- c:\windows\system32\drivers\SymEFA.sys

2010-02-14 04:32 . 2010-02-14 06:41 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys

2010-02-14 04:32 . 2010-02-14 04:34 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys

2010-02-14 04:32 . 2010-02-14 06:41 482432 ----a-w- c:\windows\system32\drivers\cchpx86.sys

2010-02-14 04:32 . 2010-02-14 06:41 259632 ----a-w- c:\windows\system32\drivers\BHDrvx86.sys

2010-02-14 04:32 . 2010-02-14 04:35 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys

2010-02-14 04:32 . 2010-02-14 04:35 107368 ----a-r- c:\windows\system32\GEARAspi.dll

2010-02-12 04:33 . 2004-08-04 11:00 100864 ----a-w- c:\windows\system32\6to4svc.dll

2010-02-11 12:02 . 2004-08-04 11:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\Meera Gill\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-19 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]

"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]

"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]

"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]

"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-11-10 290816]

"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 69632]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]

"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-12-06 50688]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

c:\documents and settings\Meera Gill\Start Menu\Programs\Startup\

Seagate 2GHJLLZ3 Product Registration.lnk - c:\documents and settings\Meera Gill\Application Data\Leadertech\PowerRegister\Seagate 2GHJLLZ3 Product Registration.exe [2009-8-8 1731736]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Abacast\\Abaclient.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support

"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

"2479:TCP"= 2479:TCP:Services

"3246:TCP"= 3246:TCP:Services

"3389:TCP"= 3389:TCP:Remote Desktop

"4490:TCP"= 4490:TCP:Services

"8101:TCP"= 8101:TCP:Services

"8100:TCP"= 8100:TCP:Services

"7382:TCP"= 7382:TCP:Services

"7383:TCP"= 7383:TCP:Services

"3368:TCP"= 3368:TCP:Services

"5236:TCP"= 5236:TCP:Services

"7538:TCP"= 7538:TCP:Services

"7539:TCP"= 7539:TCP:Services

"3273:TCP"= 3273:TCP:Services

"5046:TCP"= 5046:TCP:Services

"4117:TCP"= 4117:TCP:Services

"6734:TCP"= 6734:TCP:Services

R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\N360\0308000.029\SymEFA.sys [2/14/2010 2:41 AM 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\SYSTEM32\DRIVERS\N360\0308000.029\BHDrvx86.sys [2/14/2010 2:41 AM 259632]

R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\N360\0308000.029\cchpx86.sys [2/14/2010 2:41 AM 482432]

R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100429.001\IDSXpx86.sys [5/3/2010 4:45 PM 329592]

R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [2/14/2010 2:41 AM 117640]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/3/2010 7:02 PM 102448]

R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\SYSTEM32\DRIVERS\wg111v2.sys [12/26/2007 3:47 AM 272128]

S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\SYSTEM32\DRIVERS\A3AB.sys [8/25/2005 3:00 PM 547744]

S3 USR;U.S. Robotics Wireless Access 802.11b Driver;c:\windows\SYSTEM32\DRIVERS\USRNDS.sys [4/25/2002 10:43 PM 51712]

.

Contents of the 'Scheduled Tasks' folder

2010-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2489869351-3332351380-1060126412-1006Core.job

- c:\documents and settings\Meera Gill\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-19 06:18]

2010-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2489869351-3332351380-1060126412-1006UA.job

- c:\documents and settings\Meera Gill\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-19 06:18]

2005-02-21 c:\windows\Tasks\ISP signup reminder 1.job

- c:\windows\system32\OOBE\OOBEBALN.EXE [2004-08-04 00:12]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = <local>

FF - ProfilePath - c:\documents and settings\Meera Gill\Application Data\Mozilla\Firefox\Profiles\vy60qra0.default\

FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll

FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll

FF - plugin: c:\documents and settings\Meera Gill\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-05 08:54

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"

.

Completion time: 2010-05-05 09:03:28

ComboFix-quarantined-files.txt 2010-05-05 13:03

Pre-Run: 5,586,096,128 bytes free

Post-Run: 5,558,554,624 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 18E4C3F6E3AA8A8CF9963E48626B0FD6

Link to post
Share on other sites

  • Staff

Hello

Looks like you might have a stubbern rootkit on here lets fix that first

HelpAsst_mebroot_fix

  • Please download HelpAsst_mebroot_fix.exe and save it to your desktop.
  • Close out all other open programs and windows.
  • Double click the file to run it and follow any prompts.
  • If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer.
  • Upon restarting, please wait about 5 minutes, click Start>Run and type the following bolded command, then hit Enter.
    • helpasst -mbrt

    [*]Make sure you leave a space between helpasst and -mbrt !

    [*]When it completes, a log will open.

    [*]Please post the contents of that log.

*Note*In the event the tool does not detect an mbr infection and completes, click Start>Run and type the following bolded command, then hit Enter.

  • mbr -f
  • Now, please do the Start>Run>mbr -f command a second time.
  • Now shut down the computer (do not restart, but shut it down), wait a few minutes then start it back up.
  • Give it about 5 minutes, then click Start>Run and type the following bolded command, then hit Enter.
    • helpasst -mbrt

    [*]Make sure you leave a space between helpasst and -mbrt !

    [*]When it completes, a log will open.

    [*]Please post the contents of that log.

**Important note to Dell users - fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not allow the tool to execute mbr -f nor execute the command manually, and you will either need to restore your computer to a factory state or allow your computer to remain having an infected mbr (the latter not recommended).

Gringo

Link to post
Share on other sites

  • Staff

Greetings

check for log

I need to see if it made a log

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box

%systemroot%\HelpAsst.log

  • click ok
  • copy and paste the report into this topic for me to review

gringo

Link to post
Share on other sites

It did eventually run, here is the log.

Status check on Thu 05/06/2010 at 0:05:03.95

Account active No

Local Group Memberships

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys

kernel: MBR read successfully

user & kernel MBR OK

copy of MBR has been found in sector 0x04A7D57E

malicious code @ sector 0x04A7D581 !

PE file found in sector at 0x04A7D597 !

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters

ServiceDll REG_EXPAND_SZ %systemroot%\System32\termsrv.dll

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

~~ EOF ~~

Link to post
Share on other sites

  • Staff

Hello

That log looks good!

I would like you to update combofix to see if it shows up good also.

update combofix

I would like you to download an updated virsion of combofix.

  • Delete the version of combofix you have now on your desktop and download a new one from here
Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

and I would like to see another report that combofix makes

extra combofix report

I need to see one of the extra reports combofix makes

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box

C:\Qoobox\Add-Remove Programs.txt

  • click ok
  • copy and paste the report into this topic for me to review

"information and logs"

  • In your next post I need the following
  1. Let me have the new report from combofix
  2. and the extra report from combofix
  3. let me know of any problems you may have had
  4. How is the computer doing now?

Gringo

Link to post
Share on other sites

Log and Extra log below. No Problems running the scan.

Computer appears to be acting normally.

Solus

ComboFix 10-05-05.07 - Meera Gill 05/06/2010 6:32.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.197 [GMT -4:00]

Running from: c:\documents and settings\Meera Gill\Desktop\ComboFix.exe

AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

((((((((((((((((((((((((( Files Created from 2010-04-06 to 2010-05-06 )))))))))))))))))))))))))))))))

.

2010-05-06 01:55 . 2010-05-06 01:55 -------- d-----w- C:\HelpAsst_backup

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-02 11:56 . 2010-02-16 02:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-02 11:54 . 2010-04-04 19:45 6153352 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-05-02 11:05 . 2005-02-22 00:14 -------- d-----w- c:\program files\Dl_cats

2010-04-29 19:39 . 2010-02-16 02:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 19:39 . 2010-02-16 02:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-28 01:39 . 2008-04-02 00:34 -------- d-----w- c:\documents and settings\Meera Gill\Application Data\OpenOffice.org2

2010-04-28 01:16 . 2008-04-02 00:37 1 ----a-w- c:\documents and settings\Meera Gill\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys

2010-03-31 10:01 . 2005-02-22 00:05 47116 ----a-w- c:\documents and settings\Meera Gill\Application Data\wklnhst.dat

2010-03-30 20:01 . 2008-09-04 00:06 -------- d-----w- c:\documents and settings\Meera Gill\Application Data\skypePM

2010-03-22 02:07 . 2008-09-04 00:05 -------- d-----w- c:\documents and settings\Meera Gill\Application Data\Skype

2010-03-10 06:15 . 2004-08-04 11:00 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-02-25 06:24 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-24 13:11 . 2004-08-04 11:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-17 13:10 . 2004-08-04 11:00 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-16 13:25 . 2004-08-04 11:00 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-16 02:31 . 2008-09-04 00:07 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2010-02-14 15:46 . 2010-02-14 15:46 503808 ----a-w- c:\documents and settings\Meera Gill\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5226b313-n\msvcp71.dll

2010-02-14 15:46 . 2010-02-14 15:46 348160 ----a-w- c:\documents and settings\Meera Gill\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5226b313-n\msvcr71.dll

2010-02-14 15:46 . 2010-02-14 15:46 499712 ----a-w- c:\documents and settings\Meera Gill\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5226b313-n\jmc.dll

2010-02-14 15:46 . 2010-02-14 15:46 61440 ----a-w- c:\documents and settings\Meera Gill\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2cd3da81-n\decora-sse.dll

2010-02-14 15:46 . 2010-02-14 15:46 12800 ----a-w- c:\documents and settings\Meera Gill\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2cd3da81-n\decora-d3d.dll

2010-02-14 04:33 . 2010-02-14 04:33 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-02-14 04:33 . 2010-02-14 04:33 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-02-14 04:32 . 2010-02-14 06:41 217136 ----a-w- c:\windows\system32\drivers\symtdi.sys

2010-02-14 04:32 . 2010-02-14 06:41 310320 ----a-w- c:\windows\system32\drivers\SymEFA.sys

2010-02-14 04:32 . 2010-02-14 06:41 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys

2010-02-14 04:32 . 2010-02-14 04:34 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys

2010-02-14 04:32 . 2010-02-14 06:41 482432 ----a-w- c:\windows\system32\drivers\cchpx86.sys

2010-02-14 04:32 . 2010-02-14 06:41 259632 ----a-w- c:\windows\system32\drivers\BHDrvx86.sys

2010-02-14 04:32 . 2010-02-14 04:35 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys

2010-02-14 04:32 . 2010-02-14 04:32 1291104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll

2010-02-14 04:32 . 2010-02-14 04:32 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll

2010-02-14 04:32 . 2010-02-14 04:35 107368 ----a-r- c:\windows\system32\GEARAspi.dll

2010-02-14 04:32 . 2010-02-14 04:32 776952 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll

2010-02-14 04:19 . 2009-11-12 12:14 79488 ----a-w- c:\documents and settings\Meera Gill\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2010-02-13 17:06 . 2010-05-06 08:18 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100505.048\NAVENG.SYS

2010-02-13 17:06 . 2010-05-06 08:18 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100505.048\EECTRL.SYS

2010-02-13 17:06 . 2010-05-06 08:18 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100505.048\ECMSVR32.DLL

2010-02-13 17:06 . 2010-05-06 08:18 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100505.048\NAVENG32.DLL

2010-02-13 17:06 . 2010-05-06 08:18 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100505.048\NAVEX32A.DLL

2010-02-13 17:06 . 2010-05-06 08:18 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100505.048\NAVEX15.SYS

2010-02-13 17:06 . 2010-05-06 08:18 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100505.048\ERASER.SYS

2010-02-13 17:06 . 2010-05-06 08:18 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100505.048\CCERASER.DLL

2010-02-12 22:41 . 2010-04-25 22:49 558448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll

2010-02-12 04:33 . 2004-08-04 11:00 100864 ----a-w- c:\windows\system32\6to4svc.dll

2010-02-11 12:02 . 2004-08-04 11:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys

.

((((((((((((((((((((((((((((( SnapShot@2010-05-05_12.54.50 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-05-06 04:02 . 2010-05-06 04:02 16384 c:\windows\Temp\Perflib_Perfdata_b8.dat

+ 2010-05-06 04:02 . 2010-05-06 04:02 16384 c:\windows\Temp\Perflib_Perfdata_88.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\Meera Gill\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-19 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]

"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]

"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]

"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]

"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-11-10 290816]

"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 69632]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]

"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-12-06 50688]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

c:\documents and settings\Meera Gill\Start Menu\Programs\Startup\

Seagate 2GHJLLZ3 Product Registration.lnk - c:\documents and settings\Meera Gill\Application Data\Leadertech\PowerRegister\Seagate 2GHJLLZ3 Product Registration.exe [2009-8-8 1731736]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Abacast\\Abaclient.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support

"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service

R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\N360\0308000.029\SymEFA.sys [2/14/2010 2:41 AM 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\SYSTEM32\DRIVERS\N360\0308000.029\BHDrvx86.sys [2/14/2010 2:41 AM 259632]

R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\N360\0308000.029\cchpx86.sys [2/14/2010 2:41 AM 482432]

R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100429.001\IDSXpx86.sys [5/3/2010 4:45 PM 329592]

R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [2/14/2010 2:41 AM 117640]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/3/2010 7:02 PM 102448]

R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\SYSTEM32\DRIVERS\wg111v2.sys [12/26/2007 3:47 AM 272128]

S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\SYSTEM32\DRIVERS\A3AB.sys [8/25/2005 3:00 PM 547744]

S3 USR;U.S. Robotics Wireless Access 802.11b Driver;c:\windows\SYSTEM32\DRIVERS\USRNDS.sys [4/25/2002 10:43 PM 51712]

.

Contents of the 'Scheduled Tasks' folder

2010-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2489869351-3332351380-1060126412-1006Core.job

- c:\documents and settings\Meera Gill\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-19 06:18]

2010-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2489869351-3332351380-1060126412-1006UA.job

- c:\documents and settings\Meera Gill\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-19 06:18]

2005-02-21 c:\windows\Tasks\ISP signup reminder 1.job

- c:\windows\system32\OOBE\OOBEBALN.EXE [2004-08-04 00:12]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = <local>

FF - ProfilePath - c:\documents and settings\Meera Gill\Application Data\Mozilla\Firefox\Profiles\vy60qra0.default\

FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll

FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll

FF - plugin: c:\documents and settings\Meera Gill\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-06 06:41

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1000)

c:\windows\system32\WININET.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

Completion time: 2010-05-06 06:49:32

ComboFix-quarantined-files.txt 2010-05-06 10:49

ComboFix2.txt 2010-05-05 13:03

Pre-Run: 5,266,399,232 bytes freeceiling fans

Post-Run: 5,220,392,960 bytes free

- - End Of File - - EBB28D8123B406B127A6EFC70A0D7FD7

Abacast Client

ABBYY FineReader 5.0 Sprint Plus

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 8.1.5

Adobe Shockwave Player 11

Adobe

Link to post
Share on other sites

  • Staff

Hello

These logs are looking good. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

remove help assist folders

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box

helpasst -cleanup

  • click ok

uninstall some programs

  • 1. click on start

2. then go to settings

3. after that you need control panel

4. look for the icon add/remove programs

click on the following programs

Adobe Reader 8.1.5

Internet Explorer Default Page

J2SE Runtime Environment 5.0 Update 10

J2SE Runtime Environment 5.0 Update 11

J2SE Runtime Environment 5.0 Update 2

J2SE Runtime Environment 5.0 Update 6

Java 2 Runtime Environment, SE v1.4.2_03

Java Auto Updater

Java

Link to post
Share on other sites

Kapersky stalled a couple of times, but otherwise no problems.

Logs below.

Solus

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4073

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/6/2010 8:49:17 PM

mbam-log-2010-05-06 (20-49-17).txt

Scan type: Quick scan

Objects scanned: 125037

Time elapsed: 11 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Saturday, May 8, 2010

Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Friday, May 07, 2010 19:00:52

Records in database: 4084315

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

A:\

C:\

D:\

E:\

Scan statistics:

Objects scanned: 217185

Threats found: 0

Infected objects found: 0

Suspicious objects found: 0

Scan duration: 03:11:19

No threats found. Scanned area is clean.

Selected area has been scanned.

Link to post
Share on other sites

  • Staff

Hello

Very well done!! This is my general post for when your logs show no more signs of malware :)- Please let me know if you still are having problems with your computer and what these problems are.

The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point.

:Uninstall ComboFix:

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • CF-Uninstall.png

:DeFogger:

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
    • The application window will appear
    • Click the Re-enable button to re-enable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

:Make your Internet Explorer more secure:

  • please visit this page that gives instructions to do this
http://surfthenetsafely.com/ieseczone8.htm

:Turn On Automatic Updates:

  • Turn On Automatic Updates
    1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
    2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them
    If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.
    or visit
http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

  • you have a couple of good antispyware programs on this computer but you still can try some of these others to see if you like them also
    I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:
    • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
    • Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
      totally free but for real-time protection you will have to pay a small one-time fee.
    • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.

please read this great article by miekiemoes How to prevent Malware:

and

this great article by Tony Klein So How Did I Get Infected In First Place

Now you have followed my advice - it's time to lodge a complaint against what you have suffered.........

Malware Complaints

If you were infected .... Stand Up and be Counted.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here:btn_donate_SM.gif

Gringo

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.