catdrvr Posted May 6, 2010 ID:245679 Share Posted May 6, 2010 cant run or open any exe file that I tried to download from your list of files. Every time and get application cannot be executed. File is infected messages. Running windows xp sp3 Messages also pop up regarding antivirus software alert and popup windows fpr windows security alert. Thanks for the help. Link to post Share on other sites More sharing options...
Staff gringo_pr Posted May 6, 2010 Staff ID:245918 Share Posted May 6, 2010 Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.1.Please do not run any other tool untill instructed to do so!2.Please reply to this thread, do not start another!3.Please tell me about any problems that have occurred during the fix.4.Please tell me of any other symptoms you may be having as these can help also.5.Please try as much as possible not to run anything while executing a fix.If you follow these instructions, everything should go smoothly.When the tool is finished, it will produce a report for you. It's most likely the rogueware is preventing programs as well as our tools from running. The following tool will help running them.If you have an active internet connection, copy/paste the links below into your browser, don't click them or the rogue might redirect. If you don't have an active internet connection, download the tools from another machine, and transfer them to the affected machine via USB flash drive.There are 4 different versions. If one of them won't run then download and try to run the other one. You only need to get one of them to run, not all of them.Vista and Win7 users need to right click and choose Run as Adminhttp://download.bleepingcomputer.com/grinler/rkill.exehttp://download.bleepingcomputer.com/grinler/rkill.comhttp://download.bleepingcomputer.com/grinler/rkill.scrhttp://download.bleepingcomputer.com/grinler/rkill.pifNote: You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message. Run rkill repeatedly until it's able to do it's job. This may take a few tries. You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.At this point, you should now be able to run analysis tools.Once the tool has run, do NOT reboot the machine, and then try once again to run DDS and GMER If for some reason the machine reboots, repeat the process. Again, try not to restart the machine.Gringo Link to post Share on other sites More sharing options...
catdrvr Posted May 7, 2010 Author ID:246286 Share Posted May 7, 2010 Well I just got your message. Thanks. BUt I had found the link and information in the other forum for handling the anitvirus soft which is what was showingup. I did those procedures and got malware to run and located/deleted the files. Only problem now is that neither firefox nor ie8 will load/run. Link to post Share on other sites More sharing options...
Staff gringo_pr Posted May 7, 2010 Staff ID:246446 Share Posted May 7, 2010 Greetingssend me the logs that I ask for below and I'll look to see if I can see anything that might be able to help, If I don't see anything I will send you over to the tech side.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.Download DDS:Please download DDS by sUBs from one of the links below and save it to your desktop:Download DDS and save it to your desktopLink1Link2Link3Please disable any anti-malware program that will block scripts from running before running DDS.Double-Click on dds.scr and a command window will appear. This is normal.Shortly after two logs will appear: DDS.txt Attach.txt[*]A window will open instructing you save & post the logs[*]Save the logs to a convenient place such as your desktop[*]Copy the contents of both logs & post in your next replyGmerDownload GMER Rootkit Scanner from here.Double click the .exe file. If asked to allow gmer.sys driver to load, please consentIf it gives you a warning about rootkit activity and asks if you want to run scan...click on NOIn the right panel, you will see several boxes that have been checked. Uncheck the following ...IAT/EATDrives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one)[*]Then click the Scan button & wait for it to finish[*]Once done click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file[*]Save it where you can easily find it, such as your desktop, and post it in reply**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entriesNote: Do not run any programs while Gmer is running.information and logs:In your next post I need the following1.logs from DDS2.log from GMER3.let me know of any problems you may have hadGringo Link to post Share on other sites More sharing options...
catdrvr Posted May 9, 2010 Author ID:247420 Share Posted May 9, 2010 gmer has been running for three hours now is this normal?? Link to post Share on other sites More sharing options...
Staff gringo_pr Posted May 9, 2010 Staff ID:247426 Share Posted May 9, 2010 yes it can beGringo Link to post Share on other sites More sharing options...
catdrvr Posted May 10, 2010 Author ID:247572 Share Posted May 10, 2010 here we go: GMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-05-09 20:20:39Windows 5.1.2600 Service Pack 3Running: l5brofed.exe; Driver: C:\DOCUME~1\Paul\LOCALS~1\Temp\kfayqaog.sys---- System - GMER 1.0.15 ----SSDT 896D3048 ZwAlertResumeThreadSSDT 896D3128 ZwAlertThreadSSDT 896CAEF8 ZwAllocateVirtualMemorySSDT 897071A0 ZwAssignProcessToJobObjectSSDT 89972FB0 ZwConnectPortSSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xA89D4210]SSDT 896A5008 ZwCreateMutantSSDT 896CB238 ZwCreateSymbolicLinkObjectSSDT 896A5FB0 ZwCreateThreadSSDT 89707008 ZwDebugActiveProcessSSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xA89D4490]SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA89D49F0]SSDT 896E7E20 ZwDuplicateObjectSSDT 896A9FC0 ZwFreeVirtualMemorySSDT 896E2108 ZwImpersonateAnonymousTokenSSDT 896E21E8 ZwImpersonateThreadSSDT 8972B588 ZwLoadDriverSSDT 896DFCB0 ZwMapViewOfSectionSSDT 896A51A0 ZwOpenEventSSDT 896E7FC0 ZwOpenProcessSSDT 896A5EE8 ZwOpenProcessTokenSSDT 896ED248 ZwOpenSectionSSDT 896E7EF0 ZwOpenThreadSSDT 897070B0 ZwProtectVirtualMemorySSDT 89712288 ZwResumeThreadSSDT 896E3178 ZwSetContextThreadSSDT 896E3238 ZwSetInformationProcessSSDT 896ED100 ZwSetSystemInformationSSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA89D4C40]SSDT 896A50C0 ZwSuspendProcessSSDT 896D3208 ZwSuspendThreadSSDT 8A5EF320 ZwTerminateProcessSSDT 896E3098 ZwTerminateThreadSSDT 896A9E38 ZwUnmapViewOfSectionSSDT 896CAE28 ZwWriteVirtualMemory---- Kernel code sections - GMER 1.0.15 ----.text ntkrnlpa.exe!ZwCallbackReturn + 2D3C 805045D8 4 Bytes CALL 8AD9B3FE ? SYMEFA.SYS The system cannot find the file specified. !---- User code sections - GMER 1.0.15 ----.text C:\WINDOWS\system32\SearchIndexer.exe[2252] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)---- Devices - GMER 1.0.15 ----AttachedDevice \FileSystem\Ntfs \Ntfs symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)---- EOF - GMER 1.0.15 ----DDS (Ver_10-03-17.01) - NTFSx86 Run by Paul at 10:22:43.51 on Sat 05/08/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.1234 [GMT -4:00]AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exeC:\Program Files\Norton Online\Engine\1.2.2.2\ccSvcHst.exeC:\Program Files\Norton Ghost\Agent\VProSvc.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\SearchIndexer.exeC:\WINDOWS\system32\dllhost.exeC:\Program Files\Norton Online\Engine\1.2.2.2\ccSvcHst.exeC:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exeC:\Program Files\Logitech\MouseWare\system\em_exec.exeC:\Documents and Settings\Paul\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Paul\Desktop\Defogger.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\SearchProtocolHost.exeC:\Documents and Settings\Paul\Desktop\dds.com============== Pseudo HJT Report ===============uStart Page = hxxp://www.cnn.com/uInternet Settings,ProxyServer = http=127.0.0.1:5555mWinlogon: Userinit=c:\windows\system32\Userinit.exeBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dllBHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dllBHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.8.0.41\IPSBHO.DLLBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dllBHO: Norton Safety Minder BHO: {b8e07826-0971-4f16-b133-047b88034e89} - c:\program files\norton online\addons\norton safety minder\engine\1.2.2.2\coIEPlg.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dlluRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"uRun: [Octoshape Streaming Services] "c:\documents and settings\paul\application data\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrunuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [RTHDCPL] RTHDCPL.EXEmRun: [Logitech Utility] Logi_MwX.ExemRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exemRun: [Alcmtr] ALCMTR.EXEmRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /automRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silentStartupFolder: c:\docume~1\paul\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\quickcam\eReg.exeIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dllIE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLLDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cabDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234299717359DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-6-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cabHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLHandler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.8.0.41\CoIEPlg.dllNotify: igfxcui - igfxdev.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dllmASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"================= FIREFOX ===================FF - ProfilePath - c:\docume~1\paul\applic~1\mozilla\firefox\profiles\uz387w4r.default\FF - prefs.js: browser.startup.homepage - hxxp://www.weather.com/weather/today/Cadyville+NY+12918?lswe=12918&from=searchbox_localwxFF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dllFF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dllFF - component: c:\documents and settings\all users\application data\norton\{78ca3bf0-9c3b-40e1-b46d-38c877ef059a}\nsm_1.2.0.39\ffplugin\components\coFFFw.dllFF - plugin: c:\documents and settings\paul\application data\mozilla\plugins\npoctoshape.dllFF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dllFF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dllFF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\---- FIREFOX POLICIES ----c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);============= SERVICES / DRIVERS ===============R0 hotcore;hotcore;c:\windows\system32\drivers\hotcore.sys [2009-2-11 18208]R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-2-9 310320]R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-2-9 259632]R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-2-9 482432]R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100505.001\IDSXpx86.sys [2010-5-7 329592]R2 N360;Norton 360;c:\program files\norton 360\engine\3.8.0.41\ccSvcHst.exe [2010-2-9 117640]R2 NOF;Norton Online;c:\program files\norton online\engine\1.2.2.2\ccSvcHst.exe [2010-4-1 126392]R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2006-2-28 5120]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-2-9 102448]R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-2-10 110080]R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100507.038\NAVENG.SYS [2010-5-8 84912]R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100507.038\NAVEX15.SYS [2010-5-8 1324720]R3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2007-12-20 1562096]S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Safety Minder;c:\windows\system32\drivers\nsm\0102020.002\symrdr.sys [2010-4-1 237360]S4 gupdate1c9a3511b462992;Google Update Service (gupdate1c9a3511b462992);c:\program files\google\update\GoogleUpdate.exe [2009-3-12 133104]=============== Created Last 30 ==================================== Find3M ====================2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll2010-02-09 19:07:54 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL2006-06-24 22:48:54 32768 ----a-r- c:\windows\inf\UpdateUSB.exe2010-01-24 17:03:39 203776 --sh--w- c:\windows\system32\unrar.exe============= FINISH: 10:22:59.40 =============== Link to post Share on other sites More sharing options...
Staff gringo_pr Posted May 10, 2010 Staff ID:247577 Share Posted May 10, 2010 Hello please do the following and let me know if your issues have been corrected.Scan with exeHelper:Please download exeHelper to your desktop.Double-click on exeHelper.com to run the fix.A black window should pop up, press any key to close once the fix is completed.Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).Run Combofix:Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the report in your next post:C:\ComboFix.txt"information and logs"In your next post I need the followingLog from Combofixlet me know of any problems you may have hadHow is the computer doing now?Gringo Link to post Share on other sites More sharing options...
catdrvr Posted May 10, 2010 Author ID:247730 Share Posted May 10, 2010 internet is back but everything seems a bit slower than normal. Ive included the combofix file below. Thanks for everything so far. Really appreciate itComboFix 10-05-09.06 - Paul 05/10/2010 9:24.1.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.1250 [GMT -4:00]Running from: c:\documents and settings\Paul\Desktop\ComboFix.exeAV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\Paul\Application Data\0200000079131832741C.manifestc:\documents and settings\Paul\Application Data\0200000079131832741O.manifestc:\documents and settings\Paul\Application Data\0200000079131832741P.manifestc:\documents and settings\Paul\Application Data\0200000079131832741S.manifestc:\windows\system32\11478.exec:\windows\system32\15724.exec:\windows\system32\18467.exec:\windows\system32\19169.exec:\windows\system32\26500.exec:\windows\system32\29358.exec:\windows\system32\374084953c:\windows\system32\6334.exec:\windows\system32\unrar.exe.((((((((((((((((((((((((( Files Created from 2010-04-10 to 2010-05-10 ))))))))))))))))))))))))))))))).2010-05-07 14:48 . 2010-05-07 14:48 -------- d-----w- C:\Malwarebytes' Anti-Malware2010-05-06 13:15 . 2010-05-06 16:09 -------- d-----w- c:\documents and settings\Paul\Local Settings\Application Data\alrnncany2010-04-14 15:41 . 2010-04-14 15:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-05-07 14:50 . 2010-03-31 13:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2010-05-07 13:42 . 2009-03-12 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater2010-04-29 19:39 . 2010-03-31 13:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-04-29 19:39 . 2010-03-31 13:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-04-14 15:43 . 2009-03-12 20:27 -------- d-----w- c:\program files\Google2010-03-31 10:05 . 2009-11-11 23:14 -------- d-----w- c:\documents and settings\Paul\Application Data\LimeWire2010-03-25 16:13 . 2010-02-10 14:19 -------- d-----w- c:\program files\OffenderWatch2010-03-10 06:15 . 2006-02-28 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll2010-03-07 18:13 . 2009-02-15 20:05 71960 ----a-w- c:\documents and settings\Paul\Application Data\Mozilla\Plugins\npoctoshape.dll2010-03-02 16:13 . 2010-03-02 16:13 38784 ----a-w- c:\documents and settings\Paul\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe2010-03-02 16:13 . 2010-03-02 16:13 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe2010-02-25 06:24 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll2010-02-24 13:11 . 2006-02-28 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys2010-02-17 16:19 . 2010-03-07 18:14 71960 ----a-w- c:\documents and settings\Paul\Application Data\Octoshape\Octoshape Streaming Services\sua-1002170-0-npoctoshape.dll2010-02-17 16:19 . 2010-03-07 18:14 420352 ----a-w- c:\documents and settings\Paul\Application Data\Octoshape\Octoshape Streaming Services\sua-1002170-0-libOctoshapeClient.dll2010-02-17 16:19 . 2010-03-07 18:14 124184 ----a-w- c:\documents and settings\Paul\Application Data\Octoshape\Octoshape Streaming Services\sua-1002170-0-apoctoshape.dll2010-02-16 14:08 . 2006-02-28 12:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe2010-02-12 04:33 . 2006-02-28 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll2010-02-11 20:55 . 2010-03-02 16:14 785776 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF_1.2.0.53\coFFFW\components\coFFFw.DLL2010-02-11 20:55 . 2010-02-09 22:37 785776 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_1.2.0.39\FFPlugin\components\coFFFw.dll2010-02-11 12:02 . 2006-02-28 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys2010-02-09 22:50 . 2009-12-01 03:50 79488 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll2010-02-09 21:14 . 2010-02-09 21:14 0 ----a-w- c:\windows\nsreg.dat2010-02-09 19:07 . 2009-12-30 15:06 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL2010-02-09 19:07 . 2009-12-30 15:06 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS2010-02-09 19:07 . 2010-02-09 19:07 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Octoshape Streaming Services"="c:\documents and settings\Paul\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDCPL"="RTHDCPL.EXE" [2008-06-13 16871936]"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-01-23 423200]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768][hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]@="FSFilter Activity Monitor"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver"[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Documents and Settings\\Paul\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"="c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="c:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="d:\\LimeWire\\LimeWire.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"="c:\\Program Files\\LimeWire\\LimeWire.exe"=R0 hotcore;hotcore;c:\windows\system32\drivers\hotcore.sys [2/11/2009 1:02 PM 18208]R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [2/9/2010 7:02 PM 310320]R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [2/9/2010 7:02 PM 259632]R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [2/9/2010 7:02 PM 482432]R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100505.001\IDSXpx86.sys [5/7/2010 4:52 PM 329592]R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2/9/2010 7:02 PM 117640]R2 NOF;Norton Online;c:\program files\Norton Online\Engine\1.2.2.2\ccSvcHst.exe [4/1/2010 4:08 PM 126392]R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2/28/2006 8:00 AM 5120]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/9/2010 4:45 AM 102448]R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2/10/2009 4:48 PM 110080]R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [12/20/2007 5:13 PM 1562096]S2 gupdate1c9a3511b462992;Google Update Service (gupdate1c9a3511b462992);c:\program files\Google\Update\GoogleUpdate.exe [3/12/2009 4:28 PM 133104]S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Safety Minder;c:\windows\system32\drivers\NSM\0102020.002\symrdr.sys [4/1/2010 4:08 PM 237360][HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]2009-02-25 15:12 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe.Contents of the 'Scheduled Tasks' folder2010-05-10 c:\windows\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9.job- c:\program files\Norton Online\AddOns\Norton Safety Minder\Engine\1.2.2.2\TampMon.exe [2010-04-01 19:09]2010-05-10 c:\windows\Tasks\Google Software Updater.job- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-12 01:53]2010-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-12 20:28]2010-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-12 20:28]..------- Supplementary Scan -------.uStart Page = hxxp://www.cnn.com/uInternet Settings,ProxyServer = http=127.0.0.1:5555IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000FF - ProfilePath - c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\uz387w4r.default\FF - prefs.js: browser.startup.homepage - hxxp://www.weather.com/weather/today/Cadyville+NY+12918?lswe=12918&from=searchbox_localwxFF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dllFF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dllFF - component: c:\documents and settings\All Users\Application Data\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_1.2.0.39\FFPlugin\components\coFFFw.dllFF - plugin: c:\documents and settings\Paul\Application Data\Mozilla\plugins\npoctoshape.dllFF - plugin: c:\program files\Canon\ZoomBrowser EX\Program\NPCIG.dllFF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dllFF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dllFF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\---- FIREFOX POLICIES ----c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);.- - - - ORPHANS REMOVED - - - -HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\lib\NMBgMonitor.exeHKLM-Run-NWEReboot - (no file)HKLM-Run-NeroFilterCheck - c:\windows\system32\NeroCheck.exeAddRemove-QcDrv - c:\program files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE**************************************************************************scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: **************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"--[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NOF]"ImagePath"="\"c:\program files\Norton Online\Engine\1.2.2.2\ccSvcHst.exe\" /s \"NOF\" /m \"c:\program files\Norton Online\Engine\1.2.2.2\diMaster.dll\" /prefetch:1".Completion time: 2010-05-10 09:27:47ComboFix-quarantined-files.txt 2010-05-10 13:27Pre-Run: 312,241,836,032 bytes freePost-Run: 312,471,179,264 bytes freeWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect- - End Of File - - 288970B6106522DF6ED2DDFA8A7F6564 Link to post Share on other sites More sharing options...
Staff gringo_pr Posted May 10, 2010 Staff ID:247825 Share Posted May 10, 2010 Greetings,that is good news.:Run CFScript: Open Notepad and copy/paste the text in the box into the window: DDS::uInternet Settings,ProxyServer = http=127.0.0.1:5555SkipFix:: Save it to your desktop as CFScript.txt Refering to the picture above, drag CFScript.txt into ComboFix.exe This will let ComboFix run again. Restart if you have to. Save the produced logfile to your desktop. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stallNOTE**When ComboFix finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will upload files to submit for analysis.Ensure you are connected to the internet and click OK on the message box.extra combofix reportI need to see one of the extra reports combofix makespush the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)please copy and past the following into the boxC:\Qoobox\Add-Remove Programs.txtclick okcopy and paste the report into this topic for me to review: Malwarebytes' Anti-Malware :Please download Malwarebytes' Anti-Malware to your desktop.Double-click mbam-setup.exe and follow the prompts to install the program.At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware[*] then click Finish.[*]If an update is found, it will download and install the latest version.[*]Once the program has loaded, select Perform quick scan, then click Scan.[*]When the scan is complete, click OK, then Show Results to view the results.[*]Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.[*]When completed, a log will open in Notepad. please copy and paste the log into your next reply If you accidently close it, the log file is saved here and will be named like this:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txtNote: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware."information and logs"In your next post I need the followingreport from combofixextra report from combofixreport from MBAMlet me know of any problems you may have hadHow is the computer doing now?Gringo Link to post Share on other sites More sharing options...
catdrvr Posted May 10, 2010 Author ID:247871 Share Posted May 10, 2010 Acrobat.comAdobe AIRAdobe Flash Player 10 ActiveXAdobe Flash Player 10 PluginAdobe Reader 9.3.2Adobe Shockwave Player 11Apple Mobile Device SupportCanon Camera Support Core LibraryCANON iMAGE GATEWAY Task for ZoomBrowser EXCanon Internet Library for ZoomBrowser EXCanon MOV DecoderCanon MOV EncoderCanon MovieEdit Task for ZoomBrowser EXCanon Utilities CameraWindowCanon Utilities CameraWindow DCCanon Utilities CameraWindow DC_DV 5 for ZoomBrowser EXCanon Utilities CameraWindow DC_DV 6 for ZoomBrowser EXCanon Utilities Digital Photo Professional 3.6Canon Utilities EOS UtilityCanon Utilities MyCameraCanon Utilities MyCamera DCCanon Utilities Original Data Security ToolsCanon Utilities PhotoStitchCanon Utilities Picture Style EditorCanon Utilities RemoteCapture DCCanon Utilities RemoteCapture Task for ZoomBrowser EXCanon Utilities WFT-E1/E2/E3/E4 UtilityCanon Utilities ZoomBrowser EXCanon ZoomBrowser EX Memory Card UtilityCompatibility Pack for the 2007 Office systemContent TransferCritical Update for Windows Media Player 11 (KB959772)DiskeeperWorkstationExpress GateforteManagerGarmin City Navigator North America NT 2009.11 UpdateGarmin City Navigator North America NT 2010.10 UpdateGarmin Communicator PluginGarmin MapSourceGarmin USB DriversGarmin WebUpdaterGoogle EarthGoogle Update HelperGoogle UpdaterHigh Definition Audio Driver Package - KB888111Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB915800-v4)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB970653-v3)Hotfix for Windows XP (KB976098-v2)Hotfix for Windows XP (KB979306)Intel® Graphics Media Accelerator DriverJava 6 Update 12LightScribe Diagnostic UtilityLightScribe System SoftwareLightScribe Template Designs - Architecture Pack 1LightScribe Template Designs - Business Pack 1LightScribe Template LabelerLimeWire 5.4.7LiveUpdate 3.2 (Symantec Corporation)Logitech iTouch SoftwareLogitech MouseWare 9.79.1 Logitech VidLogitech Webcam SoftwareLogitech Webcam Software Driver PackageMalwarebytes' Anti-MalwareManual for Police of New York StateMasterCook 5: Deluxe EditionMedia Manager for WALKMAN 1.2Microsoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB953297)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft Application Error ReportingMicrosoft Base Smart Card Cryptographic Service Provider PackageMicrosoft Choice GuardMicrosoft Compression Client Pack 1.0 for Windows XPMicrosoft Kernel-Mode Driver Framework Feature Pack 1.7Microsoft Office Professional Edition 2003Microsoft Outlook Personal Folders BackupMicrosoft User-Mode Driver Framework Feature Pack 1.7Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft WinUsb 1.0Microsoft Works 6-9 ConverterMozilla Firefox (3.6.3)Mp3tag v2.44MSRedistMSVCRTMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)neroxmlNorton 360Norton GhostNorton OnlineNorton Safety MinderOctoshape Streaming ServicesOffenderWatch 2.10 XPParagon Hard Disk Manager 6.0 ProfessionalPowerDVDQuicken 2009QuickTimeREALTEK GbE & FE Ethernet PCI-E NIC DriverRealtek High Definition Audio DriverSafariSecurity Update for CAPICOM (KB931906)Security Update for Windows Internet Explorer 8 (KB971961)Security Update for Windows Internet Explorer 8 (KB972260)Security Update for Windows Internet Explorer 8 (KB974455)Security Update for Windows Internet Explorer 8 (KB976325)Security Update for Windows Internet Explorer 8 (KB978207)Security Update for Windows Internet Explorer 8 (KB981332)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB968816)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player 11 (KB936782)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows Search 4 - KB963093Security Update for Windows XP (KB923561)Security Update for Windows XP (KB923789)Security Update for Windows XP (KB938464)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950760)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951698)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB954211)Security Update for Windows XP (KB954459)Security Update for Windows XP (KB954600)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956841)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958215)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958687)Security Update for Windows XP (KB958690)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960714)Security Update for Windows XP (KB960715)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961371)Security Update for Windows XP (KB961373)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB968537)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB969898)Security Update for Windows XP (KB969947)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971486)Security Update for Windows XP (KB971557)Security Update for Windows XP (KB971633)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973346)Security Update for Windows XP (KB973354)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973525)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977165)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978251)Security Update for Windows XP (KB978262)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB980232)Segoe UISkype web featuresSkype Link to post Share on other sites More sharing options...
Staff gringo_pr Posted May 10, 2010 Staff ID:247876 Share Posted May 10, 2010 GreetingsYour Java is out of date.It can be updated by the Java control panelclick on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.An update should begin;follow the promptsAfter the update is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)On the General tab, under Temporary Internet Files, click the Settings button.Next, click on the Delete Files buttonThere are two options in the window to clear the cache - Leave BOTH CheckedApplications and AppletsTrace and Log Files[*]Click OK on Delete Temporary Files WindowNote: This deletes ALL the Downloaded Applications and Applets from the CACHE.[*]Click OK to leave the Temporary Files Window[*]Click OK to leave the Java Control Panel.TFC(Temp File Cleaner):Please download TFC to your desktop, Save any unsaved work. TFC will close all open application windows.Double-click TFC.exe to run the program.If prompted, click "Yes" to reboot.Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.: Malwarebytes' Anti-Malware :Please download Malwarebytes' Anti-Malware to your desktop.Double-click mbam-setup.exe and follow the prompts to install the program.At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware[*] then click Finish.[*]If an update is found, it will download and install the latest version.[*]Once the program has loaded, select Perform quick scan, then click Scan.[*]When the scan is complete, click OK, then Show Results to view the results.[*]Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.[*]When completed, a log will open in Notepad. please copy and paste the log into your next reply If you accidently close it, the log file is saved here and will be named like this:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txtNote: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.:Kaspersky scan:Please go to Kaspersky website and perform an online antivirus scan.Read through the requirements and privacy statement and click on Accept button.It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.When the downloads have finished, click on Settings.Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs ArchivesMail databases[*]Click on My Computer under Scan.[*]Once the scan is complete, it will display the results. Click on View Scan Report.[*]You will see a list of infected items there. Click on Save Report As....[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.[*]Please post this log in your next reply."information and logs"In your next post I need the followingLog From MBAMLog From Kasperskylet me know of any problems you may have hadHow is the computer doing now?Gringo Link to post Share on other sites More sharing options...
Staff gringo_pr Posted May 13, 2010 Staff ID:249489 Share Posted May 13, 2010 Hello three day bumpIt has been Three days since my last post.do you still need help with this?do you need more time?are you having problems following my instructions?if after 24hrs you have not replied to this thread then it will have to be closed!Gringo Link to post Share on other sites More sharing options...
catdrvr Posted May 14, 2010 Author ID:249860 Share Posted May 14, 2010 Ive had trouble with the kaspersky scanner but i think ive got it. Everytime it ran i couldnt find a report and it would close before i could generate the report. Link to post Share on other sites More sharing options...
Staff gringo_pr Posted May 14, 2010 Staff ID:249988 Share Posted May 14, 2010 greetingsif you keep having trouble then try this one.Go here to run an online scannner from ESET.Note: You will need to use Internet explorer for this scan Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartMake sure that the option Remove found threats is unticked and the Scan Archives option is ticked.Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.Click ScanWait for the scan to finishUse notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txtCopy and paste that log as a reply to this topic and also let me know how things are now. gringo Link to post Share on other sites More sharing options...
catdrvr Posted May 16, 2010 Author ID:251018 Share Posted May 16, 2010 now im back to no browser i click on either ie8 or firefox n nothing loads i have email but no web again Link to post Share on other sites More sharing options...
Staff gringo_pr Posted May 16, 2010 Staff ID:251043 Share Posted May 16, 2010 Ok make me a new DDS and Gmer scan and lets see what happenedGringo Link to post Share on other sites More sharing options...
Staff gringo_pr Posted May 20, 2010 Staff ID:253249 Share Posted May 20, 2010 Hello three day bumpIt has been Three days since my last post.do you still need help with this?do you need more time?are you having problems following my instructions?if after 48hrs you have not replied to this thread then it will have to be closed!Gringo Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted May 24, 2010 Root Admin ID:255133 Share Posted May 24, 2010 Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you. Link to post Share on other sites More sharing options...
Recommended Posts