Computer Tries to Access Websites when it is idle

[asavage]

I have MalwareBytes installed and norton security suite. I had a rootkit removed before I had installed MalwareBytes.

Every now and then I get a message on the security tray that MalwareBytes blocked access to a website. So this leads me to believe that there is still some

problem with my computer.

All of my scans are clean (MalwareBytes and Norton)

Any suggestions?

[Elise]

Hello ,

And My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

• The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  
• Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  
• The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  
• Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
  

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

• Please download OTL from one of the following mirrors:
  • This is THE Mirror
    

  [*]Save it to your desktop.

  [*]Double click on the icon on your desktop.

  [*]Click the "Scan All Users" checkbox.

  [*]Push the button.

  [*]Two reports will open, copy and paste them in a reply here:

  • OTListIt.txt <-- Will be opened
    
  • Extra.txt <-- Will be minimized
    

Please download GMER from one of the following locations and save it to your desktop:

• Main Mirror
  This version will download a randomly named file (Recommended)
  
• Zipped Mirror
  This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  

• Disconnect from the Internet and close all running programs.
  
• Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  
• Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  
• Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
  
  
• GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  
• If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  
• Now click the Scan button. If you see a rootkit warning window, click OK.
  
• When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  
• Click the Copy button and paste the results into your next reply.
  
• Exit GMER and re-enable all active protection when done.
  

-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

• A detailed description of your problems
  
• A new OTL log (don't forget extra.txt)
  
• GMER log
  

[Elise]

<Content removed>

[asavage]

I have the first step done. But when I try and run GMER I can not save the ouput file. My computer locks up.

I am trying to run GMER one last time

[Elise]

Hi, I'm sorry for my second post

Somehow I must have misposted it.

If GMER gives you trouble, please try to run it with the Sections option checked only.

[asavage]

Hi, I'm sorry for my second post

Somehow I must have mistposted it.

If GMER gives you trouble, please try to run it with the Sections option checked only.

Here are all of the files that you requested. I was only able to run GMER with the sections checked

OTL Extras logfile created on: 5/30/2010 1:38:19 PM - Run 1

OTL by OldTimer - Version 3.2.5.1 Folder = C:\Documents and Settings\Alan\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 330.00 Mb Available Physical Memory | 32.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 60.00% Paging File free

Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 108.57 Gb Total Space | 56.12 Gb Free Space | 51.69% Space Free | Partition Type: NTFS

Drive D: | 36.03 Gb Total Space | 0.17 Gb Free Space | 0.47% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

Drive H: | 931.51 Gb Total Space | 313.47 Gb Free Space | 33.65% Space Free | Partition Type: NTFS

I: Drive not present or media not loaded

Computer Name: OWNER-8A9DF43DB

Current User Name: Alan

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1417001333-1078145449-725345543-1004\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\PROGRA~1\COFFEE~1\coffee.exe" "%1" (CoffeeCup Software)

http [open] -- Reg Error: Key error.

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"UpdatesDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10244:TCP" = 10244:TCP:LocalSubNet:Enabled:Zune Network Sharing Service

"10285:UDP" = 10285:UDP:LocalSubNet:Enabled:Zune Network Sharing Service

"10286:UDP" = 10286:UDP:LocalSubNet:Enabled:Zune Network Sharing Service

"10287:UDP" = 10287:UDP:LocalSubNet:Enabled:Zune Network Sharing Service

"10288:UDP" = 10288:UDP:LocalSubNet:Enabled:Zune Network Sharing Service

"10289:UDP" = 10289:UDP:LocalSubNet:Enabled:Zune Network Sharing Service

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10244:TCP" = 10244:TCP:LocalSubNet:Enabled:Zune Network Sharing Service

"10285:UDP" = 10285:UDP:LocalSubNet:Enabled:Zune Network Sharing Service

"10286:UDP" = 10286:UDP:LocalSubNet:Enabled:Zune Network Sharing Service

"10287:UDP" = 10287:UDP:LocalSubNet:Enabled:Zune Network Sharing Service

"10288:UDP" = 10288:UDP:LocalSubNet:Enabled:Zune Network Sharing Service

"10289:UDP" = 10289:UDP:LocalSubNet:Enabled:Zune Network Sharing Service

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"H:\Luke\Combat Arms\CombatArms.exe" = H:\Luke\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found

"H:\Luke\Combat Arms\Engine.exe" = H:\Luke\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:

[Elise]

Hi there,

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  
• Double click on Combofix.exe and follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[asavage]

Hi there,

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  
• Double click on Combofix.exe and follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Here it is

ComboFix 10-06-02.02 - Alan 06/02/2010 22:19:11.5.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.363 [GMT -5:00]

Running from: c:\documents and settings\Alan\Desktop\ComboFix.exe

AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\documents and settings\Alan\Application Data\.#

c:\documents and settings\Alan\g2mdlhlpx.exe

c:\documents and settings\Alan\GoToAssistDownloadHelper.exe

c:\windows\system32\ChilkatMail_v7_9.dll

c:\windows\system32\Ijl11.dll

c:\windows\system32\Vb40032.dll

.

((((((((((((((((((((((((( Files Created from 2010-05-03 to 2010-06-03 )))))))))))))))))))))))))))))))

.

2010-05-14 14:23 . 2010-05-14 14:35 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-05-14 14:23 . 2010-05-14 14:23 -------- d-----w- c:\program files\Symantec

2010-05-14 14:23 . 2010-05-14 14:23 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-05-14 14:23 . 2010-05-14 14:23 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-05-14 14:22 . 2010-06-02 21:58 -------- d-----w- c:\windows\system32\drivers\N360

2010-05-14 14:22 . 2010-05-14 14:22 -------- d-----w- c:\program files\Norton Security Suite

2010-05-14 14:22 . 2010-05-14 14:22 -------- d-----w- c:\program files\Windows Sidebar

2010-05-14 14:21 . 2010-05-14 14:21 -------- d-----w- c:\program files\NortonInstaller

2010-05-14 14:21 . 2010-05-14 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

2010-05-14 14:08 . 2010-05-14 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2010-05-04 18:55 . 2010-05-04 18:55 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-05-04 13:23 . 2010-05-04 13:23 -------- d-----w- c:\program files\iPod

2010-05-04 13:23 . 2010-05-04 13:25 -------- d-----w- c:\program files\iTunes

2010-05-04 13:12 . 2010-05-04 13:12 -------- d-----w- c:\program files\Bonjour

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-03 03:14 . 2009-05-27 15:03 -------- d-----w- c:\documents and settings\Alan\Application Data\OpenOffice.org2

2010-06-02 21:52 . 2009-04-24 17:27 -------- d-----w- c:\documents and settings\Alan\Application Data\Skype

2010-06-02 21:04 . 2009-04-24 18:06 -------- d-----w- c:\documents and settings\Alan\Application Data\skypePM

2010-06-02 19:44 . 2008-01-04 19:38 -------- d-----w- c:\program files\LogMeIn

2010-05-25 09:50 . 2010-05-25 09:50 503808 ----a-w- c:\documents and settings\Alan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5abb4cdf-n\msvcp71.dll

2010-05-25 09:50 . 2010-05-25 09:50 12800 ----a-w- c:\documents and settings\Alan\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-651b2d18-n\decora-d3d.dll

2010-05-25 09:50 . 2010-05-25 09:50 61440 ----a-w- c:\documents and settings\Alan\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-651b2d18-n\decora-sse.dll

2010-05-25 09:50 . 2010-05-25 09:50 499712 ----a-w- c:\documents and settings\Alan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5abb4cdf-n\jmc.dll

2010-05-25 09:50 . 2010-05-25 09:50 348160 ----a-w- c:\documents and settings\Alan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5abb4cdf-n\msvcr71.dll

2010-05-25 09:50 . 2010-02-02 17:50 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-05-18 09:50 . 2010-05-18 09:50 61440 ----a-w- c:\documents and settings\Alan\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-28e52725-n\decora-sse.dll

2010-05-18 09:50 . 2010-05-18 09:50 503808 ----a-w- c:\documents and settings\Alan\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7d239f46-n\msvcp71.dll

2010-05-18 09:50 . 2010-05-18 09:50 499712 ----a-w- c:\documents and settings\Alan\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7d239f46-n\jmc.dll

2010-05-18 09:50 . 2010-05-18 09:50 348160 ----a-w- c:\documents and settings\Alan\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7d239f46-n\msvcr71.dll

2010-05-18 09:50 . 2010-05-18 09:50 12800 ----a-w- c:\documents and settings\Alan\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-28e52725-n\decora-d3d.dll

2010-05-14 14:23 . 2010-05-14 14:23 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-05-14 14:23 . 2010-05-14 14:23 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-05-14 14:20 . 2009-02-21 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-05-14 14:20 . 2009-02-21 02:06 -------- d-----w- c:\program files\McAfee

2010-05-12 16:21 . 2009-10-03 02:37 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-05-04 18:57 . 2007-12-30 17:11 -------- d-----w- c:\program files\Common Files\Java

2010-05-04 13:23 . 2008-03-25 01:58 -------- d-----w- c:\program files\Common Files\Apple

2010-05-04 13:10 . 2010-05-04 13:10 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe

2010-05-03 20:58 . 2010-05-03 20:58 135030 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

2010-04-18 15:22 . 2010-04-18 15:22 -------- d-----w- c:\program files\Common Files\Skype

2010-04-14 13:20 . 2010-04-14 13:17 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-04-14 13:07 . 2009-06-03 13:17 -------- d-----w- c:\program files\QuickTime

2010-04-13 20:59 . 2010-04-13 20:54 188128 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll

2010-04-13 20:58 . 2010-04-13 20:50 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0

2010-04-13 20:50 . 2010-04-13 20:50 -------- d-----w- c:\program files\Microsoft Help Viewer

2010-04-13 20:30 . 2008-03-05 00:57 -------- d-----w- c:\program files\uTorrent

2010-04-13 19:42 . 2009-05-23 12:42 -------- d-----w- c:\program files\Microsoft.NET

2010-04-13 18:20 . 2010-04-13 18:20 -------- d-----w- c:\program files\MySQL

2010-04-13 18:20 . 2010-04-13 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\MySQL

2010-04-13 18:05 . 2010-04-13 18:05 -------- d-----w- c:\program files\Microsoft

2010-04-09 12:17 . 2008-09-29 01:52 -------- d-----w- c:\documents and settings\Alan\Application Data\uTorrent

2010-04-08 18:20 . 2010-04-08 18:20 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-04-08 18:20 . 2010-04-08 18:20 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-03-29 20:24 . 2009-10-28 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-29 20:24 . 2009-10-28 13:39 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-18 21:47 . 2010-03-18 21:47 17760 ----a-w- c:\windows\system32\aspnet_counters.dll

2010-03-18 18:16 . 2010-03-18 18:16 771424 ----a-w- c:\windows\system32\msvcr100_clr0400.dll

2010-03-18 18:16 . 2010-03-18 18:16 70472 ----a-w- c:\windows\system32\dxva2.dll

2010-03-18 18:16 . 2010-03-18 18:16 486216 ----a-w- c:\windows\system32\evr.dll

2010-03-18 15:09 . 2010-03-18 15:09 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-03-18 15:09 . 2010-03-18 15:09 49488 ----a-w- c:\windows\system32\netfxperf.dll

2010-03-18 15:09 . 2010-03-18 15:09 297808 ----a-w- c:\windows\system32\mscoree.dll

2010-03-18 15:09 . 2010-03-18 15:09 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2010-03-18 14:15 . 2010-03-18 14:15 80720 ----a-w- c:\windows\system32\mfcm100u.dll

2010-03-18 14:15 . 2010-03-18 14:15 80208 ----a-w- c:\windows\system32\mfcm100.dll

2010-03-18 14:15 . 2010-03-18 14:15 770384 ----a-w- c:\windows\system32\msvcr100.dll

2010-03-18 14:15 . 2010-03-18 14:15 4368720 ----a-w- c:\windows\system32\mfc100u.dll

2010-03-18 14:15 . 2010-03-18 14:15 4342088 ----a-w- c:\windows\system32\mfc100.dll

2010-03-18 14:15 . 2010-03-18 14:15 421200 ----a-w- c:\windows\system32\msvcp100.dll

2010-03-18 14:15 . 2010-03-18 14:15 138056 ----a-w- c:\windows\system32\atl100.dll

2010-03-17 14:46 . 2010-03-17 14:46 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe

2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll

2009-01-18 19:26 . 2009-01-18 19:24 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-08 68856]

"Orb"="c:\program files\Orb Networks\Orb\bin\OrbTray.exe" [2009-07-16 510416]

"Google Update"="c:\documents and settings\Alan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-03 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-12-12 157312]

"CTHelper"="CTHELPER.EXE" [2006-12-12 19456]

"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 18944]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-03-29 437584]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SetDefaultMIDI"="MIDIDEF.EXE" [2005-11-09 25600]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-02-28 44544]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]

c:\documents and settings\Alan\Start Menu\Programs\Startup\

Check for TWS Updates.lnk - c:\jts\WiseUpdt.exe [2010-4-12 194775]

OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]

Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816]

WinAutomation Agent.lnk - c:\program files\Softomotive\WinAutomation\WinAutomation.DIAgent.exe [2008-3-8 126976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2008-05-28 17:32 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt

[HKLM\~\startupfolder\C:^Documents and Settings^Alan^Start Menu^Programs^Startup^Memeo AutoBackup Launcher.lnk]

path=c:\documents and settings\Alan\Start Menu\Programs\Startup\Memeo AutoBackup Launcher.lnk

backup=c:\windows\pss\Memeo AutoBackup Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Alan^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk]

path=c:\documents and settings\Alan\Start Menu\Programs\Startup\Memeo AutoSync Launcher.lnk

backup=c:\windows\pss\Memeo AutoSync Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Macro Express 3.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Macro Express 3.lnk

backup=c:\windows\pss\Macro Express 3.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SMCWUSB-G 802.11g Wireless USB Utility.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SMCWUSB-G 802.11g Wireless USB Utility.lnk

backup=c:\windows\pss\SMCWUSB-G 802.11g Wireless USB Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk

backup=c:\windows\pss\VPN Client.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-04-02 18:05 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

2008-09-09 22:22 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

2008-12-16 09:14 342848 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]

2004-11-12 03:00 864256 ----a-w- c:\program files\Brother\ControlCenter2\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]

2006-12-12 15:46 19456 ----a-w- c:\windows\system32\CtHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]

2006-03-02 17:00 18944 ----a-w- c:\windows\system32\Ctxfihlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2009-01-18 19:26 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]

2004-04-14 20:04 40960 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-04-28 20:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]

2007-08-03 21:09 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2008-09-09 22:22 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]

2004-04-14 19:46 57393 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

2007-02-21 01:18 366400 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2005-01-12 08:01 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]

2004-11-11 22:14 49152 ----a-w- c:\program files\Brother\Brmfl04g\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

2003-10-14 15:22 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2008-04-08 07:26 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2006-11-04 01:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=

"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=

"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=

"c:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe"=

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\WINDOWS\\system32\\javaw.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0402000.00C\symds.sys [6/1/2010 4:47 PM 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0402000.00C\symefa.sys [6/1/2010 4:47 PM 173104]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100429.001\BHDrvx86.sys [4/29/2010 12:44 PM 537136]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0402000.00C\cchpx86.sys [6/1/2010 4:47 PM 501888]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0402000.00C\ironx86.sys [6/1/2010 4:47 PM 116784]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/3/2007 4:09 PM 12856]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/28/2009 8:39 AM 303952]

R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe [6/1/2010 4:46 PM 126392]

R2 WinAutomation Service;WinAutomation Service;c:\program files\Softomotive\WinAutomation\WinAutomation.ServiceAgent.exe [3/8/2008 8:14 PM 69632]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]

R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [11/25/2005 6:43 PM 31896]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/30/2010 11:49 AM 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100528.003\IDSXpx86.sys [5/28/2010 2:33 PM 331640]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/28/2009 8:39 AM 20824]

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 7:20 AM 12648]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 9:18 AM 135664]

S3 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe [6/9/2009 12:09 PM 68096]

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/18/2009 2:24 PM 29744]

S3 SMCWGU(SMC);SMCWUSB-G 802.11g Wireless USB 2.0 Adapter(SMC);c:\windows\system32\drivers\SMCWGU.sys [10/30/2007 8:34 PM 408064]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 7:28 PM 47128]

S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 2:49 AM 242712]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/10/2008 7:28 PM 369688]

.

Contents of the 'Scheduled Tasks' folder

2010-06-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 14:18]

2010-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 14:18]

2010-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1078145449-725345543-1004Core.job

- c:\documents and settings\Alan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-03 13:45]

2010-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1078145449-725345543-1004UA.job

- c:\documents and settings\Alan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-03 13:45]

2010-06-03 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]

2010-06-02 c:\windows\Tasks\User_Feed_Synchronization-{8DD537AD-172F-47C0-B1CF-E4EA7D9E478C}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html

Trusted Zone: internet

Trusted Zone: jjc.edu\icampus

Trusted Zone: mcafee.com

FF - ProfilePath - c:\documents and settings\Alan\Application Data\Mozilla\Firefox\Profiles\rye5dr0w.default\

FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll

FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll

FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

FF - plugin: c:\documents and settings\Alan\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Microsoft\Web Platform Installer\NPWPIDetector.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\windows\system32\npmirage.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

.

- - - - ORPHANS REMOVED - - - -

SafeBoot-mcmscsvc

SafeBoot-MCODS

MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-02 22:28

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CTHelper = CTHELPER.EXE?

CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.2.0.12\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]

"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1012)

c:\windows\system32\LMIinit.dll

c:\windows\system32\LMIRfsClientNP.dll

.

Completion time: 2010-06-02 22:36:18

ComboFix-quarantined-files.txt 2010-06-03 03:36

ComboFix2.txt 2009-10-27 17:47

Pre-Run: 60,472,057,856 bytes free

Post-Run: 60,433,952,768 bytes free

- - End Of File - - 2AB688BD7FEF6B17895F7AC285B3E661

[Elise]

At this point, do you still get the MBAM pop ups?

[asavage]

At this point, do you still get the MBAM pop ups?

I thought that it was fixed because I didn't see any pop ups for awhile BUT this morning I noticed that MalwareBytes blocked one.

So it looks like when the computer was idle it tried to access the website

[Elise]

Could you please give me the exact message of the pop up?

Also, how are you connected to the internet? If you are using a router, please reset it (malware often alters router settings).

[asavage]

Could you please give me the exact message of the pop up?

Also, how are you connected to the internet? If you are using a router, please reset it (malware often alters router settings).

This is the message.

successfully blocked access to potentially malicious website:

204.188.212.27

althought there were a few websites that were blocked all the same message just differenet IP address

I unplugged the router for about 2 minutes and then re connected to the internet

and had the same issue

[Elise]

Hello again, please follow the steps below.

Please right click on your Internet Connection icon in the System Tray and select Status. In the Status window click the Options button.

Look under "this connection uses the following items" and highlight Internet Protocol (TCP/IP). Click Properties.

On the General tab, make sure "Obtain an IP address automatically" and "Obtain DNS server address automatically" are both ticked.

On the Alternate Configuration tab, make sure "Automatic private IP address" is ticked.

Click OK to exit the Properties and OK to exit the other windows as well.

Now, click Start > Run and type cmd in the runbox.

A command window will open. Type ipconfig /flushdns and press enter.

Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:

@echo off
(ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print) >>Log1.txt
start notepad Log1.txt
del %0

Go to the File menu at the top of the Notepad and select Save as.

Select save in: desktop

Fill in File name: test.bat

Save as type: All file types (*.*)

Click save.

Close the Notepad.

Locate and double-click tast.bat on the desktop.

A notepad opens, copy and paste the content it (log1.txt) to your reply.

[asavage]

Hello again, please follow the steps below.

Please right click on your Internet Connection icon in the System Tray and select Status. In the Status window click the Options button.

Look under "this connection uses the following items" and highlight Internet Protocol (TCP/IP). Click Properties.

On the General tab, make sure "Obtain an IP address automatically" and "Obtain DNS server address automatically" are both ticked.

On the Alternate Configuration tab, make sure "Automatic private IP address" is ticked.

Click OK to exit the Properties and OK to exit the other windows as well.

Now, click Start > Run and type cmd in the runbox.

A command window will open. Type ipconfig /flushdns and press enter.

Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:

@echo off
(ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print) >>Log1.txt
start notepad Log1.txt
del %0

Go to the File menu at the top of the Notepad and select Save as.

Select save in: desktop

Fill in File name: test.bat

Save as type: All file types (*.*)

Click save.

Close the Notepad.

Locate and double-click tast.bat on the desktop.

A notepad opens, copy and paste the content it (log1.txt) to your reply.

I do not have a network connection in my system tray.

looking on google I see that this is a pretty common occurance.... So I tried a couple of methods that were suggested and no luck.

right click system tray > uncheck hide inactive

[Elise]

In that case, please click Start > Control Panel, double click on Network Connections and right click on your connection there.

[asavage]

In that case, please click Start > Control Panel, double click on Network Connections and right click on your connection there.

WOW that was quick! Thanks

Here it is

Windows IP Configuration

Host Name . . . . . . . . . . . . : owner-8a9df43db

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : chn.comcast.net

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : chn.comcast.net

Description . . . . . . . . . . . : Intel® PRO/1000 PL Network Connection

Physical Address. . . . . . . . . : 00-13-72-0C-25-D7

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.4

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 68.87.72.130

68.87.77.130

Lease Obtained. . . . . . . . . . : Monday, June 07, 2010 9:05:32 AM

Lease Expires . . . . . . . . . . : Monday, June 07, 2010 10:05:32 AM

Server: nrcns.area4.il.chicago.comcast.net

Address: 68.87.72.130

Name: google.com

Addresses: 74.125.95.104, 74.125.95.99, 74.125.95.147, 74.125.95.106

74.125.95.103, 74.125.95.105

Server: nrcns.area4.il.chicago.comcast.net

Address: 68.87.72.130

Name: yahoo.com

Addresses: 67.195.160.76, 69.147.125.65, 72.30.2.43, 98.137.149.56

209.191.122.70

Pinging google.com [209.85.225.106] with 32 bytes of data:

Reply from 209.85.225.106: bytes=32 time=33ms TTL=54

Reply from 209.85.225.106: bytes=32 time=22ms TTL=54

Ping statistics for 209.85.225.106:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 22ms, Maximum = 33ms, Average = 27ms

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=51ms TTL=52

Reply from 209.191.122.70: bytes=32 time=49ms TTL=52

Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 49ms, Maximum = 51ms, Average = 50ms

===========================================================================

Interface List

0x1 ........................... MS TCP Loopback interface

0x2 ...00 13 72 0c 25 d7 ...... Intel® PRO/1000 PL Network Connection - Packet Scheduler Miniport

===========================================================================

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.4 20

127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1

169.254.0.0 255.255.0.0 192.168.0.4 192.168.0.4 20

192.168.0.0 255.255.255.0 192.168.0.4 192.168.0.4 20

192.168.0.4 255.255.255.255 127.0.0.1 127.0.0.1 20

192.168.0.255 255.255.255.255 192.168.0.4 192.168.0.4 20

224.0.0.0 240.0.0.0 192.168.0.4 192.168.0.4 20

255.255.255.255 255.255.255.255 192.168.0.4 192.168.0.4 1

Default Gateway: 192.168.0.1

===========================================================================

Persistent Routes:

None

[Elise]

Hello again, that looks good. Please let me know if you still get the pop up after the DNS flush.

Also, please launch MBAM, update it and run a full scan. Post me the resulting log.

[asavage]

Hello again, that looks good. Please let me know if you still get the pop up after the DNS flush.

Also, please launch MBAM, update it and run a full scan. Post me the resulting log.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4175

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/7/2010 1:59:56 PM

mbam-log-2010-06-07 (13-59-56).txt

Scan type: Full scan (C:\|D:\|H:\|)

Objects scanned: 400695

Time elapsed: 3 hour(s), 52 minute(s), 53 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[Elise]

Please let me know if you still get the pop up after the DNS flush.

Could you please answer this as well?

[asavage]

Could you please answer this as well?

So far no popups

[Elise]

Good news

Please launch MBAM, update it first and run a full scan. Post me the resulting log.

[Elise]

Hello, are you still there?

[AdvancedSetup]

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.