Jump to content

broswer redirects


Recommended Posts

Hi,

I cannot get windows updates if I try to go to microsoft.com I get redirected. the url dropdown doesn't work

mbam log

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4170

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/5/2010 10:51:21 AM

mbam-log-2010-06-05 (10-51-21).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 233232

Time elapsed: 1 hour(s), 27 minute(s), 27 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 36

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Owner\Desktop\o.dat (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

DDS log

DDS (Ver_10-03-17.01) - NTFSx86

Run by Owner at 12:36:13.92 on Sat 06/05/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.175 [GMT -4:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Norton AntiVirus\Engine\18.0.0.114\ccSvcHst.exe

C:\Program Files\Norton Safe Web Lite\Engine\1.0.0.60\ccSvcHst.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Norton AntiVirus\Engine\18.0.0.114\ccSvcHst.exe

C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com

uStart Page = hxxp://att.net/

uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8

mDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8

mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com

mStart Page = hxxp://www.yahoo.com/?fr=fp-yie8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

uURLSearchHooks: CommentsBar - Social Comments Toolbar: {3192b808-ec27-4332-b6c6-97f82692cad5} - c:\program files\commentsbar_-_social_comments\tbCom1.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~1\arcsoft\videod~1\ARCURL~1.DLL

BHO: CommentsBar - Social Comments Toolbar: {3192b808-ec27-4332-b6c6-97f82692cad5} - c:\program files\commentsbar_-_social_comments\tbCom1.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.0.0.114\IPSBHO.DLL

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Search Assistant: {f0626a63-410b-45e2-99a1-3f2475b2d695} - c:\program files\sgpsa\BHO.dll

BHO: Norton Safe Web Lite BHO: {f0da78e9-6b60-42fb-bc26-ef2cfb8c8ff3} - c:\program files\norton safe web lite\engine\1.0.0.60\coIEPlg.dll

BHO: Fast Browser Search Toolbar Helper: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\fast browser search\ie\FBStoolbar.dll

TB: Fast Browser Search Toolbar: {1bb22d38-a411-4b13-a746-c2a4f4ec7344} - c:\program files\fast browser search\ie\FBStoolbar.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: CommentsBar - Social Comments Toolbar: {3192b808-ec27-4332-b6c6-97f82692cad5} - c:\program files\commentsbar_-_social_comments\tbCom1.dll

TB: Norton Safe Web Lite: {30ceeea2-3742-40e4-85dd-812bf1cbb83d} - c:\program files\norton safe web lite\engine\1.0.0.60\coIEPlg.dll

TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File

TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Loaris Trojan Remover] "c:\program files\loaris trojan remover\TrojanRemover.exe" 0

uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; FunWebProducts; GTB6; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; WinNT-PAI 13.06.2009; yie8)" -"http://edits.zwinky.com/zwinky-world/GamePlayer/play.jhtml?gameID=11"

mRun: [Glajafecuf] rundll32.exe "c:\windows\ahaseweriqu.dll",Startup

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

IE: &Search

IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}

IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab

DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - hxxps://setup.bellsouth.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_6-1-2.cab

DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1231623287812

DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} - hxxp://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1200000.072\symds.sys [2010-5-28 339504]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1200000.072\symefa.sys [2010-5-28 660528]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.0.0.107\definitions\bashdefs\20100510.001\bhdrvx86.sys [2010-5-28 691248]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1200000.072\ironx86.sys [2010-5-28 134192]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-10-22 54752]

R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.0.0.114\ccsvchst.exe [2010-5-28 126904]

R2 NSL;Norton Safe Web Lite;c:\program files\norton safe web lite\engine\1.0.0.60\ccSvcHst.exe [2010-5-28 126904]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.0.0.107\definitions\ipsdefs\20100518.001\IDSXpx86.sys [2010-5-18 331640]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.0.0.107\definitions\virusdefs\20100604.036\NAVENG.SYS [2010-6-5 85552]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.0.0.107\definitions\virusdefs\20100604.036\NAVEX15.SYS [2010-6-5 1347504]

S0 tqqkogm;tqqkogm;c:\windows\system32\drivers\hnos.sys --> c:\windows\system32\drivers\hnos.sys [?]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\toolbarbroker.exe --> c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [?]

S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys --> c:\windows\system32\drivers\avgfwdx.sys [?]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys --> c:\windows\system32\drivers\avgfwdx.sys [?]

S3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\drivers\cccp106.sys [2009-2-27 227200]

S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2006-7-1 69692]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S4 vxby;vxby;c:\windows\system32\drivers\baygp.sys [2010-5-8 54016]

=============== Created Last 30 ================

2010-06-05 16:35:44 0 ----a-w- c:\documents and settings\owner\defogger_reenable

2010-06-05 15:50:05 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-06-05 15:50:05 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-05-28 05:25:23 0 d-----w- c:\windows\system32\drivers\NST

2010-05-28 05:25:18 0 d-----w- c:\program files\Norton Safe Web Lite

2010-05-28 04:36:19 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-05-28 04:36:19 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-05-28 04:36:19 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-05-28 04:36:19 125488 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-05-28 04:36:17 0 d-----w- c:\program files\Symantec

2010-05-28 04:36:17 0 d-----w- c:\program files\common files\Symantec Shared

2010-05-28 04:29:42 0 d-----w- c:\windows\system32\drivers\NAV

2010-05-28 04:29:32 0 d-----w- c:\program files\Norton AntiVirus

2010-05-28 04:18:33 0 d-----w- c:\program files\NortonInstaller

2010-05-28 04:18:33 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller

2010-05-28 04:07:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton

2010-05-15 15:02:39 0 d-----w- c:\docume~1\owner\applic~1\AVG9

2010-05-13 05:25:09 0 d--h--w- C:\$AVG

2010-05-13 05:09:16 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar

2010-05-13 05:08:40 0 d-----w- c:\program files\AVG

2010-05-13 05:08:38 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9

2010-05-08 16:35:46 54016 ----a-w- c:\windows\system32\drivers\baygp.sys

2010-05-08 15:11:38 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes

2010-05-08 13:11:56 0 d-sh--w- C:\found.000

2010-05-07 20:33:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-07 20:33:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-07 20:33:18 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-07 20:33:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

==================== Find3M ====================

2010-05-04 15:26:53 2532 ----a-w- c:\windows\ufazorije.dll

2010-05-03 20:41:51 2532 ----a-w- c:\windows\iwowulecugo.dll

2010-03-12 17:29:15 2939 ----a-w- c:\windows\ahulibikixe.dll

2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll

2008-12-01 20:00:29 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120120081202\index.dat

2008-12-06 17:03:46 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120620081207\index.dat

============= FINISH: 12:37:42.76 ===============

ark.zip

Link to post
Share on other sites

Hello eshaff! Welcome to MalwareBytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.

Step 1

I also see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.


  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

In your next reply, please include these log(s) in this sequence:

  1. MalwareBytes' Anti-Malware log
  2. a new fresh DDS log only

Link to post
Share on other sites

Sorry about the delay was away for a couple of days

Current Mbam log

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4179

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/8/2010 9:55:14 AM

mbam-log-2010-06-08 (09-55-14).txt

Scan type: Quick scan

Objects scanned: 169241

Time elapsed: 26 minute(s), 30 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS log

DDS (Ver_10-03-17.01) - NTFSx86

Run by Owner at 9:56:14.78 on Tue 06/08/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.114 [GMT -4:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

svchost.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Norton AntiVirus\Engine\18.0.0.114\ccSvcHst.exe

C:\Program Files\Norton Safe Web Lite\Engine\1.0.0.60\ccSvcHst.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Norton AntiVirus\Engine\18.0.0.114\ccSvcHst.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage

uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8

mDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8

mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

mStart Page = hxxp://www.yahoo.com/?fr=fp-yie8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

uURLSearchHooks: CommentsBar - Social Comments Toolbar: {3192b808-ec27-4332-b6c6-97f82692cad5} - c:\program files\commentsbar_-_social_comments\tbCom1.dll

mWinlogon: Userinit=c:\windows\system32\userinit.exe

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~1\arcsoft\videod~1\ARCURL~1.DLL

BHO: CommentsBar - Social Comments Toolbar: {3192b808-ec27-4332-b6c6-97f82692cad5} - c:\program files\commentsbar_-_social_comments\tbCom1.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.0.0.114\IPSBHO.DLL

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Search Assistant: {f0626a63-410b-45e2-99a1-3f2475b2d695} - c:\program files\sgpsa\BHO.dll

BHO: Norton Safe Web Lite BHO: {f0da78e9-6b60-42fb-bc26-ef2cfb8c8ff3} - c:\program files\norton safe web lite\engine\1.0.0.60\coIEPlg.dll

BHO: Fast Browser Search Toolbar Helper: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\fast browser search\ie\FBStoolbar.dll

TB: Fast Browser Search Toolbar: {1bb22d38-a411-4b13-a746-c2a4f4ec7344} - c:\program files\fast browser search\ie\FBStoolbar.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: CommentsBar - Social Comments Toolbar: {3192b808-ec27-4332-b6c6-97f82692cad5} - c:\program files\commentsbar_-_social_comments\tbCom1.dll

TB: Norton Safe Web Lite: {30ceeea2-3742-40e4-85dd-812bf1cbb83d} - c:\program files\norton safe web lite\engine\1.0.0.60\coIEPlg.dll

TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File

TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Loaris Trojan Remover] "c:\program files\loaris trojan remover\TrojanRemover.exe" 0

uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; FunWebProducts; GTB6; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; WinNT-PAI 13.06.2009; yie8)" -"http://edits.zwinky.com/zwinky-world/GamePlayer/play.jhtml?gameID=11"

mRun: [Glajafecuf] rundll32.exe "c:\windows\ahaseweriqu.dll",Startup

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

IE: &Search

IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}

IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab

DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - hxxps://setup.bellsouth.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_6-1-2.cab

DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1231623287812

DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} - hxxp://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1200000.072\symds.sys [2010-5-28 339504]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1200000.072\symefa.sys [2010-5-28 660528]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.0.0.107\definitions\bashdefs\20100510.001\bhdrvx86.sys [2010-5-28 691248]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1200000.072\ironx86.sys [2010-5-28 134192]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-10-22 54752]

R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.0.0.114\ccsvchst.exe [2010-5-28 126904]

R2 NSL;Norton Safe Web Lite;c:\program files\norton safe web lite\engine\1.0.0.60\ccSvcHst.exe [2010-5-28 126904]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-6 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.0.0.107\definitions\ipsdefs\20100518.001\IDSXpx86.sys [2010-5-18 331640]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.0.0.107\definitions\virusdefs\20100606.003\NAVENG.SYS [2010-6-6 85552]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.0.0.107\definitions\virusdefs\20100606.003\NAVEX15.SYS [2010-6-6 1347504]

S0 tqqkogm;tqqkogm;c:\windows\system32\drivers\hnos.sys --> c:\windows\system32\drivers\hnos.sys [?]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\toolbarbroker.exe --> c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [?]

S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys --> c:\windows\system32\drivers\avgfwdx.sys [?]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys --> c:\windows\system32\drivers\avgfwdx.sys [?]

S3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\drivers\cccp106.sys [2009-2-27 227200]

S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2006-7-1 69692]

S3 EraserUtilDrv11010;EraserUtilDrv11010;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv11010.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv11010.sys [?]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S4 vxby;vxby;c:\windows\system32\drivers\baygp.sys [2010-5-8 54016]

=============== Created Last 30 ================

2010-06-05 16:35:44 0 ----a-w- c:\documents and settings\owner\defogger_reenable

2010-06-05 15:50:05 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-06-05 15:50:05 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-05-28 05:25:23 0 d-----w- c:\windows\system32\drivers\NST

2010-05-28 05:25:18 0 d-----w- c:\program files\Norton Safe Web Lite

2010-05-28 04:36:19 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-05-28 04:36:19 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-05-28 04:36:19 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-05-28 04:36:19 125488 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-05-28 04:36:17 0 d-----w- c:\program files\Symantec

2010-05-28 04:36:17 0 d-----w- c:\program files\common files\Symantec Shared

2010-05-28 04:29:42 0 d-----w- c:\windows\system32\drivers\NAV

2010-05-28 04:29:32 0 d-----w- c:\program files\Norton AntiVirus

2010-05-28 04:18:33 0 d-----w- c:\program files\NortonInstaller

2010-05-28 04:18:33 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller

2010-05-28 04:07:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton

2010-05-15 15:02:39 0 d-----w- c:\docume~1\owner\applic~1\AVG9

2010-05-13 05:25:09 0 d--h--w- C:\$AVG

2010-05-13 05:09:16 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar

2010-05-13 05:08:40 0 d-----w- c:\program files\AVG

2010-05-13 05:08:38 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9

==================== Find3M ====================

2010-05-08 16:35:46 54016 ----a-w- c:\windows\system32\drivers\baygp.sys

2010-05-04 15:26:53 2532 ----a-w- c:\windows\ufazorije.dll

2010-05-03 20:41:51 2532 ----a-w- c:\windows\iwowulecugo.dll

2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-12 17:29:15 2939 ----a-w- c:\windows\ahulibikixe.dll

2008-12-01 20:00:29 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120120081202\index.dat

2008-12-06 17:03:46 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120620081207\index.dat

============= FINISH: 9:57:48.00 ===============

Attach2.txt

Link to post
Share on other sites

No problem! :)

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

combo fix log

ComboFix 10-06-07.04 - Owner 06/08/2010 10:42:25.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.246 [GMT -4:00]

Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Administrator\Local Settings\Application Data\{35724FFA-227A-4CAA-ABB6-2221C178D7CF}

c:\documents and settings\Administrator\Local Settings\Application Data\{35724FFA-227A-4CAA-ABB6-2221C178D7CF}\chrome.manifest

c:\documents and settings\Administrator\Local Settings\Application Data\{35724FFA-227A-4CAA-ABB6-2221C178D7CF}\chrome\content\_cfg.js

c:\documents and settings\Administrator\Local Settings\Application Data\{35724FFA-227A-4CAA-ABB6-2221C178D7CF}\chrome\content\overlay.xul

c:\documents and settings\Administrator\Local Settings\Application Data\{35724FFA-227A-4CAA-ABB6-2221C178D7CF}\install.rdf

c:\documents and settings\Owner\Application Data\alot

c:\documents and settings\Owner\Application Data\alot\BrowserSearch\BrowserSearch.xml

c:\documents and settings\Owner\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup

c:\documents and settings\Owner\Application Data\alot\Button_0\Button_0.xml

c:\documents and settings\Owner\Application Data\alot\Button_0\Button_0.xml.backup

c:\documents and settings\Owner\Application Data\alot\Button_1\Button_1.xml

c:\documents and settings\Owner\Application Data\alot\Button_1\Button_1.xml.backup

c:\documents and settings\Owner\Application Data\alot\Button_2\Button_2.xml

c:\documents and settings\Owner\Application Data\alot\Button_2\Button_2.xml.backup

c:\documents and settings\Owner\Application Data\alot\Button_3\Button_3.xml

c:\documents and settings\Owner\Application Data\alot\Button_3\Button_3.xml.backup

c:\documents and settings\Owner\Application Data\alot\Button_4\Button_4.xml

c:\documents and settings\Owner\Application Data\alot\Button_4\Button_4.xml.backup

c:\documents and settings\Owner\Application Data\alot\Button_5\Button_5.xml

c:\documents and settings\Owner\Application Data\alot\Button_5\Button_5.xml.backup

c:\documents and settings\Owner\Application Data\alot\Button_6\Button_6.xml

c:\documents and settings\Owner\Application Data\alot\Button_6\Button_6.xml.backup

c:\documents and settings\Owner\Application Data\alot\Button_7\Button_7.xml

c:\documents and settings\Owner\Application Data\alot\Button_7\Button_7.xml.backup

c:\documents and settings\Owner\Application Data\alot\Button_8\Button_8.xml

c:\documents and settings\Owner\Application Data\alot\Button_8\Button_8.xml.backup

c:\documents and settings\Owner\Application Data\alot\Button_9\Button_9.xml

c:\documents and settings\Owner\Application Data\alot\Button_9\Button_9.xml.backup

c:\documents and settings\Owner\Application Data\alot\configurator\configurator.xml

c:\documents and settings\Owner\Application Data\alot\configurator\configurator.xml.backup

c:\documents and settings\Owner\Application Data\alot\contextMenu\contextMenu.xml

c:\documents and settings\Owner\Application Data\alot\contextMenu\contextMenu.xml.backup

c:\documents and settings\Owner\Application Data\alot\ErrorSearch\ErrorSearch.xml

c:\documents and settings\Owner\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup

c:\documents and settings\Owner\Application Data\alot\postInstallLayout\postInstallLayout.xml

c:\documents and settings\Owner\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup

c:\documents and settings\Owner\Application Data\alot\products\products.xml

c:\documents and settings\Owner\Application Data\alot\products\products.xml.backup

c:\documents and settings\Owner\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html

c:\documents and settings\Owner\Application Data\alot\Resources\BrowserSearch\images\favicon.ico

c:\documents and settings\Owner\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\Button_0\images\alot_logo_button.png

c:\documents and settings\Owner\Application Data\alot\Resources\Button_1\images\alot_image_search.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\Button_1\images\alot_image_search.png

c:\documents and settings\Owner\Application Data\alot\Resources\Button_1\images\alot_news_search.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\Button_1\images\alot_news_search.png

c:\documents and settings\Owner\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\Button_1\images\alot_search_button.png

c:\documents and settings\Owner\Application Data\alot\Resources\Button_1\images\alot_shop_search.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\Button_1\images\alot_shop_search.png

c:\documents and settings\Owner\Application Data\alot\Resources\Button_1\images\alot_videos_search.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\Button_1\images\alot_videos_search.png

c:\documents and settings\Owner\Application Data\alot\Resources\Button_1\images\alot_web_search.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\Button_1\images\alot_web_search.png

c:\documents and settings\Owner\Application Data\alot\Resources\Button_2\images\alot_configure.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\Button_2\images\alot_configure.png

c:\documents and settings\Owner\Application Data\alot\Resources\Button_3\images\default_1008_alot_map_widget_default.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\Button_3\images\default_1008_alot_map_widget_default.png

c:\documents and settings\Owner\Application Data\alot\Resources\Button_4\images\1011_icon.png

c:\documents and settings\Owner\Application Data\alot\Resources\Button_5\images\default_1870_mrkt_traffic.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\Button_5\images\default_1870_mrkt_traffic.png

c:\documents and settings\Owner\Application Data\alot\Resources\Button_6\images\cloudy.png

c:\documents and settings\Owner\Application Data\alot\Resources\Button_6\images\default_1007_alot_weather_widget.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\Button_6\images\default_1007_alot_weather_widget.png

c:\documents and settings\Owner\Application Data\alot\Resources\Button_7\images\default_2254_email.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\Button_7\images\default_2254_email.png

c:\documents and settings\Owner\Application Data\alot\Resources\Button_7\images\icon_checking.JPG

c:\documents and settings\Owner\Application Data\alot\Resources\Button_7\images\icon_configure.JPG

c:\documents and settings\Owner\Application Data\alot\Resources\Button_7\images\icon_email.JPG

c:\documents and settings\Owner\Application Data\alot\Resources\Button_8\images\2775_icon.png

c:\documents and settings\Owner\Application Data\alot\Resources\Button_9\images\2823_icon.png

c:\documents and settings\Owner\Application Data\alot\Resources\contextMenu\images\alot_icon.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\contextMenu\images\alot_icon.png

c:\documents and settings\Owner\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png

c:\documents and settings\Owner\Application Data\alot\Resources\Shared\domains.dat

c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\alot_brand.png

c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\alot_splitter.png

c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\discover.png

c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\intro_popup.png

c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\spinner.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_bottom.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_btnconfig0.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_btnconfig1.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_btnrefresh0.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_btnrefresh1.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_caption.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_error_close.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp

c:\documents and settings\Owner\Application Data\alot\SiteMetrics\SiteMetrics.xml

c:\documents and settings\Owner\Application Data\alot\SiteMetrics\SiteMetrics.xml.backup

c:\documents and settings\Owner\Application Data\alot\TimerManager\TimerManager.xml

c:\documents and settings\Owner\Application Data\alot\TimerManager\TimerManager.xml.backup

c:\documents and settings\Owner\Application Data\alot\toolbar.xml

c:\documents and settings\Owner\Application Data\alot\toolbar.xml.backup

c:\documents and settings\Owner\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml

c:\documents and settings\Owner\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml.backup

c:\documents and settings\Owner\Application Data\alot\ToolbarSearch\ToolbarSearch.xml

c:\documents and settings\Owner\Application Data\alot\Updater\Updater.xml

c:\documents and settings\Owner\Application Data\alot\Updater\Updater.xml.backup

c:\program files\alot

c:\program files\alot\alotUninst.exe

c:\program files\alot\bin\alot.dll

c:\program files\alot\bin\BHO\alotBHO.dll

c:\program files\Common Files\Uninstall

c:\program files\Common Files\Uninstall\PAV\Uninstall.lnk

c:\program files\Fast Browser Search

c:\program files\Fast Browser Search\IE\1.bat

c:\program files\Fast Browser Search\IE\about.html

c:\program files\Fast Browser Search\IE\affid.dat

c:\program files\Fast Browser Search\IE\basis.xml

c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe

c:\program files\Fast Browser Search\IE\error.html

c:\program files\Fast Browser Search\IE\FBSPlugin.dll

c:\program files\Fast Browser Search\IE\fbsProtection.xml

c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml

c:\program files\Fast Browser Search\IE\FbsSearchProviderIE8.exe

c:\program files\Fast Browser Search\IE\FBStoolbar.dll

c:\program files\Fast Browser Search\IE\fbstoolbar.jar

c:\program files\Fast Browser Search\IE\fbstoolbar.manifest

c:\program files\Fast Browser Search\IE\icons.bmp

c:\program files\Fast Browser Search\IE\info.txt

c:\program files\Fast Browser Search\IE\local.xml

c:\program files\Fast Browser Search\IE\logobg.bmp

c:\program files\Fast Browser Search\IE\MTWBtoolbar.html

c:\program files\Fast Browser Search\IE\search.bmp

c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe

c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico

c:\program files\Fast Browser Search\IE\SGPU.ico

c:\program files\Fast Browser Search\IE\sgpUpdater.exe

c:\program files\Fast Browser Search\IE\sgpUpdater.xml

c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe

c:\program files\Fast Browser Search\IE\tbhelper.dll

c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js

c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js

c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js

c:\program files\Fast Browser Search\IE\Toolbar Help.htm

c:\program files\Fast Browser Search\IE\uninstall.exe

c:\program files\Fast Browser Search\IE\uninstalSGP.exe

c:\program files\Fast Browser Search\IE\uninstalSGPU.exe

c:\program files\Fast Browser Search\IE\update.exe

c:\program files\Fast Browser Search\IE\version.txt

c:\program files\Internet Explorer\SET10.tmp

c:\program files\Internet Explorer\SET25.tmp

c:\program files\Internet Explorer\SET26.tmp

c:\program files\Internet Explorer\SETF.tmp

c:\program files\SGPSA

c:\windows\ahulibikixe.dll

c:\windows\apazatecuxiseta.dll

c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf

c:\windows\eyesalutejef.dll

c:\windows\iwowulecugo.dll

c:\windows\ofoloruzi.dll

c:\windows\system32\drivers\baygp.sys

c:\windows\system32\drivers\ndisrd.sys

c:\windows\system32\ndisapi.dll

c:\windows\system32\UACisggusppxxquolj.log

c:\windows\ufazorije.dll

D:\Autorun.inf

Infected copy of c:\windows\system32\DRIVERS\compbatt.sys was found and disinfected

Restored copy from - Kitty had a snack :)

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NDISRD

-------\Service_NDISRD

-------\Legacy_vxby

-------\Service_vxby

((((((((((((((((((((((((( Files Created from 2010-05-08 to 2010-06-08 )))))))))))))))))))))))))))))))

.

2010-06-08 14:39 . 2008-04-13 18:36 10240 -c--a-w- c:\windows\system32\dllcache\compbatt.sys

2010-06-08 14:39 . 2008-04-13 18:36 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys

2010-06-08 11:33 . 2010-06-08 11:33 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities

2010-06-05 15:55 . 2010-06-05 15:55 -------- d-----w- c:\program files\Common Files\Java

2010-06-05 15:51 . 2010-06-05 15:51 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7d2247f2-n\msvcp71.dll

2010-06-05 15:51 . 2010-06-05 15:51 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7d2247f2-n\jmc.dll

2010-06-05 15:51 . 2010-06-05 15:51 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-359bf03b-n\decora-sse.dll

2010-06-05 15:51 . 2010-06-05 15:51 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7d2247f2-n\msvcr71.dll

2010-06-05 15:51 . 2010-06-05 15:51 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-359bf03b-n\decora-d3d.dll

2010-06-05 15:50 . 2010-06-05 15:49 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-05-22 05:33 . 2010-05-22 16:39 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\yqiymafkk

2010-05-15 15:02 . 2010-05-15 15:02 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG9

2010-05-13 05:25 . 2010-05-13 05:25 -------- d-----w- C:\$AVG

2010-05-13 05:09 . 2010-06-05 16:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar

2010-05-13 05:08 . 2010-05-13 05:08 -------- d-----w- c:\program files\AVG

2010-05-13 05:08 . 2010-06-05 16:05 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-05 15:24 . 2009-01-07 00:11 -------- d-----w- c:\program files\Yahoo!

2010-06-05 15:22 . 2008-12-22 02:09 -------- d-----w- c:\program files\Google

2010-06-05 15:20 . 2009-06-19 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL

2010-06-05 15:20 . 2009-06-20 14:17 -------- d-----w- c:\program files\AOL Toolbar

2010-06-05 13:20 . 2010-05-07 20:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-01 22:07 . 2010-01-23 21:57 -------- d-----w- c:\program files\CommentsBar_-_Social_Comments

2010-05-29 00:29 . 2010-05-28 04:36 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-05-28 05:49 . 2010-05-28 04:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2010-05-28 05:25 . 2010-05-28 05:25 -------- d-----w- c:\program files\Norton Safe Web Lite

2010-05-28 05:21 . 2010-05-28 04:18 -------- d-----w- c:\program files\NortonInstaller

2010-05-28 04:36 . 2010-05-28 04:36 -------- d-----w- c:\program files\Symantec

2010-05-28 04:36 . 2010-05-28 04:36 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-05-28 04:36 . 2010-05-28 04:36 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-05-28 04:36 . 2010-05-28 04:36 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-05-28 04:36 . 2010-05-28 04:36 125488 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-05-28 04:29 . 2010-05-28 04:29 -------- d-----w- c:\program files\Norton AntiVirus

2010-05-28 04:29 . 2010-05-28 04:29 -------- d-----w- c:\program files\Windows Sidebar

2010-05-28 04:19 . 2010-05-28 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

2010-05-13 05:39 . 2010-05-01 15:14 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-05-13 05:39 . 2010-05-01 15:14 38784 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-05-13 05:23 . 2010-02-27 17:06 0 ----a-w- c:\windows\Snijewejog.bin

2010-05-13 03:26 . 2010-02-27 17:06 120 ----a-w- c:\windows\Yziteq.dat

2010-05-08 18:11 . 2009-01-07 00:16 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!

2010-05-08 15:11 . 2010-05-08 15:11 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2010-05-07 20:33 . 2010-05-07 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-05-07 16:58 . 2010-05-28 05:49 811888 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.0.0.60\coFFNST\components\coFFNST.dll

2010-04-29 19:39 . 2010-05-07 20:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 19:39 . 2010-05-07 20:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-22 20:41 . 2010-04-22 20:41 -------- d-----w- c:\program files\ATT-RC

2010-04-21 16:20 . 2008-12-06 18:33 -------- d-----w- c:\program files\Common Files\Motive

2010-04-19 22:14 . 2010-04-19 22:14 -------- d-----w- c:\program files\ATT-PRT22-WISE

2010-04-19 22:14 . 2008-12-19 18:04 -------- d-----w- c:\program files\ATT

2010-04-19 14:25 . 2010-04-19 14:25 2117704 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\Update\igtA.tmp.dir\IEToolbar.dll

2010-04-17 16:51 . 2010-04-22 18:58 203498 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat

2010-04-17 14:43 . 2009-02-27 21:24 -------- d-----w- c:\program files\Common Files\Adobe

2010-04-17 14:43 . 2008-12-04 21:44 -------- d-----w- c:\program files\Windows Live

2010-04-16 14:27 . 2009-06-06 23:35 -------- d-----w- c:\documents and settings\Owner\Application Data\mjusbsp

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{3192b808-ec27-4332-b6c6-97f82692cad5}"= "c:\program files\CommentsBar_-_Social_Comments\tbCom1.dll" [2010-06-01 2515552]

[HKEY_CLASSES_ROOT\clsid\{3192b808-ec27-4332-b6c6-97f82692cad5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3192b808-ec27-4332-b6c6-97f82692cad5}]

2010-06-01 22:08 2515552 ----a-w- c:\program files\CommentsBar_-_Social_Comments\tbCom1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3192b808-ec27-4332-b6c6-97f82692cad5}"= "c:\program files\CommentsBar_-_Social_Comments\tbCom1.dll" [2010-06-01 2515552]

[HKEY_CLASSES_ROOT\clsid\{3192b808-ec27-4332-b6c6-97f82692cad5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3192B808-EC27-4332-B6C6-97F82692CAD5}"= "c:\program files\CommentsBar_-_Social_Comments\tbCom1.dll" [2010-06-01 2515552]

[HKEY_CLASSES_ROOT\clsid\{3192b808-ec27-4332-b6c6-97f82692cad5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Device Monitor.lnk

backup=c:\windows\pss\Device Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^ZooskMessenger.lnk]

path=c:\documents and settings\Owner\Start Menu\Programs\Startup\ZooskMessenger.lnk

backup=c:\windows\pss\ZooskMessenger.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-03 23:43 69632 ----a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]

2010-03-18 15:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]

2010-02-26 23:43 50520 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

2008-06-24 18:34 41824 ----a-w- c:\program files\Common Files\AOL\1245428920\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2006-10-06 04:13 114688 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2006-10-06 04:11 98304 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-07-13 18:03 292128 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

2009-11-10 20:39 5244216 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 20:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2006-10-06 04:10 94208 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-05-26 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2005-09-22 18:36 14854144 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=

"c:\\Program Files\\Common Files\\AOL\\1245428920\\ee\\aolsoftware.exe"=

"c:\\Program Files\\AOL 9.1\\waol.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1200000.072\symds.sys [5/28/2010 12:34 AM 339504]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1200000.072\symefa.sys [5/28/2010 12:34 AM 660528]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.0.0.107\Definitions\BASHDefs\20100510.001\bhdrvx86.sys [5/28/2010 12:33 AM 691248]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1200000.072\ironx86.sys [5/28/2010 12:34 AM 134192]

R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.0.0.114\ccsvchst.exe [5/28/2010 12:34 AM 126904]

R2 NSL;Norton Safe Web Lite;c:\program files\Norton Safe Web Lite\Engine\1.0.0.60\ccSvcHst.exe [5/28/2010 1:26 AM 126904]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/6/2010 11:42 AM 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.0.0.107\Definitions\IPSDefs\20100518.001\IDSXpx86.sys [5/18/2010 3:24 PM 331640]

S0 tqqkogm;tqqkogm;c:\windows\system32\drivers\hnos.sys --> c:\windows\system32\drivers\hnos.sys [?]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [?]

S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]

S3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\drivers\cccp106.sys [2/27/2009 5:21 PM 227200]

S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [7/1/2006 12:44 AM 69692]

S3 EraserUtilDrv11010;EraserUtilDrv11010;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

2010-06-05 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-06-07 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-22 22:39]

2010-06-08 c:\windows\Tasks\PCConfidential.job

- c:\program files\Winferno\PC Confidential\PCConfidential.exe [2009-01-07 19:10]

2010-06-07 c:\windows\Tasks\User_Feed_Synchronization-{49243340-DDD1-4B67-BF60-7A87EAC17BAB}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage

mStart Page = hxxp://www.yahoo.com/?fr=fp-yie8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -

.

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

HKCU-Run-Loaris Trojan Remover - c:\program files\Loaris Trojan Remover\TrojanRemover.exe

HKLM-Run-Glajafecuf - c:\windows\ahaseweriqu.dll

Notify-avgrsstarter - avgrsstx.dll

MSConfigStartUp-57126829 - c:\docume~1\ALLUSE~1\APPLIC~1\57126829\57126829.exe

MSConfigStartUp-Glajafecuf - c:\windows\ahaseweriqu.dll

MSConfigStartUp-hecqwddi - c:\documents and settings\Owner\Local Settings\Application Data\jwnrulvqo\yonnuaitssd.exe

MSConfigStartUp-Malwarebytes Anti-Malware (rootkit-scan) - c:\program files\Malwarebytes' Anti-Malware\explorer.exe

AddRemove-AOL Emergency Connect Utility 1.0 - c:\program files\Common Files\AOL\ECU\uninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-08 10:59

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]

"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.0.0.114\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.0.0.114\diMaster.dll\" /prefetch:1"

--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NSL]

"ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\1.0.0.60\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files\Norton Safe Web Lite\Engine\1.0.0.60\diMaster.dll\" /prefetch:1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2976)

c:\windows\system32\WININET.dll

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\en-us\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\Common Files\AOL\ACS\AOLAcsd.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\windows\system32\SearchIndexer.exe

.

**************************************************************************

.

Completion time: 2010-06-08 11:04:33 - machine was rebooted

ComboFix-quarantined-files.txt 2010-06-08 15:04

Pre-Run: 57,479,692,288 bytes free

Post-Run: 60,850,499,584 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - EF351875B1E1CE9235883A149F501B48

Link to post
Share on other sites

Deleted the folders, but there were more randomly named folders in the \local settings\app data directory. these are empty folders. I could get to the microsoft update site but I did not install any updates(only 1 prioroity). I opened a new tab to go to microsft and http://tab.fastbrowsersearch.com/?v=18&amp...000000000000%7d was the page it took me to. I don't know if is right or not also the url drop down still doesn't show any previous sites, delete browsing history is not checked

Link to post
Share on other sites

Please read the following through carefully so that you understand what to do.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • It may ask you to reboot the computer to complete the process. Allow it to do so.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Link to post
Share on other sites

12:10:35:343 1632 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48

12:10:35:343 1632 ================================================================================

12:10:35:343 1632 SystemInfo:

12:10:35:343 1632 OS Version: 5.1.2600 ServicePack: 3.0

12:10:35:343 1632 Product type: Workstation

12:10:35:343 1632 ComputerName: YOUR-F1DD26B638

12:10:35:343 1632 UserName: Owner

12:10:35:343 1632 Windows directory: C:\WINDOWS

12:10:35:343 1632 Processor architecture: Intel x86

12:10:35:343 1632 Number of processors: 1

12:10:35:343 1632 Page size: 0x1000

12:10:35:343 1632 Boot type: Normal boot

12:10:35:343 1632 ================================================================================

12:10:35:781 1632 Initialize success

12:10:35:781 1632

12:10:35:781 1632 Scanning Services ...

12:10:36:140 1632 Raw services enum returned 367 services

12:10:36:140 1632

12:10:36:140 1632 Scanning Drivers ...

12:10:36:906 1632 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

12:10:36:937 1632 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

12:10:36:953 1632 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

12:10:36:968 1632 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

12:10:37:000 1632 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

12:10:37:046 1632 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

12:10:37:093 1632 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

12:10:37:125 1632 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

12:10:37:125 1632 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

12:10:37:140 1632 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

12:10:37:140 1632 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

12:10:37:156 1632 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

12:10:37:171 1632 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

12:10:37:171 1632 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

12:10:37:187 1632 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

12:10:37:203 1632 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

12:10:37:218 1632 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

12:10:37:218 1632 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

12:10:37:250 1632 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

12:10:37:265 1632 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

12:10:37:296 1632 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

12:10:37:328 1632 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

12:10:37:359 1632 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

12:10:37:390 1632 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

12:10:37:562 1632 BHDrvx86 (05b8cd9981d56e96d5d1fc1cba86cf7a) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.0.0.107\Definitions\BASHDefs\20100510.001\BHDrvx86.sys

12:10:37:593 1632 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

12:10:37:593 1632 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

12:10:37:640 1632 CCCP106 (77696f95fd093735eff58e0461af5ec5) C:\WINDOWS\system32\DRIVERS\cccp106.sys

12:10:37:656 1632 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

12:10:37:687 1632 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

12:10:37:703 1632 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

12:10:37:718 1632 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

12:10:37:718 1632 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

12:10:37:750 1632 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

12:10:37:765 1632 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

12:10:37:781 1632 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

12:10:37:796 1632 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

12:10:37:812 1632 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

12:10:37:890 1632 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

12:10:37:953 1632 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

12:10:38:000 1632 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

12:10:38:031 1632 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

12:10:38:046 1632 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

12:10:38:093 1632 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

12:10:38:109 1632 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

12:10:38:156 1632 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

12:10:38:265 1632 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

12:10:38:312 1632 el575nd5 (23f6b9cf432f492ebbd8105d78cb008c) C:\WINDOWS\system32\DRIVERS\el575nd5.sys

12:10:38:343 1632 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

12:10:38:359 1632 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

12:10:38:390 1632 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

12:10:38:406 1632 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

12:10:38:406 1632 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

12:10:38:437 1632 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

12:10:38:468 1632 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys

12:10:38:500 1632 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

12:10:38:546 1632 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

12:10:38:609 1632 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

12:10:38:656 1632 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

12:10:38:703 1632 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

12:10:38:734 1632 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

12:10:38:750 1632 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

12:10:38:796 1632 HSFHWBS2 (f3e718604c5a8a28003280d861d96c19) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

12:10:38:859 1632 HSF_DPV (4290713b7c3289ef87ee5ca474b21221) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

12:10:38:937 1632 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

12:10:38:953 1632 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

12:10:38:968 1632 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

12:10:39:000 1632 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

12:10:39:078 1632 ialm (6fcb904910da07c9dc2593d66438fa29) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

12:10:39:296 1632 IDSxpx86 (1ca8e9bd3cb6d16e54d08240dd3a4f66) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.0.0.107\Definitions\IPSDefs\20100518.001\IDSxpx86.sys

12:10:39:375 1632 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

12:10:39:406 1632 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

12:10:39:578 1632 IntcAzAudAddService (a30685283f90ae02f1cd50972c6065e3) C:\WINDOWS\system32\drivers\RtkHDAud.sys

12:10:39:750 1632 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

12:10:39:781 1632 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

12:10:39:796 1632 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

12:10:39:843 1632 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

12:10:39:875 1632 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

12:10:39:906 1632 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

12:10:39:921 1632 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

12:10:39:953 1632 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

12:10:39:953 1632 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

12:10:39:968 1632 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

12:10:39:984 1632 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys

12:10:40:031 1632 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

12:10:40:031 1632 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

12:10:40:078 1632 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

12:10:40:093 1632 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

12:10:40:109 1632 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

12:10:40:125 1632 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

12:10:40:156 1632 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

12:10:40:171 1632 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

12:10:40:265 1632 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

12:10:40:296 1632 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS

12:10:40:296 1632 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS

12:10:40:312 1632 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

12:10:40:328 1632 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

12:10:40:375 1632 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

12:10:40:453 1632 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

12:10:40:484 1632 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

12:10:40:531 1632 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

12:10:40:546 1632 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

12:10:40:578 1632 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

12:10:40:609 1632 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

12:10:40:625 1632 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

12:10:40:656 1632 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

12:10:40:796 1632 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.0.0.107\Definitions\VirusDefs\20100606.003\NAVENG.SYS

12:10:40:859 1632 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.0.0.107\Definitions\VirusDefs\20100606.003\NAVEX15.SYS

12:10:40:937 1632 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

12:10:40:968 1632 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

12:10:40:984 1632 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

12:10:41:000 1632 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

12:10:41:015 1632 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

12:10:41:046 1632 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

12:10:41:062 1632 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

12:10:41:093 1632 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

12:10:41:109 1632 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

12:10:41:125 1632 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

12:10:41:156 1632 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

12:10:41:203 1632 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

12:10:41:281 1632 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

12:10:41:296 1632 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

12:10:41:312 1632 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

12:10:41:343 1632 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

12:10:41:359 1632 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

12:10:41:390 1632 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

12:10:41:390 1632 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

12:10:41:421 1632 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

12:10:41:453 1632 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

12:10:41:484 1632 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

12:10:41:484 1632 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

12:10:41:500 1632 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

12:10:41:515 1632 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

12:10:41:515 1632 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

12:10:41:546 1632 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys

12:10:41:546 1632 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

12:10:41:562 1632 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

12:10:41:562 1632 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

12:10:41:578 1632 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

12:10:41:578 1632 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

12:10:41:593 1632 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

12:10:41:625 1632 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

12:10:41:625 1632 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

12:10:41:640 1632 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

12:10:41:656 1632 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

12:10:41:671 1632 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

12:10:41:687 1632 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

12:10:41:703 1632 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

12:10:41:750 1632 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

12:10:41:781 1632 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

12:10:41:828 1632 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

12:10:41:843 1632 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

12:10:41:859 1632 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

12:10:41:859 1632 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

12:10:41:875 1632 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

12:10:41:906 1632 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

12:10:41:921 1632 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

12:10:41:937 1632 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

12:10:41:968 1632 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

12:10:41:968 1632 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

12:10:42:031 1632 SRTSP (a9f14d2e06d067eaceb5b8b0aa0bf4ab) C:\WINDOWS\system32\drivers\NAV\1200000.072\SRTSP.SYS

12:10:42:125 1632 SRTSPX (3c39071a87486948f7cc1cc60b36d0a0) C:\WINDOWS\system32\drivers\NAV\1200000.072\SRTSPX.SYS

12:10:42:187 1632 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

12:10:42:203 1632 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

12:10:42:218 1632 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

12:10:42:250 1632 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

12:10:42:265 1632 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

12:10:42:265 1632 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

12:10:42:312 1632 SymDS (e3d4c7c8143b85baaa438e7c9f2e10a4) C:\WINDOWS\system32\drivers\NAV\1200000.072\SYMDS.SYS

12:10:42:359 1632 SymEFA (d2496f5a624178f43323d44a228db7d5) C:\WINDOWS\system32\drivers\NAV\1200000.072\SYMEFA.SYS

12:10:42:390 1632 SymEvent (80bda3539925b356a26b5249d425ce46) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

12:10:42:406 1632 SymIRON (ada2ed1593afaf35df9e5545baeb2d14) C:\WINDOWS\system32\drivers\NAV\1200000.072\Ironx86.SYS

12:10:42:453 1632 SYMTDI (1a4e151e509bc5e2380a6d71bec163c4) C:\WINDOWS\system32\drivers\NAV\1200000.072\SYMTDI.SYS

12:10:42:468 1632 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

12:10:42:468 1632 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

12:10:42:484 1632 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

12:10:42:562 1632 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

12:10:42:593 1632 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

12:10:42:625 1632 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

12:10:42:640 1632 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

12:10:42:671 1632 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

12:10:42:703 1632 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

12:10:42:703 1632 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

12:10:42:750 1632 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

12:10:42:859 1632 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

12:10:42:890 1632 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

12:10:42:906 1632 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

12:10:42:937 1632 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

12:10:42:953 1632 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

12:10:42:968 1632 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

12:10:42:984 1632 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

12:10:43:015 1632 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

12:10:43:015 1632 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

12:10:43:031 1632 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

12:10:43:031 1632 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

12:10:43:046 1632 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

12:10:43:093 1632 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

12:10:43:125 1632 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

12:10:43:187 1632 winachsf (cb2dc26de2c815fc2309566f92d22ed4) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

12:10:43:234 1632 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

12:10:43:234 1632

12:10:43:234 1632 Completed

12:10:43:234 1632

12:10:43:234 1632 Results:

12:10:43:234 1632 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

12:10:43:234 1632 File objects infected / cured / cured on reboot: 0 / 0 / 0

12:10:43:234 1632

12:10:43:328 1632 KLMD(ARK) unloaded successfully

Link to post
Share on other sites

DDS

DDS (Ver_10-03-17.01) - NTFSx86

Run by Owner at 12:31:08.25 on Tue 06/08/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.123 [GMT -4:00]

AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Norton AntiVirus\Engine\18.0.0.114\ccSvcHst.exe

C:\Program Files\Norton Safe Web Lite\Engine\1.0.0.60\ccSvcHst.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Norton AntiVirus\Engine\18.0.0.114\ccSvcHst.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage

mStart Page = hxxp://www.yahoo.com/?fr=fp-yie8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

uURLSearchHooks: CommentsBar - Social Comments Toolbar: {3192b808-ec27-4332-b6c6-97f82692cad5} - c:\program files\commentsbar_-_social_comments\tbCom1.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~1\arcsoft\videod~1\ARCURL~1.DLL

BHO: CommentsBar - Social Comments Toolbar: {3192b808-ec27-4332-b6c6-97f82692cad5} - c:\program files\commentsbar_-_social_comments\tbCom1.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.0.0.114\IPSBHO.DLL

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Norton Safe Web Lite BHO: {f0da78e9-6b60-42fb-bc26-ef2cfb8c8ff3} - c:\program files\norton safe web lite\engine\1.0.0.60\coIEPlg.dll

BHO: Fast Browser Search Toolbar Helper: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\fast browser search\ie\FBStoolbar.dll

TB: Fast Browser Search Toolbar: {1bb22d38-a411-4b13-a746-c2a4f4ec7344} - c:\program files\fast browser search\ie\FBStoolbar.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: CommentsBar - Social Comments Toolbar: {3192b808-ec27-4332-b6c6-97f82692cad5} - c:\program files\commentsbar_-_social_comments\tbCom1.dll

TB: Norton Safe Web Lite: {30ceeea2-3742-40e4-85dd-812bf1cbb83d} - c:\program files\norton safe web lite\engine\1.0.0.60\coIEPlg.dll

TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File

TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; FunWebProducts; GTB6; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; WinNT-PAI 13.06.2009; yie8)" -"http://edits.zwinky.com/zwinky-world/GamePlayer/play.jhtml?gameID=11"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}

IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab

DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - hxxps://setup.bellsouth.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_6-1-2.cab

DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1231623287812

DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} - hxxp://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1200000.072\symds.sys [2010-5-28 339504]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1200000.072\symefa.sys [2010-5-28 660528]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.0.0.107\definitions\bashdefs\20100510.001\bhdrvx86.sys [2010-5-28 691248]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1200000.072\ironx86.sys [2010-5-28 134192]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-10-22 54752]

R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.0.0.114\ccsvchst.exe [2010-5-28 126904]

R2 NSL;Norton Safe Web Lite;c:\program files\norton safe web lite\engine\1.0.0.60\ccSvcHst.exe [2010-5-28 126904]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-6 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.0.0.107\definitions\ipsdefs\20100518.001\IDSXpx86.sys [2010-5-18 331640]

S0 tqqkogm;tqqkogm;c:\windows\system32\drivers\hnos.sys --> c:\windows\system32\drivers\hnos.sys [?]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\toolbarbroker.exe --> c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [?]

S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys --> c:\windows\system32\drivers\avgfwdx.sys [?]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys --> c:\windows\system32\drivers\avgfwdx.sys [?]

S3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\drivers\cccp106.sys [2009-2-27 227200]

S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2006-7-1 69692]

S3 EraserUtilDrv11010;EraserUtilDrv11010;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv11010.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv11010.sys [?]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.0.0.107\definitions\virusdefs\20100606.003\NAVENG.SYS [2010-6-6 85552]

S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.0.0.107\definitions\virusdefs\20100606.003\NAVEX15.SYS [2010-6-6 1347504]

=============== Created Last 30 ================

2010-06-08 14:39:22 10240 -c--a-w- c:\windows\system32\dllcache\compbatt.sys

2010-06-08 14:39:22 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys

2010-06-08 14:37:21 0 d-sha-r- C:\cmdcons

2010-06-08 14:33:39 77312 ----a-w- c:\windows\MBR.exe

2010-06-08 14:33:38 98816 ----a-w- c:\windows\sed.exe

2010-06-08 14:33:38 256512 ----a-w- c:\windows\PEV.exe

2010-06-08 14:33:38 161792 ----a-w- c:\windows\SWREG.exe

2010-06-05 16:35:44 0 ----a-w- c:\documents and settings\owner\defogger_reenable

2010-06-05 15:50:05 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-06-05 15:50:05 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-05-28 05:25:23 0 d-----w- c:\windows\system32\drivers\NST

2010-05-28 05:25:18 0 d-----w- c:\program files\Norton Safe Web Lite

2010-05-28 04:36:19 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-05-28 04:36:19 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-05-28 04:36:19 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-05-28 04:36:19 125488 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-05-28 04:36:17 0 d-----w- c:\program files\Symantec

2010-05-28 04:36:17 0 d-----w- c:\program files\common files\Symantec Shared

2010-05-28 04:29:42 0 d-----w- c:\windows\system32\drivers\NAV

2010-05-28 04:29:32 0 d-----w- c:\program files\Norton AntiVirus

2010-05-28 04:18:33 0 d-----w- c:\program files\NortonInstaller

2010-05-28 04:18:33 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller

2010-05-28 04:07:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton

2010-05-15 15:02:39 0 d-----w- c:\docume~1\owner\applic~1\AVG9

2010-05-13 05:25:09 0 d-----w- C:\$AVG

2010-05-13 05:09:16 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar

2010-05-13 05:08:40 0 d-----w- c:\program files\AVG

2010-05-13 05:08:38 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9

==================== Find3M ====================

2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2008-12-01 20:00:29 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120120081202\index.dat

2008-12-06 17:03:46 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120620081207\index.dat

============= FINISH: 12:31:33.29 ===============

Attach.txt

Link to post
Share on other sites

Open Notepad and copy and paste the text in the code box below into it:

KillAll::

Folder::
c:\program files\fast browser search

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites

new combofix log

ComboFix 10-06-07.04 - Owner 06/08/2010 13:33:16.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.225 [GMT -4:00]

Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe

Command switches used :: c:\documents and settings\Owner\Desktop\cfscript.txt

AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Owner\Local Settings\Application Data\{24A24D1C-E30E-485F-A1DB-91967CC7CEEA}

c:\documents and settings\Owner\Local Settings\Application Data\{24A24D1C-E30E-485F-A1DB-91967CC7CEEA}\chrome.manifest

c:\documents and settings\Owner\Local Settings\Application Data\{24A24D1C-E30E-485F-A1DB-91967CC7CEEA}\chrome\content\_cfg.js

c:\documents and settings\Owner\Local Settings\Application Data\{24A24D1C-E30E-485F-A1DB-91967CC7CEEA}\chrome\content\overlay.xul

c:\documents and settings\Owner\Local Settings\Application Data\{24A24D1C-E30E-485F-A1DB-91967CC7CEEA}\install.rdf

.

((((((((((((((((((((((((( Files Created from 2010-05-08 to 2010-06-08 )))))))))))))))))))))))))))))))

.

2010-06-08 14:39 . 2008-04-13 18:36 10240 -c--a-w- c:\windows\system32\dllcache\compbatt.sys

2010-06-08 14:39 . 2008-04-13 18:36 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys

2010-06-08 11:33 . 2010-06-08 11:33 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities

2010-06-05 15:55 . 2010-06-05 15:55 -------- d-----w- c:\program files\Common Files\Java

2010-06-05 15:51 . 2010-06-05 15:51 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7d2247f2-n\msvcp71.dll

2010-06-05 15:51 . 2010-06-05 15:51 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7d2247f2-n\jmc.dll

2010-06-05 15:51 . 2010-06-05 15:51 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-359bf03b-n\decora-sse.dll

2010-06-05 15:51 . 2010-06-05 15:51 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7d2247f2-n\msvcr71.dll

2010-06-05 15:51 . 2010-06-05 15:51 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-359bf03b-n\decora-d3d.dll

2010-06-05 15:50 . 2010-06-05 15:49 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-05-15 15:02 . 2010-05-15 15:02 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG9

2010-05-13 05:25 . 2010-05-13 05:25 -------- d-----w- C:\$AVG

2010-05-13 05:09 . 2010-06-05 16:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar

2010-05-13 05:08 . 2010-05-13 05:08 -------- d-----w- c:\program files\AVG

2010-05-13 05:08 . 2010-06-05 16:05 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-05 15:24 . 2009-01-07 00:11 -------- d-----w- c:\program files\Yahoo!

2010-06-05 15:22 . 2008-12-22 02:09 -------- d-----w- c:\program files\Google

2010-06-05 15:20 . 2009-06-19 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL

2010-06-05 15:20 . 2009-06-20 14:17 -------- d-----w- c:\program files\AOL Toolbar

2010-06-05 13:20 . 2010-05-07 20:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-01 22:07 . 2010-01-23 21:57 -------- d-----w- c:\program files\CommentsBar_-_Social_Comments

2010-05-29 00:29 . 2010-05-28 04:36 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-05-28 05:49 . 2010-05-28 04:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2010-05-28 05:25 . 2010-05-28 05:25 -------- d-----w- c:\program files\Norton Safe Web Lite

2010-05-28 05:21 . 2010-05-28 04:18 -------- d-----w- c:\program files\NortonInstaller

2010-05-28 04:36 . 2010-05-28 04:36 -------- d-----w- c:\program files\Symantec

2010-05-28 04:36 . 2010-05-28 04:36 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-05-28 04:36 . 2010-05-28 04:36 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-05-28 04:36 . 2010-05-28 04:36 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-05-28 04:36 . 2010-05-28 04:36 125488 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-05-28 04:29 . 2010-05-28 04:29 -------- d-----w- c:\program files\Norton AntiVirus

2010-05-28 04:29 . 2010-05-28 04:29 -------- d-----w- c:\program files\Windows Sidebar

2010-05-28 04:19 . 2010-05-28 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

2010-05-13 05:39 . 2010-05-01 15:14 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-05-13 05:39 . 2010-05-01 15:14 38784 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-05-13 05:23 . 2010-02-27 17:06 0 ----a-w- c:\windows\Snijewejog.bin

2010-05-13 03:26 . 2010-02-27 17:06 120 ----a-w- c:\windows\Yziteq.dat

2010-05-08 18:11 . 2009-01-07 00:16 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!

2010-05-08 15:11 . 2010-05-08 15:11 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2010-05-07 20:33 . 2010-05-07 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-05-07 16:58 . 2010-05-28 05:49 811888 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.0.0.60\coFFNST\components\coFFNST.dll

2010-04-29 19:39 . 2010-05-07 20:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 19:39 . 2010-05-07 20:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-22 20:41 . 2010-04-22 20:41 -------- d-----w- c:\program files\ATT-RC

2010-04-21 16:20 . 2008-12-06 18:33 -------- d-----w- c:\program files\Common Files\Motive

2010-04-19 22:14 . 2010-04-19 22:14 -------- d-----w- c:\program files\ATT-PRT22-WISE

2010-04-19 22:14 . 2008-12-19 18:04 -------- d-----w- c:\program files\ATT

2010-04-19 14:25 . 2010-04-19 14:25 2117704 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\Update\igtA.tmp.dir\IEToolbar.dll

2010-04-17 16:51 . 2010-04-22 18:58 203498 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat

2010-04-17 14:43 . 2009-02-27 21:24 -------- d-----w- c:\program files\Common Files\Adobe

2010-04-17 14:43 . 2008-12-04 21:44 -------- d-----w- c:\program files\Windows Live

.

((((((((((((((((((((((((((((( SnapShot@2010-06-08_14.59.58 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-06-08 17:43 . 2010-06-08 17:43 16384 c:\windows\Temp\Perflib_Perfdata_768.dat

+ 2010-06-08 17:41 . 2010-06-08 17:41 16384 c:\windows\Temp\Perflib_Perfdata_720.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{3192b808-ec27-4332-b6c6-97f82692cad5}"= "c:\program files\CommentsBar_-_Social_Comments\tbCom1.dll" [2010-06-01 2515552]

[HKEY_CLASSES_ROOT\clsid\{3192b808-ec27-4332-b6c6-97f82692cad5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3192b808-ec27-4332-b6c6-97f82692cad5}]

2010-06-01 22:08 2515552 ----a-w- c:\program files\CommentsBar_-_Social_Comments\tbCom1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3192b808-ec27-4332-b6c6-97f82692cad5}"= "c:\program files\CommentsBar_-_Social_Comments\tbCom1.dll" [2010-06-01 2515552]

[HKEY_CLASSES_ROOT\clsid\{3192b808-ec27-4332-b6c6-97f82692cad5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3192B808-EC27-4332-B6C6-97F82692CAD5}"= "c:\program files\CommentsBar_-_Social_Comments\tbCom1.dll" [2010-06-01 2515552]

[HKEY_CLASSES_ROOT\clsid\{3192b808-ec27-4332-b6c6-97f82692cad5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Device Monitor.lnk

backup=c:\windows\pss\Device Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^ZooskMessenger.lnk]

path=c:\documents and settings\Owner\Start Menu\Programs\Startup\ZooskMessenger.lnk

backup=c:\windows\pss\ZooskMessenger.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-03 23:43 69632 ----a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]

2010-03-18 15:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

2008-06-24 18:34 41824 ----a-w- c:\program files\Common Files\AOL\1245428920\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2006-10-06 04:13 114688 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2006-10-06 04:11 98304 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-07-13 18:03 292128 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

2009-11-10 20:39 5244216 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 20:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2006-10-06 04:10 94208 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-05-26 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2005-09-22 18:36 14854144 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=

"c:\\Program Files\\Common Files\\AOL\\1245428920\\ee\\aolsoftware.exe"=

"c:\\Program Files\\AOL 9.1\\waol.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1200000.072\symds.sys [5/28/2010 12:34 AM 339504]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1200000.072\symefa.sys [5/28/2010 12:34 AM 660528]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.0.0.107\Definitions\BASHDefs\20100510.001\bhdrvx86.sys [5/28/2010 12:33 AM 691248]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1200000.072\ironx86.sys [5/28/2010 12:34 AM 134192]

R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.0.0.114\ccsvchst.exe [5/28/2010 12:34 AM 126904]

R2 NSL;Norton Safe Web Lite;c:\program files\Norton Safe Web Lite\Engine\1.0.0.60\ccSvcHst.exe [5/28/2010 1:26 AM 126904]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/6/2010 11:42 AM 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.0.0.107\Definitions\IPSDefs\20100518.001\IDSXpx86.sys [5/18/2010 3:24 PM 331640]

S0 tqqkogm;tqqkogm;c:\windows\system32\drivers\hnos.sys --> c:\windows\system32\drivers\hnos.sys [?]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [?]

S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]

S3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\drivers\cccp106.sys [2/27/2009 5:21 PM 227200]

S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [7/1/2006 12:44 AM 69692]

S3 EraserUtilDrv11010;EraserUtilDrv11010;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

2010-06-05 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-06-08 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-22 22:39]

2010-06-08 c:\windows\Tasks\PCConfidential.job

- c:\program files\Winferno\PC Confidential\PCConfidential.exe [2009-01-07 19:10]

2010-06-08 c:\windows\Tasks\User_Feed_Synchronization-{49243340-DDD1-4B67-BF60-7A87EAC17BAB}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage

mStart Page = hxxp://www.yahoo.com/?fr=fp-yie8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -

.

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-cdloader - c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-08 13:42

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]

"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.0.0.114\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.0.0.114\diMaster.dll\" /prefetch:1"

--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NSL]

"ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\1.0.0.60\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files\Norton Safe Web Lite\Engine\1.0.0.60\diMaster.dll\" /prefetch:1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2816)

c:\windows\system32\WININET.dll

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\en-us\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\Common Files\AOL\ACS\AOLAcsd.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\windows\system32\SearchIndexer.exe

.

**************************************************************************

.

Completion time: 2010-06-08 13:46:25 - machine was rebooted

ComboFix-quarantined-files.txt 2010-06-08 17:46

ComboFix2.txt 2010-06-08 15:04

Pre-Run: 60,887,879,680 bytes free

Post-Run: 60,849,274,880 bytes free

- - End Of File - - 3F9C7F3F26D7CFFAE0AE632A20A193DB

Link to post
Share on other sites

Open Notepad and copy and paste next in it:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]

Save this as fix.reg . Choose to save as All Files and place it on your desktop. It should look like this: reg.gif

Doubleclick on it and when it asks you, click Yes and then OK button.

Then reboot your computer to apply the changes and let me know how are things now.

Link to post
Share on other sites

nothing has changed still get fastbroswersearch on a new tab, I didn't see this before but right next to the url box there is a fast broswer search box. and in the manage add-ons under search providers there is fast broswer search and the status is default I can't remove it from the add-on window. Other than this everything seems to be working fine.

Link to post
Share on other sites

Download this Registry Search (by Bobbi Flekman), save it, and extract regsearch.exe to the Desktop.

Doubleclick regsearch.exe to start it. In the top window, enter fastbrowsersearch as the search string on the first line. Make sure all the option boxes are checked, and click OK button. Notepad will be opened with text in it (the file will be saved to the Desktop as well as RegSearch.txt). Post this text in your next reply.

Link to post
Share on other sites

Open Notepad and copy and paste next in it:

REGEDIT4

[-HKEY_USERS\S-1-5-21-4291292837-3418081373-1914262307-1003\Software\Microsoft\Internet Explorer\SearchScopes\{54A12752-1681-4C1E-9BC8-53E762E3DA05}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"=-

Save this as fix.reg . Choose to save as All Files and place it on your desktop. It should look like this: reg.gif

Doubleclick on it and when it asks you, click Yes and then OK button.

Then reboot your computer to apply the changes.

Link to post
Share on other sites

restarted and opened IE and a box opened with

A program on your computer has corrupted your default search provider settings for Internet Explorer.

Internet Explorer has reset this setting to your original search provider, Bing(www.bing.com).

Internet Explorer will now open Search Settings,where you can change this setting or install more search providers.

OK

Clicked OK and it opened Manage Add-ons and safebroswersearch is gone.

clicked on a new tab and showed about:blank(normal).

The url dropdown still won't drop down to show any history of previous sites, but if i goto view<explorer bars<history the history box shows with recent history. This doesn't seem normal.

Link to post
Share on other sites

1. Download IEFix, unzip it to your Desktop, and run it.

2. Click the Apply button.

3. You'll be prompted for the Operating System CD or the Service Pack Files location:

  • If you're using Windows XP, insert the Operating System CD. For OEM systems, point to the Operating System source path when prompted. If you've applied a Service Pack separately, you need to insert the Slipstreamed Operating System CD (if you have one) or point the installer to the ServicePack source path when prompted (see the image below). Mention the path as "C:\Windows\ServicePackFiles\i386" or "C:\Windows\ServicePackFiles"
  • If you don't have the Windows installation CD, and if the installation source files are not present in the hard disk, you may click Cancel when you see a dialog similar to the image below. IEFix will continue with DLL registration part.
    rawrid1.png
  • Restart Windows.

Link to post
Share on other sites

That didn't fix it. I went to google, yahoo, and some other sites but still none of the dropdown doesn't will not drop down. and when I restarted, right after the windows start sound ends there is a beep. No boxes come up and tell me that a file did not load.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.