Jump to content

Believe to have a google redirect virus


Recommended Posts

I believe to have a google redirect virus. Sometimes after clicking on search links I am taken to random websites not even closely related to what they are supposed to be.

This started a couple days ago. I downloaded the Anti-Malware off your site, it removed something like 20 infections. After still noticing problems, and after my norton 360 program continued to tell me that it blocked attacks, I ran the Anti-Malware program again. This time it told me I had no infections but I continue to see problems.

My issue doesn't seem to be as bad as others, but I am freeking out that it will become a nightmare. Thanks.

Link to post
Share on other sites

Hi Stephen76 And Welcome to Malwarebytes Forum!

Don't freak out. All they want is money with the redirect to those sites.

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

---------------------------------------------------------------------------------------------

Lets go for the Kill:

Download TDSSKiller and save it to your Desktop.

  • Right click on the file and choose extract all extract the file to your desktop then run it.
  • If prompted to restart the computer type in Y then it will restart.
  • Or if you are prompted with a hidden service warning do go ahead and delete it.
  • Once completed it will create a log in your C:\ drive
  • Please post the contents of that log

========

  1. Download ComboFix from below:
    Combofix download
    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    cfRC_screen_1.png
    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
    The Recovery Console was successfully installed.
    cfRC_screen_2.png
    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply. With the TDSSKiller log
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

Link to post
Share on other sites

08:25:39:000 3580 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49

08:25:39:000 3580 ================================================================================

08:25:39:000 3580 SystemInfo:

08:25:39:000 3580 OS Version: 5.1.2600 ServicePack: 3.0

08:25:39:000 3580 Product type: Workstation

08:25:39:000 3580 ComputerName: INSPIRON9300

08:25:39:000 3580 UserName: Stephen

08:25:39:000 3580 Windows directory: C:\WINDOWS

08:25:39:000 3580 System windows directory: C:\WINDOWS

08:25:39:000 3580 Processor architecture: Intel x86

08:25:39:000 3580 Number of processors: 1

08:25:39:000 3580 Page size: 0x1000

08:25:39:015 3580 Boot type: Normal boot

08:25:39:015 3580 ================================================================================

08:25:39:578 3580 Initialize success

08:25:39:578 3580

08:25:39:578 3580 Scanning Services ...

08:25:40:406 3580 Raw services enum returned 370 services

08:25:40:421 3580

08:25:40:437 3580 Scanning Drivers ...

08:25:41:218 3580 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

08:25:41:343 3580 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

08:25:41:390 3580 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

08:25:41:468 3580 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

08:25:41:546 3580 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

08:25:41:593 3580 AegisP (076394a345ee5e9e3911fc0f058f4f38) C:\WINDOWS\system32\DRIVERS\AegisP.sys

08:25:41:687 3580 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

08:25:41:765 3580 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

08:25:41:875 3580 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

08:25:41:906 3580 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

08:25:41:937 3580 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

08:25:41:984 3580 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

08:25:42:046 3580 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

08:25:42:125 3580 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

08:25:42:203 3580 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

08:25:42:265 3580 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

08:25:42:328 3580 ApfiltrService (aeb775a2bae0f392ba6adc0bb706233a) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

08:25:42:406 3580 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

08:25:42:500 3580 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

08:25:42:578 3580 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

08:25:42:609 3580 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

08:25:42:656 3580 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

08:25:42:718 3580 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

08:25:42:796 3580 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

08:25:42:843 3580 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

08:25:42:859 3580 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

08:25:42:906 3580 bcm4sbxp (78123f44be9e4768852a3a017e02d637) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

08:25:42:937 3580 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

08:25:43:015 3580 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys

08:25:43:125 3580 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

08:25:43:171 3580 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

08:25:43:234 3580 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys

08:25:43:296 3580 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

08:25:43:343 3580 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

08:25:43:406 3580 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

08:25:43:515 3580 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

08:25:43:578 3580 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

08:25:43:625 3580 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

08:25:43:687 3580 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

08:25:43:734 3580 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

08:25:43:765 3580 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

08:25:43:812 3580 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

08:25:43:859 3580 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

08:25:43:953 3580 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

08:25:44:062 3580 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

08:25:44:140 3580 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

08:25:44:203 3580 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

08:25:44:234 3580 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

08:25:44:281 3580 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

08:25:44:328 3580 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys

08:25:44:359 3580 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys

08:25:44:406 3580 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

08:25:44:687 3580 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

08:25:44:812 3580 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

08:25:44:859 3580 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

08:25:44:937 3580 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

08:25:44:968 3580 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

08:25:45:031 3580 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

08:25:45:078 3580 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

08:25:45:125 3580 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

08:25:45:171 3580 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

08:25:45:234 3580 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

08:25:45:312 3580 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

08:25:45:343 3580 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

08:25:45:406 3580 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

08:25:45:468 3580 HSFHWICH (140ba850417896b6b3322048de280368) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys

08:25:45:546 3580 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

08:25:45:656 3580 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

08:25:45:687 3580 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

08:25:45:718 3580 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

08:25:45:750 3580 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

08:25:45:968 3580 IDSxpx86 (231c3f6d5c520e99924e1e37401a90c4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100720.001\IDSxpx86.sys

08:25:46:468 3580 Imapi (1ecf4359a1beeb721d91a344a3308492) C:\WINDOWS\system32\DRIVERS\imapi.sys

08:25:46:484 3580 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\imapi.sys. Real md5: 1ecf4359a1beeb721d91a344a3308492, Fake md5: 458a9f25108d6675ef660547e6c91130

08:25:46:515 3580 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

08:25:46:625 3580 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

08:25:46:687 3580 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

08:25:46:718 3580 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

08:25:46:796 3580 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

08:25:46:828 3580 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

08:25:46:859 3580 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

08:25:46:890 3580 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

08:25:46:921 3580 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

08:25:46:953 3580 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

08:25:47:031 3580 IWCA (872d090ca5c306f62d1982bce6302376) C:\WINDOWS\system32\DRIVERS\iwca.sys

08:25:47:078 3580 Kbdclass (23325b1ba9594bc857c67bd267e1ea42) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

08:25:47:078 3580 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\kbdclass.sys. Real md5: 23325b1ba9594bc857c67bd267e1ea42, Fake md5: 463c1ec80cd17420a542b7f36a36f128

08:25:47:078 3580 File "C:\WINDOWS\system32\DRIVERS\kbdclass.sys" infected by TDSS rootkit ... 08:25:49:484 3580 Backup copy found, using it..

08:25:49:609 3580 will be cured on next reboot

08:25:49:734 3580 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys

08:25:49:765 3580 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

08:25:49:812 3580 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

08:25:49:875 3580 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

08:25:49:937 3580 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

08:25:49:984 3580 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

08:25:49:984 3580 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

08:25:50:046 3580 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

08:25:50:078 3580 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

08:25:50:140 3580 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

08:25:50:203 3580 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

08:25:50:312 3580 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

08:25:50:390 3580 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

08:25:50:453 3580 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

08:25:50:500 3580 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

08:25:50:515 3580 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

08:25:50:562 3580 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

08:25:50:609 3580 msvad_simple (00c7b2306f1ca5389a1ac6d1df9c2e25) C:\WINDOWS\system32\drivers\povrtdev.sys

08:25:50:640 3580 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

08:25:50:828 3580 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100721.020\NAVENG.SYS

08:25:50:906 3580 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100721.020\NAVEX15.SYS

08:25:51:000 3580 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

08:25:51:046 3580 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

08:25:51:078 3580 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

08:25:51:125 3580 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

08:25:51:156 3580 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

08:25:51:203 3580 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

08:25:51:250 3580 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

08:25:51:296 3580 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

08:25:51:312 3580 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

08:25:51:375 3580 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

08:25:51:531 3580 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

08:25:51:734 3580 nv (938c1f929f44cd136e4d7034c04d5932) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

08:25:51:843 3580 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

08:25:51:890 3580 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

08:25:51:953 3580 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

08:25:52:000 3580 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys

08:25:52:062 3580 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

08:25:52:078 3580 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

08:25:52:125 3580 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

08:25:52:156 3580 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

08:25:52:187 3580 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

08:25:52:234 3580 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

08:25:52:312 3580 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

08:25:52:375 3580 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

08:25:52:421 3580 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

08:25:52:453 3580 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

08:25:52:500 3580 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

08:25:52:546 3580 PxHelp20 (0457e25bb122b854e267cf552dcdc370) C:\WINDOWS\system32\Drivers\PxHelp20.sys

08:25:52:578 3580 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

08:25:52:609 3580 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

08:25:52:656 3580 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

08:25:52:687 3580 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

08:25:52:718 3580 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

08:25:52:765 3580 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

08:25:52:812 3580 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

08:25:52:843 3580 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

08:25:52:875 3580 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

08:25:52:921 3580 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

08:25:52:953 3580 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

08:25:53:031 3580 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

08:25:53:109 3580 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

08:25:53:187 3580 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

08:25:53:250 3580 s24trans (81aa6f0d6a2be1c550f814b036215888) C:\WINDOWS\system32\DRIVERS\s24trans.sys

08:25:53:312 3580 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

08:25:53:406 3580 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

08:25:53:453 3580 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

08:25:53:500 3580 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

08:25:53:531 3580 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

08:25:53:593 3580 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

08:25:53:671 3580 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

08:25:53:718 3580 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

08:25:53:750 3580 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

08:25:53:843 3580 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS

08:25:53:906 3580 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS

08:25:53:968 3580 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

08:25:54:031 3580 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys

08:25:54:062 3580 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys

08:25:54:125 3580 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys

08:25:54:187 3580 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

08:25:54:234 3580 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

08:25:54:281 3580 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

08:25:54:312 3580 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

08:25:54:359 3580 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

08:25:54:453 3580 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS

08:25:54:531 3580 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

08:25:54:562 3580 SYMFW (1e825026436c4eac3e1a11d1e9c33f2c) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS

08:25:54:609 3580 SYMIDS (7a20b7d774ef0f16cf81b898bfeca772) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS

08:25:54:750 3580 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys

08:25:54:781 3580 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys

08:25:54:921 3580 SYMNDIS (5ab7d00ea6b7a6fcd5067c632ec6f039) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS

08:25:55:203 3580 SYMTDI (e4fa8bbb96e314e9508865de1a767538) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS

08:25:55:312 3580 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

08:25:55:343 3580 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

08:25:55:406 3580 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

08:25:55:468 3580 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

08:25:55:546 3580 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

08:25:55:578 3580 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

08:25:55:656 3580 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

08:25:55:734 3580 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys

08:25:55:781 3580 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys

08:25:55:812 3580 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys

08:25:55:843 3580 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys

08:25:55:859 3580 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys

08:25:55:875 3580 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys

08:25:55:890 3580 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys

08:25:55:921 3580 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys

08:25:55:937 3580 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys

08:25:55:968 3580 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

08:25:56:062 3580 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

08:25:56:109 3580 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

08:25:56:203 3580 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

08:25:56:781 3580 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys

08:25:56:906 3580 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

08:25:57:015 3580 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

08:25:57:046 3580 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

08:25:57:078 3580 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

08:25:57:140 3580 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

08:25:57:203 3580 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

08:25:57:281 3580 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

08:25:57:328 3580 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

08:25:57:390 3580 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

08:25:57:531 3580 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

08:25:57:593 3580 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

08:25:57:812 3580 w29n51 (f0f902220910c4fbe42a51964bd33599) C:\WINDOWS\system32\DRIVERS\w29n51.sys

08:25:57:921 3580 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

08:25:58:046 3580 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

08:25:58:078 3580 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

08:25:58:109 3580 Reboot required for cure complete..

08:25:58:765 3580 Cure on reboot scheduled successfully

08:25:58:765 3580

08:25:58:765 3580 Completed

08:25:58:765 3580

08:25:58:781 3580 Results:

08:25:58:781 3580 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

08:25:58:781 3580 File objects infected / cured / cured on reboot: 1 / 0 / 1

08:25:58:781 3580

08:25:58:781 3580 KLMD(ARK) unloaded successfully

ComboFix 10-07-22.01 - Stephen 07/22/2010 8:42.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.545 [GMT -10:00]

Running from: c:\documents and settings\Stephen\Desktop\ComboFix.exe

AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\_002713_.tmp.dll

c:\windows\xpsp1hfm.log

.

((((((((((((((((((((((((( Files Created from 2010-06-22 to 2010-07-22 )))))))))))))))))))))))))))))))

.

2010-07-21 09:17 . 2010-07-21 09:17 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-07-21 08:31 . 2010-07-21 08:31 -------- d-----w- c:\documents and settings\Stephen\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2010-07-21 07:56 . 2010-07-21 07:56 -------- d-----w- c:\documents and settings\Stephen\Application Data\Malwarebytes

2010-07-21 07:56 . 2010-04-30 01:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-21 07:56 . 2010-07-21 07:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-21 07:56 . 2010-04-30 01:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-21 07:56 . 2010-07-21 07:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-20 02:40 . 2010-07-20 02:40 77184 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe

2010-07-19 05:53 . 2010-07-19 05:53 -------- d-----w- c:\documents and settings\Stephen\Local Settings\Application Data\sflgdferx

2010-07-18 18:49 . 2010-07-19 05:54 -------- d-----w- c:\documents and settings\Stephen\Application Data\BitTorrent

2010-07-18 18:49 . 2010-07-18 18:49 -------- d-----w- c:\program files\BitTorrent

2010-07-14 09:20 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

2010-07-05 06:33 . 2010-07-05 06:33 -------- d-----w- c:\documents and settings\Stephen\Local Settings\Application Data\HandBrake

2010-07-05 06:32 . 2010-07-05 06:54 -------- d-----w- c:\documents and settings\Stephen\Application Data\HandBrake

2010-07-05 06:32 . 2010-07-05 20:20 -------- d-----w- c:\program files\Handbrake

2010-07-05 06:09 . 2010-07-05 06:09 -------- d-----w- c:\documents and settings\Stephen\Application Data\MPEG Streamclip

2010-07-05 05:29 . 2010-07-05 05:29 -------- d-----w- c:\program files\Xvid

2010-07-05 05:29 . 2009-06-08 02:24 180224 ----a-w- c:\windows\system32\xvidvfw.dll

2010-07-05 05:29 . 2009-06-08 02:16 819200 ----a-w- c:\windows\system32\xvidcore.dll

2010-07-02 04:20 . 2010-07-19 03:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-07-02 04:19 . 2010-07-02 04:20 -------- d-----w- c:\documents and settings\Stephen\Application Data\Oberon Media

2010-07-02 04:19 . 2010-07-02 05:37 -------- d-----w- c:\documents and settings\All Users\Application Data\GamesBar

2010-07-02 04:19 . 2010-07-02 04:19 -------- d-----w- c:\program files\Common Files\Oberon Media

2010-07-02 04:19 . 2010-07-02 04:20 -------- d-----w- c:\program files\GamesBar

2010-07-02 04:19 . 2010-07-02 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Oberon Media

2010-07-02 04:19 . 2010-07-02 04:19 -------- d-----w- c:\program files\MSN Games

2010-06-27 21:32 . 2010-06-27 21:32 -------- d-----w- c:\program files\iPod

2010-06-27 21:32 . 2010-06-27 21:33 -------- d-----w- c:\program files\iTunes

2010-06-27 21:32 . 2010-06-27 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-06-27 21:26 . 2010-06-27 21:27 -------- d-----w- c:\program files\QuickTime

2010-06-27 21:20 . 2010-06-27 21:20 -------- d-----w- c:\program files\Bonjour

2010-06-27 21:06 . 2010-06-27 21:06 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe

2010-06-27 19:27 . 2010-06-27 19:27 29184 ----a-w- c:\documents and settings\Stephen\Application Data\PirateGalaxy\putenv.dll

2010-06-27 19:27 . 2010-06-27 19:27 -------- d-----w- c:\documents and settings\Stephen\Application Data\PirateGalaxy

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-22 18:27 . 2004-08-04 03:58 24576 ----a-w- c:\windows\system32\drivers\kbdclass.sys

2010-07-22 18:05 . 2010-05-03 04:59 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-07-21 17:29 . 2010-02-16 04:12 -------- d-----w- c:\program files\Common Files\Adobe

2010-07-21 08:25 . 2010-03-28 04:44 -------- d-----w- c:\documents and settings\Stephen\Application Data\HP

2010-07-21 08:24 . 2010-04-17 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-07-21 05:15 . 2005-06-20 01:16 11383 ----a-w- c:\windows\system32\nvModes.dat

2010-07-18 02:16 . 2010-02-16 04:12 -------- d-----w- c:\documents and settings\Stephen\Application Data\AdobeUM

2010-07-02 02:23 . 2010-06-09 23:21 -------- d-----w- c:\program files\Diablo II

2010-06-27 21:32 . 2010-02-05 02:16 -------- d-----w- c:\program files\Common Files\Apple

2010-06-14 14:31 . 2004-08-10 18:02 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-09 23:59 . 2010-06-09 23:32 35667 ----a-w- c:\windows\DIIUnin.dat

2010-06-09 23:59 . 2010-06-08 04:22 21840 ----atw- c:\windows\system32\SIntfNT.dll

2010-06-09 23:59 . 2010-06-08 04:21 17212 ----atw- c:\windows\system32\SIntf32.dll

2010-06-09 23:59 . 2010-06-08 04:21 12067 ----atw- c:\windows\system32\SIntf16.dll

2010-06-09 23:32 . 2010-06-09 23:32 2829 ----a-w- c:\windows\DIIUnin.pif

2010-06-09 23:32 . 2010-06-09 23:32 94208 ----a-w- c:\windows\DIIUnin.exe

2010-06-09 23:17 . 2010-06-09 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles

2010-06-09 03:36 . 2010-06-09 03:36 472576 ----a-w- c:\windows\Nvidia Omega Drivers v2.169.21 Uninstall.exe

2010-06-09 03:36 . 2010-06-09 03:36 -------- d-----w- c:\program files\Nvidia Omega Drivers

2010-06-09 02:13 . 2010-06-09 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA

2010-06-07 01:41 . 2010-06-07 01:41 503808 ----a-w- c:\documents and settings\Stephen\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3b072b9e-n\msvcp71.dll

2010-06-07 01:41 . 2010-06-07 01:41 499712 ----a-w- c:\documents and settings\Stephen\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3b072b9e-n\jmc.dll

2010-06-07 01:41 . 2010-06-07 01:41 348160 ----a-w- c:\documents and settings\Stephen\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3b072b9e-n\msvcr71.dll

2010-06-07 01:41 . 2010-06-07 01:41 61440 ----a-w- c:\documents and settings\Stephen\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-29346f3c-n\decora-sse.dll

2010-06-07 01:41 . 2010-06-07 01:41 12800 ----a-w- c:\documents and settings\Stephen\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-29346f3c-n\decora-d3d.dll

2010-06-03 05:25 . 2010-02-05 02:18 -------- d-----w- c:\documents and settings\Stephen\Application Data\Apple Computer

2010-06-03 05:25 . 2010-02-05 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2010-06-01 05:39 . 2005-06-20 01:24 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-05-28 11:14 . 2010-04-11 03:47 -------- d-----w- c:\documents and settings\All Users\Application Data\MediaMall

2010-05-19 02:35 . 2010-05-19 02:35 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-05-19 02:35 . 2010-05-19 02:35 197920 ----a-w- c:\windows\system32\dnssdX.dll

2010-05-19 02:35 . 2010-05-19 02:35 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-05-06 10:41 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 05:22 . 2004-08-10 17:51 1851264 ----a-w- c:\windows\system32\win32k.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]

"SearchEngineProtection"="c:\program files\Gamesbar\SearchEngineProtection.exe" [2010-03-15 546200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]

"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"NVHotkey"="nvHotkey.dll" [2006-03-23 73728]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-12-01 4636672]

"nwiz"="nwiz.exe" [2004-12-01 921600]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-16 141624]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

c:\documents and settings\Stephen\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-6-19 24576]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]

2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [2/6/2010 9:48 AM 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [2/6/2010 9:48 AM 259632]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [2/6/2010 9:48 AM 482432]

R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100720.001\IDSXpx86.sys [7/20/2010 4:46 PM 331640]

R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2/6/2010 9:48 AM 117640]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/28/2010 5:23 AM 102448]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/28/2010 4:51 PM 136176]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMDB

*Deregistered* - klmdb

.

Contents of the 'Scheduled Tasks' folder

2010-07-21 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 02:51]

2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 02:51]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB

.

- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-07-22 08:47

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1396)

c:\program files\Intel\Wireless\Bin\LgNotify.dll

.

Completion time: 2010-07-22 08:50:01

ComboFix-quarantined-files.txt 2010-07-22 18:49

Pre-Run: 60,160,446,464 bytes free

Post-Run: 60,264,681,472 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 4531659ABB1346B271BF41F34528B794

Link to post
Share on other sites

Note: You should remove BitTorrent. P2P (peer-to-peer) using P2P software is very risky, because it makes you very susceptible to infection, attack, exposure of personal or company information. But this is up to you to remove BitTorrent. If you want to remove BitTorrent perform the next steps. If not let me know and we will remove the tools we used.

Go to Start > Control Panel > Add/Remove Programs.

Please remove these entries from Add/Remove Programs in the Control Panel

BitTorrent

Run CFScript

  • Close any open browsers.
  • Open Notepad by click start
  • Click Run
  • Type notepad into the box and click enter
  • Notepad will open
  • Copy and Paste everything from the Code box into Notepad:

KILLALL::

Folder::
c:\documents and settings\Stephen\Application Data\BitTorrent
c:\program files\BitTorrent

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=-

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

cfscriptb4.gif

This will start ComboFix again. It may ask to reboot. This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites

Sir,

I just want to say thank you so much for helping me do this. People like you give me hope for the future of my children. Thanks.

I would like to remove bittorent since it was likely the start of all my problems. I followed the remove program instructions through the control panel. It removed bittorent from the list and took me to a website that basically said the webpage could no longer be found. Bittorent is still in my start menu.

Anyways, I continued to follow your directions and ran combofix again. Thanks.

ComboFix 10-07-22.01 - Stephen 07/22/2010 10:20:09.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.459 [GMT -10:00]

Running from: c:\documents and settings\Stephen\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Stephen\Desktop\CFScript.txt

AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Stephen\Application Data\BitTorrent

c:\documents and settings\Stephen\Application Data\BitTorrent\dht.dat

c:\documents and settings\Stephen\Application Data\BitTorrent\dht.dat.old

c:\documents and settings\Stephen\Application Data\BitTorrent\resume.dat

c:\documents and settings\Stephen\Application Data\BitTorrent\resume.dat.old

c:\documents and settings\Stephen\Application Data\BitTorrent\rss.dat

c:\documents and settings\Stephen\Application Data\BitTorrent\rss.dat.old

c:\documents and settings\Stephen\Application Data\BitTorrent\settings.dat

c:\documents and settings\Stephen\Application Data\BitTorrent\settings.dat.old

.

((((((((((((((((((((((((( Files Created from 2010-06-22 to 2010-07-22 )))))))))))))))))))))))))))))))

.

2010-07-21 09:17 . 2010-07-21 09:17 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-07-21 08:31 . 2010-07-21 08:31 -------- d-----w- c:\documents and settings\Stephen\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2010-07-21 07:56 . 2010-07-21 07:56 -------- d-----w- c:\documents and settings\Stephen\Application Data\Malwarebytes

2010-07-21 07:56 . 2010-04-30 01:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-21 07:56 . 2010-07-21 07:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-21 07:56 . 2010-04-30 01:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-21 07:56 . 2010-07-21 07:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-19 05:53 . 2010-07-19 05:53 -------- d-----w- c:\documents and settings\Stephen\Local Settings\Application Data\sflgdferx

2010-07-14 09:20 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

2010-07-05 06:33 . 2010-07-05 06:33 -------- d-----w- c:\documents and settings\Stephen\Local Settings\Application Data\HandBrake

2010-07-05 06:32 . 2010-07-05 06:54 -------- d-----w- c:\documents and settings\Stephen\Application Data\HandBrake

2010-07-05 06:32 . 2010-07-05 20:20 -------- d-----w- c:\program files\Handbrake

2010-07-05 06:09 . 2010-07-05 06:09 -------- d-----w- c:\documents and settings\Stephen\Application Data\MPEG Streamclip

2010-07-05 05:29 . 2010-07-05 05:29 -------- d-----w- c:\program files\Xvid

2010-07-05 05:29 . 2009-06-08 02:24 180224 ----a-w- c:\windows\system32\xvidvfw.dll

2010-07-05 05:29 . 2009-06-08 02:16 819200 ----a-w- c:\windows\system32\xvidcore.dll

2010-07-02 04:20 . 2010-07-19 03:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-07-02 04:19 . 2010-07-02 04:20 -------- d-----w- c:\documents and settings\Stephen\Application Data\Oberon Media

2010-07-02 04:19 . 2010-07-02 05:37 -------- d-----w- c:\documents and settings\All Users\Application Data\GamesBar

2010-07-02 04:19 . 2010-07-02 04:19 -------- d-----w- c:\program files\Common Files\Oberon Media

2010-07-02 04:19 . 2010-07-02 04:20 -------- d-----w- c:\program files\GamesBar

2010-07-02 04:19 . 2010-07-02 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Oberon Media

2010-07-02 04:19 . 2010-07-02 04:19 -------- d-----w- c:\program files\MSN Games

2010-06-27 21:32 . 2010-06-27 21:32 -------- d-----w- c:\program files\iPod

2010-06-27 21:32 . 2010-06-27 21:33 -------- d-----w- c:\program files\iTunes

2010-06-27 21:32 . 2010-06-27 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-06-27 21:26 . 2010-06-27 21:27 -------- d-----w- c:\program files\QuickTime

2010-06-27 21:20 . 2010-06-27 21:20 -------- d-----w- c:\program files\Bonjour

2010-06-27 19:27 . 2010-06-27 19:27 -------- d-----w- c:\documents and settings\Stephen\Application Data\PirateGalaxy

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-22 18:27 . 2004-08-04 03:58 24576 ----a-w- c:\windows\system32\drivers\kbdclass.sys

2010-07-22 18:05 . 2010-05-03 04:59 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-07-21 17:29 . 2010-02-16 04:12 -------- d-----w- c:\program files\Common Files\Adobe

2010-07-21 08:25 . 2010-03-28 04:44 -------- d-----w- c:\documents and settings\Stephen\Application Data\HP

2010-07-21 08:24 . 2010-04-17 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-07-21 05:15 . 2005-06-20 01:16 11383 ----a-w- c:\windows\system32\nvModes.dat

2010-07-20 02:40 . 2010-07-20 02:40 77184 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe

2010-07-18 02:16 . 2010-02-16 04:12 -------- d-----w- c:\documents and settings\Stephen\Application Data\AdobeUM

2010-07-02 02:23 . 2010-06-09 23:21 -------- d-----w- c:\program files\Diablo II

2010-06-27 21:32 . 2010-02-05 02:16 -------- d-----w- c:\program files\Common Files\Apple

2010-06-27 21:06 . 2010-06-27 21:06 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe

2010-06-27 19:27 . 2010-06-27 19:27 29184 ----a-w- c:\documents and settings\Stephen\Application Data\PirateGalaxy\putenv.dll

2010-06-14 14:31 . 2004-08-10 18:02 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-09 23:59 . 2010-06-09 23:32 35667 ----a-w- c:\windows\DIIUnin.dat

2010-06-09 23:59 . 2010-06-08 04:22 21840 ----atw- c:\windows\system32\SIntfNT.dll

2010-06-09 23:59 . 2010-06-08 04:21 17212 ----atw- c:\windows\system32\SIntf32.dll

2010-06-09 23:59 . 2010-06-08 04:21 12067 ----atw- c:\windows\system32\SIntf16.dll

2010-06-09 23:32 . 2010-06-09 23:32 2829 ----a-w- c:\windows\DIIUnin.pif

2010-06-09 23:32 . 2010-06-09 23:32 94208 ----a-w- c:\windows\DIIUnin.exe

2010-06-09 23:17 . 2010-06-09 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles

2010-06-09 03:36 . 2010-06-09 03:36 472576 ----a-w- c:\windows\Nvidia Omega Drivers v2.169.21 Uninstall.exe

2010-06-09 03:36 . 2010-06-09 03:36 -------- d-----w- c:\program files\Nvidia Omega Drivers

2010-06-09 02:13 . 2010-06-09 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA

2010-06-07 01:41 . 2010-06-07 01:41 503808 ----a-w- c:\documents and settings\Stephen\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3b072b9e-n\msvcp71.dll

2010-06-07 01:41 . 2010-06-07 01:41 499712 ----a-w- c:\documents and settings\Stephen\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3b072b9e-n\jmc.dll

2010-06-07 01:41 . 2010-06-07 01:41 348160 ----a-w- c:\documents and settings\Stephen\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3b072b9e-n\msvcr71.dll

2010-06-07 01:41 . 2010-06-07 01:41 61440 ----a-w- c:\documents and settings\Stephen\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-29346f3c-n\decora-sse.dll

2010-06-07 01:41 . 2010-06-07 01:41 12800 ----a-w- c:\documents and settings\Stephen\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-29346f3c-n\decora-d3d.dll

2010-06-03 05:25 . 2010-02-05 02:18 -------- d-----w- c:\documents and settings\Stephen\Application Data\Apple Computer

2010-06-03 05:25 . 2010-02-05 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2010-06-01 05:39 . 2005-06-20 01:24 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-05-28 11:14 . 2010-04-11 03:47 -------- d-----w- c:\documents and settings\All Users\Application Data\MediaMall

2010-05-19 02:35 . 2010-05-19 02:35 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-05-19 02:35 . 2010-05-19 02:35 197920 ----a-w- c:\windows\system32\dnssdX.dll

2010-05-19 02:35 . 2010-05-19 02:35 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-05-06 10:41 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 05:22 . 2004-08-10 17:51 1851264 ----a-w- c:\windows\system32\win32k.sys

.

((((((((((((((((((((((((((((( SnapShot@2010-07-22_18.47.16 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-07-22 20:28 . 2010-07-22 20:28 16384 c:\windows\Temp\Perflib_Perfdata_320.dat

+ 2010-07-22 20:26 . 2010-07-22 20:26 16384 c:\windows\Temp\Perflib_Perfdata_2d4.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]

"SearchEngineProtection"="c:\program files\Gamesbar\SearchEngineProtection.exe" [2010-03-15 546200]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]

"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"NVHotkey"="nvHotkey.dll" [2006-03-23 73728]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-12-01 4636672]

"nwiz"="nwiz.exe" [2004-12-01 921600]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-16 141624]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

c:\documents and settings\Stephen\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-6-19 24576]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]

2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [2/6/2010 9:48 AM 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [2/6/2010 9:48 AM 259632]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [2/6/2010 9:48 AM 482432]

R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100720.001\IDSXpx86.sys [7/20/2010 4:46 PM 331640]

R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2/6/2010 9:48 AM 117640]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/28/2010 5:23 AM 102448]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/28/2010 4:51 PM 136176]

.

Contents of the 'Scheduled Tasks' folder

2010-07-21 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 02:51]

2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 02:51]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-07-22 10:31

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1404)

c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(1924)

c:\windows\system32\WININET.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Intel\Wireless\Bin\WLKeeper.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\windows\system32\wdfmgr.exe

c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe

c:\progra~1\Intel\Wireless\Bin\1XConfig.exe

c:\program files\Apoint\Apntex.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\HP\Digital Imaging\bin\hpqimzone.exe

c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\windows\system32\HPZinw12.exe

.

**************************************************************************

.

Completion time: 2010-07-22 10:36:37 - machine was rebooted

ComboFix-quarantined-files.txt 2010-07-22 20:36

ComboFix2.txt 2010-07-22 18:50

Pre-Run: 60,282,839,040 bytes free

Post-Run: 60,269,924,352 bytes free

- - End Of File - - 1D8D88D8280CF352746560B2ED1E0219

Link to post
Share on other sites

Right click on BitTorrent in the start menu and click Delete.

There are some older versions of Java on your computer. These can be a source of infection.

[javaicon.gif

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
  • Scroll down to where it says Java SE Runtime Environment (JRE) - JRE 6 Update 21 -
  • Click the Download button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: I agree to the Java SE Runtime Environment 6u16 with JavaFX 1 License Agreement. Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u120 -windows-i586-p.exe to install the newest version.

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

      [*]Click OK to leave the Java Control Panel.

To test your Java Run-time, you may go to this page http://www.java.com/en/download/help/testvm.xml

When all is well, you should see Java Version: 1.6.0_21 from Sun Microsystems Inc.

Your Computer is Clean

CLEAN-1.jpg

Some final items:

Follow these steps to uninstall Combofix and tools used in the removal of malware

  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the x and /)
    CF_Uninstall-1.jpg
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

This will uninstall Combofix and anything assoicated with it.

Here are some additional links for you to check out to help you with your computer security.

Browsers

Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE.

If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust)

NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

Additional Security Measures

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

SpywareBlaster- SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

Cookienator- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash.

Secunia software inspector & update checker

Visit My Blog for Malware and Spyware Tips

6567E80CC55576485246E130E48A9FA8.png

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.