Jump to content

Recommended Posts

As in description, got rid of most of the malware, but some of it is still there and is preventing me from accessing google.com.

Here is all the info you need, i think:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6240

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

4/1/2011 3:46:33 PM

mbam-log-2011-04-01 (15-46-33).txt

Scan type: Quick scan

Objects scanned: 168787

Time elapsed: 3 minute(s), 12 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDs TEXT:

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by German at 13:37:45.28 on Fri 04/01/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2077 [GMT -4:00]

.

AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Mobiola Headset for iPhone\MobiolaWaveService.exe

C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

H:\games2\steam.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Trillian\trillian.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe

C:\Documents and Settings\GERY\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://home.mywebsearch.com/index.jhtml?ptnrS=ZUxdm2655QUS&ptb=IJy7gh1A2oKjxn.60DMLBw&n=77cfe139

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - c:\windows\system32\dvmurl.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\17.8.0.5\IPSBHO.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [steam] "h:\games2\steam.exe" -silent

uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [MpsOnn] c:\windows\system32\spool\drivers\w32x86\3\MpsOnn.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll

Trusted Zone: ninjavideo.net\www

DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/hsi/vzTCPConfig.CAB

DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240459484072

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

Notify: TPSvc - TPSvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

Hosts: 213.175.216.204 google.com www.google.com

Hosts: 213.175.216.205 mail.google.com

Hosts: 74.125.45.100 4-open-davinci.com

Hosts: 74.125.45.100 securitysoftwarepayments.com

Hosts: 74.125.45.100 privatesecuredpayments.com

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\gery\applic~1\mozilla\firefox\profiles\s1hygsxh.default\

FF - prefs.js: browser.search.selectedEngine - My Web Search

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm2655QUS&ptb=IJy7gh1A2oKjxn.60DMLBw&psa=&ind=2010112313&ptnrS=ZUxdm2655QUS&si=142522&st=kwd&n=77cfe139&searchfor=

FF - prefs.js: network.proxy.type - 4

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\ipsffplgn\components\IPSFFPl.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

R0 cdburner;cdburner;c:\windows\system32\drivers\cdburner.sys [2009-5-10 15872]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-4-23 64288]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1108000.005\symds.sys [2011-3-10 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1108000.005\symefa.sys [2011-3-10 173104]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-3-30 11608]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\bashdefs\20110309.001\BHDrvx86.sys [2011-3-10 800376]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1108000.005\cchpx86.sys [2011-3-10 501888]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1108000.005\ironx86.sys [2011-3-10 116784]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-3-30 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-3-30 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-3-30 61960]

R2 ES lite Service;ES lite Service for program management.;c:\program files\gigabyte\easysaver\essvr.exe [2009-4-22 68136]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]

R2 Mobiola Wave Service;Mobiola Wave Service;c:\program files\mobiola headset for iphone\MobiolaWaveService.exe [2011-1-16 123840]

R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\17.8.0.5\ccsvchst.exe [2011-3-10 126392]

R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [2009-4-22 35840]

R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-3-9 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\ipsdefs\20110310.002\IDSXpx86.sys [2011-3-10 341944]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]

R3 MOBIOLA_Wave;Mobiola Wave Audio Device (WDM);c:\windows\system32\drivers\mobiolawave.sys [2011-1-16 24128]

R3 mobiolavs;Mobiola Web Camera Video Source;c:\windows\system32\drivers\mobiolavs.sys [2010-11-10 26512]

S0 xvyptryj;xvyptryj;c:\windows\system32\drivers\iorbcnnq.sys --> c:\windows\system32\drivers\iorbcnnq.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]

S3 BTCARD;3DSP Bluetooth Card v2.0;c:\windows\system32\drivers\btcard.sys --> c:\windows\system32\drivers\btcard.sys [?]

S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [2009-4-22 24944]

S3 MFCARD;3DSP WLAN and BlueTooth Card;c:\windows\system32\drivers\tdspbus.sys --> c:\windows\system32\drivers\tdspbus.sys [?]

S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\virusdefs\20110311.025\NAVENG.SYS [2011-3-12 86008]

S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\virusdefs\20110311.025\NAVEX15.SYS [2011-3-12 1360760]

S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2009-10-30 18432]

S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [2009-4-22 28416]

S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2009-4-22 17408]

S3 WLAN3DSPXP;3DSP WLAN Card;c:\windows\system32\drivers\wltbus50.sys --> c:\windows\system32\drivers\wltbus50.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

S4 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]

S4 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]

.

=============== Created Last 30 ================

.

2011-03-30 21:03:02 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-03-30 21:03:00 -------- d-----w- c:\program files\Avira

2011-03-30 21:03:00 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira

2011-03-27 02:54:48 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-03-27 02:54:47 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-03-27 02:54:47 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-03-27 02:54:47 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll

2011-03-27 02:54:47 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll

2011-03-27 02:54:47 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-03-27 02:54:47 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-03-27 02:54:47 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-03-11 22:57:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-03-11 22:56:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-10 19:25:46 501888 ----a-w- c:\windows\system32\drivers\nav\1108000.005\cchpx86.sys

2011-03-10 19:25:46 43696 ----a-w- c:\windows\system32\drivers\nav\1108000.005\srtspx.sys

2011-03-10 19:25:46 361904 ----a-w- c:\windows\system32\drivers\nav\1108000.005\symtdi.sys

2011-03-10 19:25:46 339504 ----a-w- c:\windows\system32\drivers\nav\1108000.005\symtdiv.sys

2011-03-10 19:25:46 328752 ----a-r- c:\windows\system32\drivers\nav\1108000.005\symds.sys

2011-03-10 19:25:46 325680 ----a-w- c:\windows\system32\drivers\nav\1108000.005\srtsp.sys

2011-03-10 19:25:46 173104 ----a-w- c:\windows\system32\drivers\nav\1108000.005\symefa.sys

2011-03-10 19:25:46 116784 ----a-w- c:\windows\system32\drivers\nav\1108000.005\ironx86.sys

2011-03-10 19:25:36 -------- d-----w- c:\windows\system32\drivers\nav\1108000.005

2011-03-09 04:38:05 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2011-03-09 04:38:05 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-03-09 04:38:05 -------- d-----w- c:\program files\Symantec

2011-03-09 04:38:05 -------- d-----w- c:\program files\common files\Symantec Shared

2011-03-09 04:37:44 -------- d-----w- c:\windows\system32\drivers\NAV

2011-03-09 04:37:43 -------- d-----w- c:\program files\Norton AntiVirus

2011-03-09 04:37:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton

2011-03-09 04:36:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller

2011-03-09 04:23:04 98816 ----a-w- c:\windows\sed.exe

2011-03-09 04:23:04 89088 ----a-w- c:\windows\MBR.exe

2011-03-09 04:23:04 256512 ----a-w- c:\windows\PEV.exe

2011-03-09 04:23:04 161792 ----a-w- c:\windows\SWREG.exe

.

==================== Find3M ====================

.

2011-04-01 15:40:34 16608 ----a-w- c:\windows\gdrv.sys

2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll

.

============= FINISH: 13:38:42.14 ===============

Thanks in advance for the help you guys do a great job here!

Link to post
Share on other sites

That looks like some hosts file hijacking.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Ah, that may have fixed it, but here is the log just in case.

ComboFix 11-04-03.01 - German 04/03/2011 20:59:48.7.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2661 [GMT -4:00]

Running from: c:\documents and settings\GERY\Desktop\Combo-Fix.exe

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_WMPNetworkSvc

.

.

((((((((((((((((((((((((( Files Created from 2011-03-04 to 2011-04-04 )))))))))))))))))))))))))))))))

.

.

2011-03-30 21:03 . 2011-03-04 20:11 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-03-30 21:03 . 2011-03-04 18:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-03-30 21:03 . 2010-06-17 18:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2011-03-30 21:03 . 2010-06-17 18:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2011-03-30 21:03 . 2011-03-30 21:03 -------- d-----w- c:\program files\Avira

2011-03-30 21:03 . 2011-03-30 21:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2011-03-27 02:54 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-03-27 02:54 . 2011-03-18 17:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll

2011-03-27 02:54 . 2011-03-18 17:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll

2011-03-27 02:54 . 2011-03-18 17:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll

2011-03-27 02:54 . 2011-03-18 17:53 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll

2011-03-27 02:54 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll

2011-03-27 02:54 . 2011-03-18 17:53 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll

2011-03-27 02:54 . 2011-03-18 17:53 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll

2011-03-11 22:57 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-03-11 22:56 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-09 04:38 . 2011-03-09 04:40 -------- d-----w- c:\program files\Common Files\Symantec Shared

2011-03-09 04:38 . 2011-03-09 04:38 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2011-03-09 04:38 . 2011-03-09 04:38 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-03-09 04:38 . 2011-03-09 04:38 -------- d-----w- c:\program files\Symantec

2011-03-09 04:37 . 2011-03-11 16:22 -------- d-----w- c:\windows\system32\drivers\NAV

2011-03-09 04:37 . 2011-03-09 04:37 -------- d-----w- c:\program files\Norton AntiVirus

2011-03-09 04:37 . 2011-03-11 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-04 01:06 . 2009-04-22 16:02 16608 ----a-w- c:\windows\gdrv.sys

2011-02-09 13:53 . 2009-04-23 19:19 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-09 13:53 . 2009-04-23 19:19 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-02 07:58 . 2009-04-23 19:19 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2009-04-23 19:19 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44 . 2009-04-23 19:19 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09 . 2009-04-23 19:19 290048 ----a-w- c:\windows\system32\atmfd.dll

2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

2011-03-18 17:53 . 2011-03-27 02:54 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot_2011-03-09_04.29.54 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-04-04 01:06 . 2011-04-04 01:06 16384 c:\windows\Temp\Perflib_Perfdata_4a4.dat

+ 2011-04-04 01:07 . 2011-04-04 01:07 16384 c:\windows\Temp\Perflib_Perfdata_2b0.dat

+ 2010-04-23 06:47 . 2010-06-18 04:59 15880 c:\windows\system32\lsdelete.exe

- 2010-04-23 06:47 . 2010-04-23 04:59 15880 c:\windows\system32\lsdelete.exe

+ 2011-03-30 21:03 . 2010-06-17 18:27 28520 c:\windows\system32\drivers\ssmdrv.sys

+ 2011-03-10 19:25 . 2010-04-22 02:29 43696 c:\windows\system32\drivers\NAV\1108000.005\srtspx.sys

- 2009-04-23 19:19 . 2008-04-14 00:12 135168 c:\windows\system32\shsvcs.dll

+ 2009-04-23 19:19 . 2009-07-27 23:17 135168 c:\windows\system32\shsvcs.dll

+ 2001-08-23 12:00 . 2011-04-03 23:39 746654 c:\windows\system32\perfh009.dat

+ 2001-08-23 12:00 . 2011-04-03 23:39 182920 c:\windows\system32\perfc009.dat

+ 2011-03-23 20:04 . 2011-03-23 20:04 235168 c:\windows\system32\Macromed\Flash\FlashUtil10o_Plugin.exe

+ 2011-03-10 19:25 . 2010-05-06 04:01 339504 c:\windows\system32\drivers\NAV\1108000.005\symtdiv.sys

+ 2011-03-10 19:25 . 2010-05-06 04:01 361904 c:\windows\system32\drivers\NAV\1108000.005\symtdi.sys

+ 2011-03-10 19:25 . 2010-04-22 03:02 173104 c:\windows\system32\drivers\NAV\1108000.005\symefa.sys

+ 2011-03-10 19:25 . 2009-08-30 00:17 328752 c:\windows\system32\drivers\NAV\1108000.005\symds.sys

+ 2011-03-10 19:25 . 2010-04-22 02:29 325680 c:\windows\system32\drivers\NAV\1108000.005\srtsp.sys

+ 2011-03-10 19:25 . 2010-04-29 05:03 116784 c:\windows\system32\drivers\NAV\1108000.005\ironx86.sys

+ 2011-03-10 19:25 . 2010-02-26 00:22 501888 c:\windows\system32\drivers\NAV\1108000.005\cchpx86.sys

+ 2009-07-27 23:17 . 2009-07-27 23:17 135168 c:\windows\system32\dllcache\shsvcs.dll

+ 2010-01-27 01:07 . 2011-03-23 20:04 6053536 c:\windows\system32\Macromed\Flash\NPSWF32.dll

- 2010-01-27 01:07 . 2011-03-07 03:08 6053536 c:\windows\system32\Macromed\Flash\NPSWF32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="h:\games2\steam.exe" [2010-11-17 1242448]

"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"MpsOnn"="c:\windows\System32\spool\DRIVERS\W32X86\3\MpsOnn.exe" [2007-05-28 28232]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc]

TPSvc.dll [bU]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Gigabyte\\GBTUpd\\RunUpd.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Gigabyte\\GBTUpd\\GBTUpd.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=

"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

"h:\\Dead.Space.Multi-5.Repack.Skullptura\\Dead Space\\Dead Space.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Trillian\\trillian.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"h:\\Games2\\Steam.exe"=

"h:\\Games2\\steamapps\\common\\alien swarm\\srcds.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"h:\\Games2\\steamapps\\common\\alien swarm\\swarm.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Mobiola Webcam for iPhone\\WebcamForIPhone.exe"=

"c:\\Program Files\\Mobiola Headset for iPhone\\HeadsetForIPhone.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

.

R0 cdburner;cdburner;c:\windows\system32\drivers\cdburner.sys [5/10/2009 11:38 PM 15872]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/23/2010 12:59 AM 64288]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1108000.005\symds.sys [3/10/2011 3:25 PM 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1108000.005\symefa.sys [3/10/2011 3:25 PM 173104]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20110309.001\BHDrvx86.sys [3/10/2011 5:48 PM 800376]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1108000.005\cchpx86.sys [3/10/2011 3:25 PM 501888]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1108000.005\ironx86.sys [3/10/2011 3:25 PM 116784]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/30/2011 5:03 PM 135336]

R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [4/22/2009 12:03 PM 68136]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1352832]

R2 Mobiola Wave Service;Mobiola Wave Service;c:\program files\Mobiola Headset for iPhone\MobiolaWaveService.exe [1/16/2011 2:28 PM 123840]

R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.8.0.5\ccsvchst.exe [3/10/2011 3:25 PM 126392]

R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [4/22/2009 12:53 PM 35840]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/9/2011 12:54 AM 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20110310.002\IDSXpx86.sys [3/10/2011 6:48 PM 341944]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 6:06 AM 21632]

R3 MOBIOLA_Wave;Mobiola Wave Audio Device (WDM);c:\windows\system32\drivers\mobiolawave.sys [1/16/2011 2:28 PM 24128]

R3 mobiolavs;Mobiola Web Camera Video Source;c:\windows\system32\drivers\mobiolavs.sys [11/10/2010 3:52 PM 26512]

S0 xvyptryj;xvyptryj;c:\windows\system32\drivers\iorbcnnq.sys --> c:\windows\system32\drivers\iorbcnnq.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

S3 BTCARD;3DSP Bluetooth Card v2.0;c:\windows\system32\DRIVERS\btcard.sys --> c:\windows\system32\DRIVERS\btcard.sys [?]

S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [4/22/2009 12:52 PM 24944]

S3 MFCARD;3DSP WLAN and BlueTooth Card;c:\windows\system32\DRIVERS\tdspbus.sys --> c:\windows\system32\DRIVERS\tdspbus.sys [?]

S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [10/30/2009 1:39 PM 18432]

S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [4/22/2009 12:53 PM 28416]

S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [4/22/2009 12:53 PM 17408]

S3 WLAN3DSPXP;3DSP WLAN Card;c:\windows\system32\DRIVERS\wltbus50.sys --> c:\windows\system32\DRIVERS\wltbus50.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S4 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]

S4 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]

S4 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/23/2009 5:51 PM 691696]

.

Contents of the 'Scheduled Tasks' folder

.

2011-04-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 04:59]

.

2011-03-30 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

.

2011-04-04 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-04-26 02:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://home.mywebsearch.com/index.jhtml?ptnrS=ZUxdm2655QUS&ptb=IJy7gh1A2oKjxn.60DMLBw&n=77cfe139

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000

Trusted Zone: ninjavideo.net\www

DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/hsi/vzTCPConfig.CAB

FF - ProfilePath - c:\documents and settings\GERY\Application Data\Mozilla\Firefox\Profiles\s1hygsxh.default\

FF - prefs.js: browser.search.selectedEngine - My Web Search

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm2655QUS&ptb=IJy7gh1A2oKjxn.60DMLBw&psa=&ind=2010112313&ptnrS=ZUxdm2655QUS&si=142522&st=kwd&n=77cfe139&searchfor=

FF - prefs.js: network.proxy.type - 4

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-NAV - c:\program files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\A5E82D02\17.8.0.5\InstStub.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-04-03 21:07

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NAV]

"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.8.0.5\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-842925246-1085031214-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:9e,f5,a5,e2,73,7f,71,19,3d,9f,d2,aa,20,8a,c0,44,9b,db,6f,77,ea,c3,33,

ef,d2,c8,72,ac,cc,65,c8,d0,92,9b,66,43,4a,49,68,70,66,9c,72,fd,23,1e,b8,bd,\

"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49

.

[HKEY_USERS\S-1-5-21-842925246-1085031214-839522115-1003\Software\SecuROM\License information*]

"datasecu"=hex:b1,e4,f0,1a,45,dd,dd,af,1d,eb,6b,b3,49,3d,5b,b0,0f,90,43,8f,5b,

b2,f7,3c,8e,3d,35,b9,6b,a2,5f,f4,c4,5a,d6,8e,7e,1a,a3,37,90,28,5e,f3,2c,42,\

"rkeysecu"=hex:5c,cc,c5,30,58,58,e2,d2,cd,2d,08,b5,64,df,c6,3b

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\

Link to post
Share on other sites

I'm glad to hear that! :)

Do you use MyWebSearch as search engine by choice? If not, please uninstall it using Add/Remove Programs.

P2P WARNING

-------------------

Going over your logs I noticed that you have BitTorrent installed.

  • [*] Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

[*]They are a security risk which can make your computer susceptible to a sm

Link to post
Share on other sites

Oh, the mywebsearch thing on internet explorer? Not sure how that got on there, I hardly ever use internet explorer, only Firefox.

C:\Documents and Settings\GERY\Application Data\Sun\Java\Deployment\cache\6.0\0\39f29c0-3ee976b5 Java/Exploit.Agent.NAA trojan deleted - quarantined

C:\Documents and Settings\GERY\Desktop\NAV10.17.0.0.136_[RH].rar Win32/Packed.Autoit.E.Gen application deleted - quarantined

C:\Documents and Settings\GERY\Desktop\NAV10.17.0.0.136_[RH]\Norton AntiVirus 2010 v17.0.0.136\BOX_NTR_v1.4.0_BETA.Edition\BOX_NTR2010_v1.4BE.exe Win32/Packed.Autoit.E.Gen application deleted - quarantined

C:\Qoobox\Quarantine\C\Documents and Settings\GERY\Application Data\0057160A8450E45B4E6757EF72C932AC\enemies-names.txt.vir Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL.vir Win32/Adware.FunWeb application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL.vir Win32/Adware.FunWeb application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL.vir Win32/Toolbar.MyWebSearch.G application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir Win32/Toolbar.MyWebSearch.B application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL.vir Win32/Adware.FunWeb application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL.vir Win32/Toolbar.MyWebSearch.G application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir Win32/Toolbar.MyWebSearch.D application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir Win32/Adware.FunWeb application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL.vir Win32/Toolbar.MyWebSearch.H application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3DLGHK.DLL.vir a variant of Win32/Toolbar.MyWebSearch.I application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir Win32/Toolbar.MyWebSearch.J application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir Win32/Toolbar.MyWebSearch.J application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir Win32/Toolbar.MyWebSearch.I application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir a variant of Win32/Toolbar.MyWebSearch.K application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSMLBTN.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir Win32/Toolbar.MyWebSearch.J application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSUABTN.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\PROGRA~1\MYWEBS~1\bar\1.bin\MWSOEMON.EXE.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP277\A0030621.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP277\A0030623.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP277\A0030624.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP277\A0030625.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP277\A0030626.DLL Win32/Toolbar.MyWebSearch.G application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP277\A0030627.DLL Win32/Toolbar.MyWebSearch.B application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP277\A0030628.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP277\A0030629.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP277\A0030630.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP277\A0030631.SCR Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP277\A0030632.DLL Win32/Toolbar.MyWebSearch.G application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP277\A0030633.DLL Win32/Toolbar.MyWebSearch.D application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP277\A0030634.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP277\A0030635.EXE Win32/Adware.FunWeb application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP277\A0030638.DLL Win32/Toolbar.MyWebSearch.H application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP277\A0030639.DLL a variant of Win32/Toolbar.MyWebSearch.I application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP277\A0030641.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP277\A0030643.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP277\A0030645.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP277\A0030646.DLL Win32/Toolbar.MyWebSearch.J application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP277\A0030647.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP277\A0030649.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP277\A0030650.EXE Win32/Toolbar.MyWebSearch.J application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP277\A0030651.EXE Win32/Toolbar.MyWebSearch.I application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP277\A0030652.DLL a variant of Win32/Toolbar.MyWebSearch.K application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP277\A0030653.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP277\A0030654.DLL Win32/Toolbar.MyWebSearch.J application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP277\A0030655.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP277\A0030656.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP277\A0030657.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP277\A0030658.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP277\A0030659.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP277\A0030668.scr Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031372.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031373.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031374.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031375.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031376.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031377.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031378.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031379.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031380.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031381.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031382.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031383.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031384.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031385.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031386.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031387.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031388.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031389.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031390.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031391.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031392.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031393.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031394.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031395.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031396.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031397.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031398.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031399.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031400.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031401.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031402.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031403.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031404.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031405.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031406.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031407.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031408.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031409.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031410.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031411.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031412.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031413.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031414.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031415.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031416.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031417.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031418.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031419.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031420.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031421.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031422.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031423.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031424.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031425.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP279\A0031426.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{A6D84243-D2BD-431B-A1EA-6EB5C3E67426}\RP300\A0035932.exe Win32/Packed.Autoit.E.Gen application deleted - quarantined

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\incoming\104 notte senza fine.zip a variant of Win32/Agent.WRY trojan deleted - quarantined

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\incoming\astro avenger 2 v2.0.zip a variant of Win32/Agent.WRY trojan deleted - quarantined

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\incoming\business_cycles_dynamics_3540321675_.rar a variant of Win32/Agent.WRY trojan deleted - quarantined

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\incoming\c77) [maniac street ] plug in baby.zip a variant of Win32/Agent.WRY trojan deleted - quarantined

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\incoming\cose_che_non_sisedranno_piu.zip a variant of Win32/Agent.WRY trojan deleted - quarantined

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\incoming\design learning and planning about mintzberg and ansoff.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\incoming\direct.contact.2009.pl.dvdrip.xvid.ac3 konik.[oslonet.net].rar a variant of Win32/Agent.WRY trojan deleted - quarantined

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\incoming\e. e.zip a variant of Win32/Agent.WRY trojan deleted - quarantined

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\incoming\encyclopedie des plantes medicinales.rar a variant of Win32/Agent.WRY trojan deleted - quarantined

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\incoming\final_thoughts_and_the_last_day.rar a variant of Win32/Agent.WRY trojan deleted - quarantined

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\incoming\FindBack.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\incoming\ICU New Patient Evaluation.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\incoming\introducing windows server 2008 r2 (2010) (malestrom).rar a variant of Win32/Agent.WRY trojan deleted - quarantined

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\incoming\jaeger werner_paideia_libro primero(doc).exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\incoming\klaus.hallen. .formation.dancing.by.zip a variant of Win32/Agent.WRY trojan deleted - quarantined

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\incoming\la_liberta _di_volare.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\incoming\machado celso toada1.rar a variant of Win32/Agent.WRY trojan deleted - quarantined

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\incoming\main_menu_welcome.rar a variant of Win32/Agent.WRY trojan deleted - quarantined

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\incoming\manifestacion con npadre.zip a variant of Win32/Agent.WRY trojan deleted - quarantined

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\incoming\moriarty see why but this is a lonesome town mp3.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\incoming\nds) 0062 madagascar (u)(lube).rar a variant of Win32/Agent.WRY trojan deleted - quarantined

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\incoming\next.en.de.dd.5.1.dvd5.by.ubr. .rar a variant of Win32/Agent.WRY trojan deleted - quarantined

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\incoming\noah.s.ark.deluxe.1.1.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\incoming\osprey elite no.rar a variant of Win32/Agent.WRY trojan deleted - quarantined

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\incoming\paul mounsey (02) nahoo too (1997)_[320kbps].zip a variant of Win32/Agent.WRY trojan deleted - quarantined

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\incoming\pdf concord 1027 firepower pictorials 1992 m 60.rar a variant of Win32/Agent.WRY trojan deleted - quarantined

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\incoming\raw_bleach_ch333.zip a variant of Win32/Agent.WRY trojan deleted - quarantined

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\incoming\rez champignon rezepte wdr.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\incoming\salata exotica cu nuci.zip a variant of Win32/Agent.WRY trojan deleted - quarantined

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\incoming\tim lahaye jerry jenkins left behind series 4 soul harvest.zip a variant of Win32/Agent.WRY trojan deleted - quarantined

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\incoming\tlf soft gnomonology.textures.belt.pack.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\incoming\vCaller ID Basic.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\incoming\wind power plans.exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\incoming\[aviation magazine] avions 093.zip a variant of Win32/Agent.WRY trojan deleted - quarantined

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\incoming\[subpig][triangle ep11 finale].exe a variant of Win32/Agent.WRY trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\drivers\etc\hosts.nav Win32/Qhost trojan cleaned by deleting - quarantined

Link to post
Share on other sites

ESET already took care of My Websearch as well as some other leftovers. :)

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    • Delete DDS and GMER (this is a random named file)

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.