Jump to content

Recommended Posts

Hello this is my mother's computer not sure what she has going on, but malwarebytes will not install because it will not install the registry key.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 6:41:19 PM, on 5/15/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\mmc.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\msiexec.exe

F:\kennedy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80114

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80114

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80114

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80114

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin1.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

O2 - BHO: TheFreeDictionarycom - {d1e06b91-60e6-4492-af9f-53043fa32716} - C:\Program Files\TheFreeDictionarycom\prxtbThe0.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin1.dll

O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coIEPlg.dll

O3 - Toolbar: TheFreeDictionarycom Toolbar - {d1e06b91-60e6-4492-af9f-53043fa32716} - C:\Program Files\TheFreeDictionarycom\prxtbThe0.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKUS\S-1-5-21-4281344322-186278165-812028621-1007\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'marc')

O4 - HKUS\S-1-5-21-4281344322-186278165-812028621-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'marc')

O4 - HKUS\S-1-5-21-4281344322-186278165-812028621-1007\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe (User 'marc')

O4 - HKUS\S-1-5-21-4281344322-186278165-812028621-1007\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe (User 'marc')

O4 - HKUS\S-1-5-21-4281344322-186278165-812028621-1007\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'marc')

O4 - HKUS\S-1-5-21-4281344322-186278165-812028621-1007\..\Run: [setDefaultMIDI] MIDIDef.exe (User 'marc')

O4 - HKUS\S-1-5-21-4281344322-186278165-812028621-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'marc')

O4 - HKUS\S-1-5-21-4281344322-186278165-812028621-501\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Guest')

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone

O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone

O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone

O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone

O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/IWONBarInitialSetup1.0.1.1.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)

O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--

End of file - 9916 bytes

Link to post
Share on other sites

I was able to run mbam under another user on this computer however when i am using her username and try to run mbam i get PROGRAM_ERROR_NO_ITEMS_SELECTED (0,0) here is the mbam log:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6586

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/16/2011 7:20:38 AM

mbam-log-2011-05-16 (07-20-14).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|)

Objects scanned: 479629

Time elapsed: 9 hour(s), 36 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 34

Registry Values Infected: 5

Registry Data Items Infected: 0

Folders Infected: 3

Files Infected: 9

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486} (Trojan.BHO) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44CF-8957-5838F569A31D} -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> No action taken.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

c:\documents and settings\Owner\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com (PUP.PlaySushi) -> No action taken.

c:\documents and settings\Owner\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome (PUP.PlaySushi) -> No action taken.

c:\documents and settings\Owner\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components (PUP.PlaySushi) -> No action taken.

Files Infected:

c:\my backup -- 09-10-10 1051pm\documents and settings\Owner\local settings\application data\Temp\BIT5B.tmp (Trojan.P2P.Worm) -> No action taken.

c:\my backup -- 09-10-10 1051pm\documents and settings\Owner\local settings\application data\Temp\{1c0103d5-874e-485d-b31e-bfb52b7d167c} (Trojan.P2P.Worm) -> No action taken.

c:\my backup -- 09-10-10 1051pm\documents and settings\Owner\my documents\marc's stuff\google_updater.exe (Trojan.Agent) -> No action taken.

c:\program files\Shared\lib.sig (Adware.Deepdive) -> No action taken.

c:\documents and settings\Owner\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome.manifest (PUP.PlaySushi) -> No action taken.

c:\documents and settings\Owner\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\install.rdf (PUP.PlaySushi) -> No action taken.

c:\documents and settings\Owner\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome\pstextlinks.jar (PUP.PlaySushi) -> No action taken.

c:\documents and settings\Owner\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\playsushiff.dll (PUP.PlaySushi) -> No action taken.

c:\documents and settings\Owner\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\pstextlinks.xpt (PUP.PlaySushi) -> No action taken.

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

Thank you!

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6586

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/19/2011 6:43:37 PM

mbam-log-2011-05-19 (18-43-30).txt

Scan type: Quick scan

Objects scanned: 224997

Time elapsed: 23 minute(s), 7 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 3

Files Infected: 5

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

c:\documents and settings\Owner\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com (PUP.PlaySushi) -> No action taken.

c:\documents and settings\Owner\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome (PUP.PlaySushi) -> No action taken.

c:\documents and settings\Owner\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components (PUP.PlaySushi) -> No action taken.

Files Infected:

c:\documents and settings\Owner\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome.manifest (PUP.PlaySushi) -> No action taken.

c:\documents and settings\Owner\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\install.rdf (PUP.PlaySushi) -> No action taken.

c:\documents and settings\Owner\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome\pstextlinks.jar (PUP.PlaySushi) -> No action taken.

c:\documents and settings\Owner\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\playsushiff.dll (PUP.PlaySushi) -> No action taken.

c:\documents and settings\Owner\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\pstextlinks.xpt (PUP.PlaySushi) -> No action taken.

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by marc at 18:45:26 on 2011-05-19

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3007.2002 [GMT -5:00]

.

AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\program files\real\realplayer\update\realsched.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Pando Networks\Media Booster\PMB.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\porkchop\mbam.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe

C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe

C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE

C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

C:\Documents and Settings\marc\Desktop\dds.scr

C:\WINDOWS\system32\WSCRIPT.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2857573

mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage

mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80114

mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80114

uURLSearchHooks: TheFreeDictionarycom Toolbar: {d1e06b91-60e6-4492-af9f-53043fa32716} - c:\program files\thefreedictionarycom\prxtbThe0.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin1.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll

BHO: TheFreeDictionarycom Toolbar: {d1e06b91-60e6-4492-af9f-53043fa32716} - c:\program files\thefreedictionarycom\prxtbThe0.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin1.dll

TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll

TB: TheFreeDictionarycom Toolbar: {d1e06b91-60e6-4492-af9f-53043fa32716} - c:\program files\thefreedictionarycom\prxtbThe0.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File

TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [setDefaultMIDI] MIDIDef.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe

mRun: [sunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [P17Helper] Rundll32 P17.dll,P17Helper

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: &Search - http://tbedits.mywebsearch.com/one-toolbaredits/menusearch.jhtml?s=100000345&p=ZLxdm0761UUS&si=&a=yji2AH1PWs5hOxKgEXusSg&n=2010041501

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Filter: text/html - {6ce0243e-ae48-4d9d-8d46-6b149f2fe954} -

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\symds.sys [2011-5-2 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\symefa.sys [2011-5-2 744568]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20110518.001\BHDrvx86.sys [2011-5-18 802936]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\ironx86.sys [2011-5-2 136312]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 N360;Norton 360;c:\program files\norton 360\engine\5.1.0.29\ccsvchst.exe [2011-5-2 130008]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-13 105592]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20110518.001\IDSXpx86.sys [2011-5-18 341944]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20110519.002\NAVENG.SYS [2011-5-19 86008]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20110519.002\NAVEX15.SYS [2011-5-19 1542392]

S1 SASDIFSV;SASDIFSV;\??\g:\superantispyware\sasdifsv.sys --> g:\superantispyware\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\g:\superantispyware\saskutil.sys --> g:\superantispyware\SASKUTIL.SYS [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-1 135664]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-1 135664]

S3 GzOFBus;CASIO C721 USB Composite device driver;c:\windows\system32\drivers\GzOFBus.sys [2008-12-16 33408]

S3 GzOFMdm;CASIO C721 CDMA USB Modem;c:\windows\system32\drivers\GzOFMdm.sys [2008-12-16 54400]

S3 GzOFVsp;CASIO C721 USB Virtual Serial Port Driver;c:\windows\system32\drivers\GzOFVsp.sys [2008-12-16 54400]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]

S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]

.

=============== Created Last 30 ================

.

2011-05-16 00:45:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-16 00:45:17 -------- d-----w- c:\program files\porkchop

2011-05-16 00:40:50 6144 ----a-w- c:\windows\~DFD20A.tmp

2011-05-15 23:35:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-15 23:35:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-02 22:31:49 331384 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys

2011-05-02 22:31:48 369784 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symtdi.sys

2011-05-02 22:31:48 296568 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symnets.sys

2011-05-02 22:31:47 744568 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symefa.sys

2011-05-02 22:31:47 340088 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symds.sys

2011-05-02 22:31:46 516216 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\srtsp.sys

2011-05-02 22:31:46 50168 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\srtspx.sys

2011-05-02 22:31:45 136312 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\ironx86.sys

2011-05-02 22:31:06 -------- d-----w- c:\windows\system32\drivers\n360\0501000.01D

.

==================== Find3M ====================

.

2011-05-19 23:19:36 256 ----a-w- c:\windows\system32\pool.bin

2011-05-15 00:05:54 256 ----a-w- c:\documents and settings\marc\pool.bin

2011-05-02 22:31:51 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL

2011-05-02 22:31:51 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec

.

============= FINISH: 18:46:25.45 ===============

Link to post
Share on other sites

Forgot to update mbam sorry

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6620

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/19/2011 7:12:18 PM

mbam-log-2011-05-19 (19-12-13).txt

Scan type: Quick scan

Objects scanned: 226957

Time elapsed: 13 minute(s), 54 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 3

Files Infected: 5

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

c:\documents and settings\Owner\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com (PUP.PlaySushi) -> No action taken.

c:\documents and settings\Owner\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome (PUP.PlaySushi) -> No action taken.

c:\documents and settings\Owner\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components (PUP.PlaySushi) -> No action taken.

Files Infected:

c:\documents and settings\Owner\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome.manifest (PUP.PlaySushi) -> No action taken.

c:\documents and settings\Owner\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\install.rdf (PUP.PlaySushi) -> No action taken.

c:\documents and settings\Owner\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome\pstextlinks.jar (PUP.PlaySushi) -> No action taken.

c:\documents and settings\Owner\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\playsushiff.dll (PUP.PlaySushi) -> No action taken.

c:\documents and settings\Owner\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\pstextlinks.xpt (PUP.PlaySushi) -> No action taken.

Link to post
Share on other sites

ComboFix 11-05-26.01 - marc 05/26/2011 20:28:33.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3007.2198 [GMT -5:00]

Running from: F:\trout.exe.exe

AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk

c:\documents and settings\charlie\Application Data\PriceGong

c:\documents and settings\charlie\Application Data\PriceGong\Data\1.xml

c:\documents and settings\charlie\Application Data\PriceGong\Data\a.xml

c:\documents and settings\charlie\Application Data\PriceGong\Data\b.xml

c:\documents and settings\charlie\Application Data\PriceGong\Data\c.xml

c:\documents and settings\charlie\Application Data\PriceGong\Data\d.xml

c:\documents and settings\charlie\Application Data\PriceGong\Data\e.xml

c:\documents and settings\charlie\Application Data\PriceGong\Data\f.xml

c:\documents and settings\charlie\Application Data\PriceGong\Data\g.xml

c:\documents and settings\charlie\Application Data\PriceGong\Data\h.xml

c:\documents and settings\charlie\Application Data\PriceGong\Data\i.xml

c:\documents and settings\charlie\Application Data\PriceGong\Data\J.xml

c:\documents and settings\charlie\Application Data\PriceGong\Data\k.xml

c:\documents and settings\charlie\Application Data\PriceGong\Data\l.xml

c:\documents and settings\charlie\Application Data\PriceGong\Data\m.xml

c:\documents and settings\charlie\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\charlie\Application Data\PriceGong\Data\n.xml

c:\documents and settings\charlie\Application Data\PriceGong\Data\o.xml

c:\documents and settings\charlie\Application Data\PriceGong\Data\p.xml

c:\documents and settings\charlie\Application Data\PriceGong\Data\q.xml

c:\documents and settings\charlie\Application Data\PriceGong\Data\r.xml

c:\documents and settings\charlie\Application Data\PriceGong\Data\s.xml

c:\documents and settings\charlie\Application Data\PriceGong\Data\t.xml

c:\documents and settings\charlie\Application Data\PriceGong\Data\u.xml

c:\documents and settings\charlie\Application Data\PriceGong\Data\v.xml

c:\documents and settings\charlie\Application Data\PriceGong\Data\w.xml

c:\documents and settings\charlie\Application Data\PriceGong\Data\x.xml

c:\documents and settings\charlie\Application Data\PriceGong\Data\y.xml

c:\documents and settings\charlie\Application Data\PriceGong\Data\z.xml

c:\documents and settings\charlie\WINDOWS

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\Guest\Application Data\PriceGong

c:\documents and settings\Guest\Application Data\PriceGong\Data\1.xml

c:\documents and settings\Guest\Application Data\PriceGong\Data\a.xml

c:\documents and settings\Guest\Application Data\PriceGong\Data\b.xml

c:\documents and settings\Guest\Application Data\PriceGong\Data\c.xml

c:\documents and settings\Guest\Application Data\PriceGong\Data\d.xml

c:\documents and settings\Guest\Application Data\PriceGong\Data\e.xml

c:\documents and settings\Guest\Application Data\PriceGong\Data\f.xml

c:\documents and settings\Guest\Application Data\PriceGong\Data\g.xml

c:\documents and settings\Guest\Application Data\PriceGong\Data\h.xml

c:\documents and settings\Guest\Application Data\PriceGong\Data\i.xml

c:\documents and settings\Guest\Application Data\PriceGong\Data\J.xml

c:\documents and settings\Guest\Application Data\PriceGong\Data\k.xml

c:\documents and settings\Guest\Application Data\PriceGong\Data\l.xml

c:\documents and settings\Guest\Application Data\PriceGong\Data\m.xml

c:\documents and settings\Guest\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Guest\Application Data\PriceGong\Data\n.xml

c:\documents and settings\Guest\Application Data\PriceGong\Data\o.xml

c:\documents and settings\Guest\Application Data\PriceGong\Data\p.xml

c:\documents and settings\Guest\Application Data\PriceGong\Data\q.xml

c:\documents and settings\Guest\Application Data\PriceGong\Data\r.xml

c:\documents and settings\Guest\Application Data\PriceGong\Data\s.xml

c:\documents and settings\Guest\Application Data\PriceGong\Data\t.xml

c:\documents and settings\Guest\Application Data\PriceGong\Data\u.xml

c:\documents and settings\Guest\Application Data\PriceGong\Data\v.xml

c:\documents and settings\Guest\Application Data\PriceGong\Data\w.xml

c:\documents and settings\Guest\Application Data\PriceGong\Data\x.xml

c:\documents and settings\Guest\Application Data\PriceGong\Data\y.xml

c:\documents and settings\Guest\Application Data\PriceGong\Data\z.xml

c:\documents and settings\Guest\WINDOWS

c:\documents and settings\marc\Application Data\PriceGong

c:\documents and settings\marc\Application Data\PriceGong\Data\1.xml

c:\documents and settings\marc\Application Data\PriceGong\Data\a.xml

c:\documents and settings\marc\Application Data\PriceGong\Data\b.xml

c:\documents and settings\marc\Application Data\PriceGong\Data\c.xml

c:\documents and settings\marc\Application Data\PriceGong\Data\d.xml

c:\documents and settings\marc\Application Data\PriceGong\Data\e.xml

c:\documents and settings\marc\Application Data\PriceGong\Data\f.xml

c:\documents and settings\marc\Application Data\PriceGong\Data\g.xml

c:\documents and settings\marc\Application Data\PriceGong\Data\h.xml

c:\documents and settings\marc\Application Data\PriceGong\Data\i.xml

c:\documents and settings\marc\Application Data\PriceGong\Data\J.xml

c:\documents and settings\marc\Application Data\PriceGong\Data\k.xml

c:\documents and settings\marc\Application Data\PriceGong\Data\l.xml

c:\documents and settings\marc\Application Data\PriceGong\Data\m.xml

c:\documents and settings\marc\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\marc\Application Data\PriceGong\Data\n.xml

c:\documents and settings\marc\Application Data\PriceGong\Data\o.xml

c:\documents and settings\marc\Application Data\PriceGong\Data\p.xml

c:\documents and settings\marc\Application Data\PriceGong\Data\q.xml

c:\documents and settings\marc\Application Data\PriceGong\Data\r.xml

c:\documents and settings\marc\Application Data\PriceGong\Data\s.xml

c:\documents and settings\marc\Application Data\PriceGong\Data\t.xml

c:\documents and settings\marc\Application Data\PriceGong\Data\u.xml

c:\documents and settings\marc\Application Data\PriceGong\Data\v.xml

c:\documents and settings\marc\Application Data\PriceGong\Data\w.xml

c:\documents and settings\marc\Application Data\PriceGong\Data\x.xml

c:\documents and settings\marc\Application Data\PriceGong\Data\y.xml

c:\documents and settings\marc\Application Data\PriceGong\Data\z.xml

c:\documents and settings\marc\WINDOWS

c:\program files\Fast Browser Search

c:\program files\Shared

c:\program files\Shared\100_0701.jpg

c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf

c:\windows\settings.reg

c:\windows\system32\config\systemprofile\WINDOWS

D:\Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2011-04-27 to 2011-05-27 )))))))))))))))))))))))))))))))

.

.

2011-05-27 01:20 . 2011-05-27 01:20 -------- d-----w- C:\32788R22FWJFW

2011-05-27 00:30 . 2011-05-27 00:30 -------- d-----w- c:\program files\Common Files\xing shared

2011-05-27 00:29 . 2011-05-27 00:29 -------- d-----w- c:\windows\SxsCaPendDel

2011-05-25 03:19 . 2011-05-25 03:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\TheFreeDictionarycom

2011-05-20 01:20 . 2011-05-20 01:24 -------- d-----w- c:\documents and settings\marc\Application Data\Apple Computer

2011-05-20 01:19 . 2011-05-20 01:19 -------- d-----w- c:\program files\iPod

2011-05-20 01:19 . 2011-05-20 01:20 -------- d-----w- c:\program files\iTunes

2011-05-20 01:19 . 2011-05-20 01:20 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2011-05-20 01:18 . 2011-05-20 01:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2011-05-20 01:18 . 2011-05-20 01:18 -------- d-----w- c:\program files\Apple Software Update

2011-05-20 01:17 . 2011-05-20 01:17 -------- d-----w- c:\program files\Bonjour

2011-05-20 01:17 . 2011-05-20 01:19 -------- d-----w- c:\program files\Common Files\Apple

2011-05-20 01:17 . 2011-05-20 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2011-05-20 01:12 . 2011-05-20 01:12 -------- d-----w- c:\program files\MixMeister

2011-05-16 00:45 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-16 00:45 . 2011-05-16 00:45 -------- d-----w- c:\program files\porkchop

2011-05-16 00:40 . 2011-05-16 00:40 6144 ----a-w- c:\windows\~DFD20A.tmp

2011-05-15 23:35 . 2011-05-15 23:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-15 23:35 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-14 01:00 . 2011-05-14 02:23 -------- d-----w- c:\documents and settings\TEMP

2011-05-02 22:31 . 2011-05-03 13:55 -------- d-----w- c:\windows\system32\drivers\N360\0501000.01D

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-27 00:29 . 2003-08-13 01:17 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-05-27 00:29 . 2003-08-13 01:17 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-05-22 02:25 . 2009-10-18 05:00 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll

2011-05-15 00:05 . 2009-12-18 21:15 256 ----a-w- c:\documents and settings\marc\pool.bin

2011-05-02 22:31 . 2010-10-24 04:36 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL

2011-05-02 22:31 . 2010-10-24 04:36 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-04-06 21:20 . 2011-04-06 21:20 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 21:20 . 2011-04-06 21:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll

2011-04-06 21:20 . 2011-04-06 21:20 197920 ----a-w- c:\windows\system32\dnssdX.dll

2011-04-06 21:20 . 2011-04-06 21:20 107808 ----a-w- c:\windows\system32\dns-sd.exe

2011-03-07 05:33 . 2006-07-27 08:33 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37 . 2006-07-27 08:36 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21 . 2006-07-27 08:36 1857920 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{d1e06b91-60e6-4492-af9f-53043fa32716}"= "c:\program files\TheFreeDictionarycom\prxtbThe0.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{d1e06b91-60e6-4492-af9f-53043fa32716}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2010-10-27 14:20 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngin1.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d1e06b91-60e6-4492-af9f-53043fa32716}]

2011-01-17 14:54 175912 ----a-w- c:\program files\TheFreeDictionarycom\prxtbThe0.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin1.dll" [2010-10-27 3908192]

"{d1e06b91-60e6-4492-af9f-53043fa32716}"= "c:\program files\TheFreeDictionarycom\prxtbThe0.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CLASSES_ROOT\clsid\{d1e06b91-60e6-4492-af9f-53043fa32716}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin1.dll" [2010-10-27 3908192]

"{D1E06B91-60E6-4492-AF9F-53043FA32716}"= "c:\program files\TheFreeDictionarycom\prxtbThe0.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CLASSES_ROOT\clsid\{d1e06b91-60e6-4492-af9f-53043fa32716}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-11-25 2923192]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-11 68856]

"SetDefaultMIDI"="MIDIDef.exe" [2002-12-03 49152]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]

"RTHDCPL"="RTHDCPL.EXE" [2005-09-14 14820864]

"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]

"P17Helper"="P17.dll" [2009-02-26 65536]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-05-27 273544]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"56687:TCP"= 56687:TCP:Pando Media Booster

"56687:UDP"= 56687:UDP:Pando Media Booster

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\symds.sys [5/2/2011 5:31 PM 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\symefa.sys [5/2/2011 5:31 PM 744568]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110518.001\BHDrvx86.sys [5/18/2011 7:08 PM 802936]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\ironx86.sys [5/2/2011 5:31 PM 136312]

R2 N360;Norton 360;c:\program files\Norton 360\Engine\5.1.0.29\ccsvchst.exe [5/2/2011 5:31 PM 130008]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/13/2011 6:49 PM 105592]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110518.001\IDSXpx86.sys [5/18/2011 8:09 PM 341944]

S1 SASDIFSV;SASDIFSV;\??\g:\superantispyware\SASDIFSV.SYS --> g:\superantispyware\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\g:\superantispyware\SASKUTIL.SYS --> g:\superantispyware\SASKUTIL.SYS [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/1/2010 2:10 AM 135664]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/1/2010 2:10 AM 135664]

S3 GzOFBus;CASIO C721 USB Composite device driver;c:\windows\system32\drivers\GzOFBus.sys [12/16/2008 1:43 AM 33408]

S3 GzOFMdm;CASIO C721 CDMA USB Modem;c:\windows\system32\drivers\GzOFMdm.sys [12/16/2008 1:43 AM 54400]

S3 GzOFVsp;CASIO C721 USB Virtual Serial Port Driver;c:\windows\system32\drivers\GzOFVsp.sys [12/16/2008 1:43 AM 54400]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 11:49 PM 18688]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 11:49 PM 8320]

S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 8:18 PM 23680]

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

.

2011-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 07:10]

.

2011-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 07:10]

.

2011-05-27 c:\windows\Tasks\User_Feed_Synchronization-{F98D5209-2BAF-4076-9FF3-EBA769768EDF}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2857573

mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.0.1

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-26 20:34

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Completion time: 2011-05-26 20:36:54

ComboFix-quarantined-files.txt 2011-05-27 01:36

.

Pre-Run: 132,609,359,872 bytes free

Post-Run: 133,400,309,760 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 6C7FB3F55A2479D171B2CD9F3A47BB0D

Link to post
Share on other sites

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by marc at 20:48:37 on 2011-05-26

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3007.2458 [GMT -5:00]

.

AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\Pando Networks\Media Booster\PMB.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\marc\Desktop\dds.scr

C:\WINDOWS\system32\WSCRIPT.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2857573

mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: TheFreeDictionarycom Toolbar: {d1e06b91-60e6-4492-af9f-53043fa32716} - c:\program files\thefreedictionarycom\prxtbThe0.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin1.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll

BHO: TheFreeDictionarycom Toolbar: {d1e06b91-60e6-4492-af9f-53043fa32716} - c:\program files\thefreedictionarycom\prxtbThe0.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin1.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll

TB: TheFreeDictionarycom Toolbar: {d1e06b91-60e6-4492-af9f-53043fa32716} - c:\program files\thefreedictionarycom\prxtbThe0.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File

TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File

uRun: [Pando Media Booster] "c:\program files\pando networks\media booster\PMB.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [setDefaultMIDI] MIDIDef.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe

mRun: [P17Helper] Rundll32 P17.dll,P17Helper

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\symds.sys [2011-5-2 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\symefa.sys [2011-5-2 744568]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20110518.001\BHDrvx86.sys [2011-5-18 802936]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\ironx86.sys [2011-5-2 136312]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 N360;Norton 360;c:\program files\norton 360\engine\5.1.0.29\ccsvchst.exe [2011-5-2 130008]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-13 105592]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20110518.001\IDSXpx86.sys [2011-5-18 341944]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20110526.002\NAVENG.SYS [2011-5-26 86008]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20110526.002\NAVEX15.SYS [2011-5-26 1542392]

S1 SASDIFSV;SASDIFSV;\??\g:\superantispyware\sasdifsv.sys --> g:\superantispyware\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\g:\superantispyware\saskutil.sys --> g:\superantispyware\SASKUTIL.SYS [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-1 135664]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-1 135664]

S3 GzOFBus;CASIO C721 USB Composite device driver;c:\windows\system32\drivers\GzOFBus.sys [2008-12-16 33408]

S3 GzOFMdm;CASIO C721 CDMA USB Modem;c:\windows\system32\drivers\GzOFMdm.sys [2008-12-16 54400]

S3 GzOFVsp;CASIO C721 USB Virtual Serial Port Driver;c:\windows\system32\drivers\GzOFVsp.sys [2008-12-16 54400]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]

S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]

.

=============== Created Last 30 ================

.

2011-05-27 01:24:44 -------- d-sha-r- C:\cmdcons

2011-05-27 01:20:44 98816 ----a-w- c:\windows\sed.exe

2011-05-27 01:20:44 89088 ----a-w- c:\windows\MBR.exe

2011-05-27 01:20:44 256512 ----a-w- c:\windows\PEV.exe

2011-05-27 01:20:44 161792 ----a-w- c:\windows\SWREG.exe

2011-05-27 00:30:34 -------- d-----w- c:\program files\common files\xing shared

2011-05-27 00:29:42 -------- d-----w- c:\windows\SxsCaPendDel

2011-05-20 01:19:40 -------- d-----w- c:\program files\iPod

2011-05-20 01:19:36 -------- d-----w- c:\program files\iTunes

2011-05-20 01:19:36 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2011-05-20 01:17:44 -------- d-----w- c:\program files\Bonjour

2011-05-20 01:12:34 -------- d-----w- c:\program files\MixMeister

2011-05-16 00:45:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-16 00:45:17 -------- d-----w- c:\program files\porkchop

2011-05-16 00:40:50 6144 ----a-w- c:\windows\~DFD20A.tmp

2011-05-15 23:35:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-15 23:35:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-02 22:31:49 331384 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys

2011-05-02 22:31:48 369784 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symtdi.sys

2011-05-02 22:31:48 296568 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symnets.sys

2011-05-02 22:31:47 744568 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symefa.sys

2011-05-02 22:31:47 340088 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symds.sys

2011-05-02 22:31:46 516216 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\srtsp.sys

2011-05-02 22:31:46 50168 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\srtspx.sys

2011-05-02 22:31:45 136312 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\ironx86.sys

2011-05-02 22:31:06 -------- d-----w- c:\windows\system32\drivers\n360\0501000.01D

.

==================== Find3M ====================

.

2011-05-27 00:32:57 256 ----a-w- c:\windows\system32\pool.bin

2011-05-27 00:29:44 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-05-27 00:29:44 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-05-22 02:25:50 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll

2011-05-15 00:05:54 256 ----a-w- c:\documents and settings\marc\pool.bin

2011-05-02 22:31:51 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL

2011-05-02 22:31:51 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-04-06 21:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 21:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll

2011-04-06 21:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll

2011-04-06 21:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 20:51:01.20 ===============

Link to post
Share on other sites

  • Staff

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6522

# api_version=3.0.2

# EOSSerial=5a6db41dcaf7e8479db1211eb129151e

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-06-03 01:50:43

# local_time=2011-06-02 08:50:43 (-0600, Central Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=3589 16777189 100 84 1706207 57634886 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=226518

# found=2

# cleaned=2

# scan_time=7053

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP561\A0175819.exe Win32/Adware.WBug.A application (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP564\A0178498.dll Win32/Adware.Gamevance.AG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Results of screen317's Security Check version 0.99.12

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

ESET Online Scanner v3

Norton 360

Antivirus up to date! (On Access scanning disabled!)

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Flash Player Out of Date!

Adobe Flash Player 10.0.32.18

Adobe Reader X (10.0.1)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Norton ccSvcHst.exe

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

ESET Online Scanner v3

Adobe Flash Player 10.0.32.18

Restart your computer.

Get the latest version of Java, Adobe Reader, and Adobe Flash Player.

Let me know what issues remain.

-screen317

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.