Jump to content

Infected with some type of trojan


Recommended Posts

I did a scan with Malwarebytes and it came up with trojan.bho. I'm also getting redirected on Google, had something called funwebproducts (Not so fun heh), but it isn't showing up anymore (still getting redirected, though).

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Alex at 15:19:55.32 on Sat 06/11/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.53 [GMT -7:00]

.

AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

svchost.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Norton 360\Norton 360\Engine\4.3.0.5\ccSvcHst.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

c:\WINDOWS\system32\ZuneBusEnum.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe

C:\Program Files\PdaNet for Android\PdaNetPC.exe

C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe

C:\Program Files\Norton 360\Norton 360\Engine\4.3.0.5\ccSvcHst.exe

C:\PROGRA~1\COMMON~1\AOL\125657~1\EE\AOLHOS~1.EXE

C:\PROGRA~1\COMMON~1\AOL\125657~1\EE\AOLServiceHost.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

c:\windows\system\hpsysdrv.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Documents and Settings\Alex.YOUR-27E1513D96\My Documents\Downloads\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.msn.com

uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser

uDefault_Page_URL = hxxp://www.msn.com

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser

BHO: {001872df-507c-48d7-8cfa-c57fa33ce83a} - c:\windows\system32\ativtmxx32.dll

BHO: {00192b3e-24d5-40a1-b750-a15ed80ae3a1} - c:\windows\system32\ativtmxx32.dll

BHO: {0030e5be-507c-48d7-8cfa-c57fa33ce83a} - c:\windows\system32\ativtmxx32.dll

BHO: {0032567d-24d5-40a1-b750-a15ed80ae3a1} - c:\windows\system32\ativtmxx32.dll

BHO: {0061cb7c-507c-48d7-8cfa-c57fa33ce83a} - c:\windows\system32\ativtmxx32.dll

BHO: {0064acfb-24d5-40a1-b750-a15ed80ae3a1} - c:\windows\system32\ativtmxx32.dll

BHO: {00c396f8-507c-48d7-8cfa-c57fa33ce83a} - c:\windows\system32\ativtmxx32.dll

BHO: {00c959f7-24d5-40a1-b750-a15ed80ae3a1} - c:\windows\system32\ativtmxx32.dll

BHO: {01872df1-507c-48d7-8cfa-c57fa33ce83a} - c:\windows\system32\ativtmxx32.dll

BHO: {01a72c05-d6d6-4f46-a9f9-f1ee038b98ab} - c:\windows\system32\ativtmxx32.dll

BHO: {032567de-24d5-40a1-b750-a15ed80ae3a1} - c:\windows\system32\ativtmxx32.dll

BHO: {034e580b-d6d6-4f46-a9f9-f1ee038b98ab} - c:\windows\system32\ativtmxx32.dll

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\norton 360\engine\4.3.0.5\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\norton 360\engine\4.3.0.5\IPSBHO.DLL

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll

BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll

TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\norton 360\engine\4.3.0.5\coIEPlg.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Lala Music Mover] "c:\program files\lala.com\lala music mover\LalaMover.exe" /minimized

mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe

mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run

mRun: [PCDrProfiler]

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [HostManager] c:\program files\common files\aol\1256577640\ee\AOLHostManager.exe

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [AmazonGSDownloaderTray] c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderTray.exe

mRun: [Lexmark X1100 Series] "c:\program files\lexmark x1100 series\lxbkbmgr.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\docume~1\alex~1.you\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alex~1.you\startm~1\programs\startup\memoni~1.lnk - c:\program files\verizon wireless\v cast music manager\MEMonitor.exe

StartupFolder: c:\docume~1\alex~1.you\startm~1\programs\startup\pdanet~1.lnk - c:\program files\pdanet for android\PdaNetPC.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\5577497\program\Compaq Connections.exe

IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000

IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html

IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252091743875

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} - hxxps://ediagnostics.lexmark.com/serval.cab

DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\alex~1.you\applic~1\mozilla\firefox\profiles\mkcpxvmu.default\

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - component: c:\documents and settings\alex.your-27e1513d96\application data\mozilla\firefox\profiles\mkcpxvmu.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

FF - plugin: c:\documents and settings\alex.your-27e1513d96\application data\mozilla\firefox\profiles\mkcpxvmu.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.7\npapicomadapter.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\picasa3\npPicasa2.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

============= SERVICES / DRIVERS ===============

.

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\bashdefs\20110518.001\BHDrvx86.sys [2011-5-18 802936]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2011-4-5 501888]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-7-1 54760]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-9 105592]

.

=============== Created Last 30 ================

.

2011-05-28 20:07:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-15 02:23:06 0 ---ha-w- c:\windows\system32\qqaxzcpxhr.tmp

.

==================== Find3M ====================

.

2011-04-05 00:44:12 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2011-04-03 23:32:31 0 ---ha-w- c:\documents and settings\alex.your-27e1513d96\qqaxzcpxhr.tmp

2011-04-01 00:40:05 323072 ----a-w- c:\windows\system32\ativtmxx32.dll

.

============= FINISH: 15:22:07.51 ===============

ark.zip

Attach.zip

Link to post
Share on other sites

:welcome:

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs from these scans, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

Thanks for the help! Computer is still behaving the same (No changes), still getting redirected.

(Should I post the MBAM log? I wasn't clear as to whether I should post it or attach it...)

Here is the TDSS log:

2011/06/14 10:01:23.0906 0360 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48

2011/06/14 10:01:25.0906 0360 ================================================================================

2011/06/14 10:01:25.0906 0360 SystemInfo:

2011/06/14 10:01:25.0906 0360

2011/06/14 10:01:25.0906 0360 OS Version: 5.1.2600 ServicePack: 3.0

2011/06/14 10:01:25.0906 0360 Product type: Workstation

2011/06/14 10:01:25.0906 0360 ComputerName: YOUR-27E1513D96

2011/06/14 10:01:25.0906 0360 UserName: Alex

2011/06/14 10:01:25.0906 0360 Windows directory: C:\WINDOWS

2011/06/14 10:01:25.0906 0360 System windows directory: C:\WINDOWS

2011/06/14 10:01:25.0906 0360 Processor architecture: Intel x86

2011/06/14 10:01:25.0906 0360 Number of processors: 1

2011/06/14 10:01:25.0906 0360 Page size: 0x1000

2011/06/14 10:01:25.0906 0360 Boot type: Normal boot

2011/06/14 10:01:25.0906 0360 ================================================================================

2011/06/14 10:01:29.0781 0360 Initialize success

2011/06/14 10:01:38.0609 2840 ================================================================================

2011/06/14 10:01:38.0609 2840 Scan started

2011/06/14 10:01:38.0609 2840 Mode: Manual;

2011/06/14 10:01:38.0609 2840 ================================================================================

2011/06/14 10:01:39.0375 2840 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/06/14 10:01:39.0609 2840 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/06/14 10:01:39.0937 2840 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/06/14 10:01:40.0171 2840 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/06/14 10:01:40.0453 2840 AgereSoftModem (34f27c7d71f1c49c7d3857f28b42f544) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

2011/06/14 10:01:41.0218 2840 ALCXWDM (781c5ec517c53f5214b61253b20c13c4) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2011/06/14 10:01:41.0734 2840 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

2011/06/14 10:01:42.0140 2840 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/06/14 10:01:43.0640 2840 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/06/14 10:01:44.0281 2840 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/06/14 10:01:45.0750 2840 ati2mtag (b33a281dcdf455b069816790275050a7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2011/06/14 10:01:46.0765 2840 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/06/14 10:01:47.0250 2840 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/06/14 10:01:48.0515 2840 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/06/14 10:01:49.0906 2840 BHDrvx86 (ad73b4cd214de82d003fdadbaeab6410) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110519.002\BHDrvx86.sys

2011/06/14 10:01:51.0140 2840 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/06/14 10:01:51.0968 2840 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys

2011/06/14 10:01:53.0015 2840 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/06/14 10:01:53.0296 2840 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/06/14 10:01:53.0671 2840 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/06/14 10:01:55.0546 2840 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/06/14 10:01:55.0875 2840 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/06/14 10:01:56.0406 2840 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/06/14 10:01:56.0656 2840 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/06/14 10:01:56.0953 2840 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/06/14 10:01:57.0625 2840 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/06/14 10:01:57.0953 2840 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

2011/06/14 10:01:58.0203 2840 EraserUtilRebootDrv (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

2011/06/14 10:01:58.0640 2840 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/06/14 10:01:59.0171 2840 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2011/06/14 10:01:59.0437 2840 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/06/14 10:01:59.0875 2840 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/06/14 10:02:00.0453 2840 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/06/14 10:02:01.0250 2840 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys

2011/06/14 10:02:02.0000 2840 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/06/14 10:02:02.0734 2840 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/06/14 10:02:03.0546 2840 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/06/14 10:02:03.0890 2840 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/06/14 10:02:04.0609 2840 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/06/14 10:02:05.0515 2840 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys

2011/06/14 10:02:06.0000 2840 htcdiag (19b3f21ad09a49188ad30cb4b35d3e83) C:\WINDOWS\system32\DRIVERS\htcdiag.sys

2011/06/14 10:02:06.0343 2840 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/06/14 10:02:07.0203 2840 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/06/14 10:02:07.0500 2840 iaStor (79ae2a97c120f282845d854d0f070ea9) C:\WINDOWS\system32\DRIVERS\iaStor.sys

2011/06/14 10:02:08.0000 2840 IDSxpx86 (b9ba869eb7b66c5740e904a79f9245b4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110610.006\IDSxpx86.sys

2011/06/14 10:02:08.0640 2840 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/06/14 10:02:09.0046 2840 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/06/14 10:02:09.0265 2840 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/06/14 10:02:09.0484 2840 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/06/14 10:02:09.0750 2840 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/06/14 10:02:10.0093 2840 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/06/14 10:02:10.0484 2840 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/06/14 10:02:10.0875 2840 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/06/14 10:02:11.0281 2840 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/06/14 10:02:11.0718 2840 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/06/14 10:02:12.0156 2840 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/06/14 10:02:12.0578 2840 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/06/14 10:02:12.0921 2840 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/06/14 10:02:13.0468 2840 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/06/14 10:02:13.0937 2840 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/06/14 10:02:14.0250 2840 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/06/14 10:02:14.0718 2840 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/06/14 10:02:15.0906 2840 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/06/14 10:02:16.0171 2840 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/06/14 10:02:16.0468 2840 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/06/14 10:02:16.0687 2840 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/06/14 10:02:16.0953 2840 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/06/14 10:02:17.0171 2840 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/06/14 10:02:17.0406 2840 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/06/14 10:02:17.0625 2840 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/06/14 10:02:18.0078 2840 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110614.001\NAVENG.SYS

2011/06/14 10:02:18.0531 2840 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110614.001\NAVEX15.SYS

2011/06/14 10:02:18.0812 2840 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/06/14 10:02:19.0078 2840 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/06/14 10:02:19.0312 2840 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/06/14 10:02:19.0546 2840 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/06/14 10:02:19.0796 2840 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/06/14 10:02:20.0046 2840 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/06/14 10:02:20.0265 2840 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/06/14 10:02:20.0546 2840 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/06/14 10:02:20.0781 2840 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/06/14 10:02:21.0062 2840 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/06/14 10:02:21.0375 2840 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/06/14 10:02:21.0609 2840 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/06/14 10:02:21.0796 2840 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/06/14 10:02:22.0015 2840 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/06/14 10:02:22.0250 2840 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/06/14 10:02:22.0500 2840 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/06/14 10:02:22.0703 2840 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/06/14 10:02:22.0953 2840 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/06/14 10:02:23.0250 2840 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/06/14 10:02:23.0500 2840 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/06/14 10:02:24.0625 2840 pnetmdm (da19e3401f39c10df193be029c7e7bba) C:\WINDOWS\system32\DRIVERS\pnetmdm.sys

2011/06/14 10:02:24.0937 2840 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/06/14 10:02:25.0171 2840 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/06/14 10:02:25.0421 2840 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/06/14 10:02:25.0656 2840 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/06/14 10:02:25.0968 2840 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/06/14 10:02:27.0265 2840 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/06/14 10:02:27.0500 2840 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/06/14 10:02:27.0734 2840 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/06/14 10:02:28.0000 2840 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/06/14 10:02:28.0234 2840 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/06/14 10:02:28.0468 2840 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/06/14 10:02:28.0718 2840 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/06/14 10:02:28.0953 2840 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/06/14 10:02:29.0218 2840 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

2011/06/14 10:02:29.0484 2840 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys

2011/06/14 10:02:29.0718 2840 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

2011/06/14 10:02:30.0000 2840 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/06/14 10:02:30.0234 2840 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2011/06/14 10:02:30.0484 2840 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/06/14 10:02:30.0984 2840 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/06/14 10:02:31.0218 2840 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/06/14 10:02:31.0781 2840 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS

2011/06/14 10:02:32.0109 2840 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS

2011/06/14 10:02:32.0375 2840 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/06/14 10:02:32.0671 2840 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/06/14 10:02:33.0078 2840 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/06/14 10:02:33.0609 2840 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS

2011/06/14 10:02:33.0906 2840 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS

2011/06/14 10:02:34.0140 2840 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

2011/06/14 10:02:34.0437 2840 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS

2011/06/14 10:02:34.0734 2840 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS

2011/06/14 10:02:35.0250 2840 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/06/14 10:02:35.0515 2840 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/06/14 10:02:35.0796 2840 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/06/14 10:02:35.0968 2840 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/06/14 10:02:36.0187 2840 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/06/14 10:02:36.0609 2840 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/06/14 10:02:36.0921 2840 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/06/14 10:02:37.0218 2840 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/06/14 10:02:37.0437 2840 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/06/14 10:02:37.0640 2840 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys

2011/06/14 10:02:37.0921 2840 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/06/14 10:02:38.0171 2840 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys

2011/06/14 10:02:38.0390 2840 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/06/14 10:02:38.0609 2840 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/06/14 10:02:38.0843 2840 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys

2011/06/14 10:02:39.0093 2840 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/06/14 10:02:39.0343 2840 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/06/14 10:02:39.0593 2840 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/06/14 10:02:39.0859 2840 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/06/14 10:02:40.0046 2840 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/06/14 10:02:40.0250 2840 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys

2011/06/14 10:02:40.0453 2840 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/06/14 10:02:40.0671 2840 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/06/14 10:02:41.0015 2840 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/06/14 10:02:41.0281 2840 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/06/14 10:02:41.0500 2840 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

2011/06/14 10:02:41.0765 2840 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys

2011/06/14 10:02:42.0140 2840 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/06/14 10:02:42.0609 2840 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys

2011/06/14 10:02:43.0109 2840 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/06/14 10:02:43.0468 2840 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/06/14 10:02:43.0937 2840 zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys

2011/06/14 10:02:44.0171 2840 MBR (0x1B8) (bad0263fbe81b49f5f07b32dc9d198b3) \Device\Harddisk0\DR0

2011/06/14 10:02:44.0187 2840 ================================================================================

2011/06/14 10:02:44.0187 2840 Scan finished

2011/06/14 10:02:44.0187 2840 ================================================================================

2011/06/14 10:02:44.0218 3692 Detected object count: 0

2011/06/14 10:02:44.0218 3692 Actual detected object count: 0

Link to post
Share on other sites

We'll do a new MBAM scan later.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Ran combofix, I haven't had any redirects so far... Will keep you posted though.

Combofix log:

ComboFix 11-06-13.06 - Alex 06/14/2011 10:52:54.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.134 [GMT -7:00]

Running from: c:\documents and settings\Alex.YOUR-27E1513D96\Desktop\ComboFix.exe

AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\docume~1\ALEX~1.YOU\LOCALS~1\Temp\IadHide5.dll

c:\documents and settings\Alex.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\mkcpxvmu.default\extensions\{13c8085d-e1a6-466f-a1bb-446a9e4743c0}

c:\documents and settings\Alex.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\mkcpxvmu.default\extensions\{13c8085d-e1a6-466f-a1bb-446a9e4743c0}\chrome.manifest

c:\documents and settings\Alex.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\mkcpxvmu.default\extensions\{13c8085d-e1a6-466f-a1bb-446a9e4743c0}\chrome\xulcache.jar

c:\documents and settings\Alex.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\mkcpxvmu.default\extensions\{13c8085d-e1a6-466f-a1bb-446a9e4743c0}\defaults\preferences\xulcache.js

c:\documents and settings\Alex.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\mkcpxvmu.default\extensions\{13c8085d-e1a6-466f-a1bb-446a9e4743c0}\install.rdf

c:\documents and settings\Alex.YOUR-27E1513D96\Local Settings\Temp\IadHide5.dll

c:\documents and settings\Alex.YOUR-27E1513D96\Recent\Thumbs.db

c:\documents and settings\Alex.YOUR-27E1513D96\WINDOWS

c:\documents and settings\Alex\Application Data\inst.exe

c:\documents and settings\Alex\WINDOWS

c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{13c8085d-e1a6-466f-a1bb-446a9e4743c0}

c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{13c8085d-e1a6-466f-a1bb-446a9e4743c0}\chrome.manifest

c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{13c8085d-e1a6-466f-a1bb-446a9e4743c0}\chrome\xulcache.jar

c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{13c8085d-e1a6-466f-a1bb-446a9e4743c0}\defaults\preferences\xulcache.js

c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{13c8085d-e1a6-466f-a1bb-446a9e4743c0}\install.rdf

c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{3087f1e0-e7d6-4f55-8436-cbca6ad1d0bf}

c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{3087f1e0-e7d6-4f55-8436-cbca6ad1d0bf}\chrome.manifest

c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{3087f1e0-e7d6-4f55-8436-cbca6ad1d0bf}\chrome\xulcache.jar

c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{3087f1e0-e7d6-4f55-8436-cbca6ad1d0bf}\defaults\preferences\xulcache.js

c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{3087f1e0-e7d6-4f55-8436-cbca6ad1d0bf}\install.rdf

c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{39f1a78d-10a6-4d48-85dd-efb58c98e39d}

c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{39f1a78d-10a6-4d48-85dd-efb58c98e39d}\chrome.manifest

c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{39f1a78d-10a6-4d48-85dd-efb58c98e39d}\chrome\xulcache.jar

c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{39f1a78d-10a6-4d48-85dd-efb58c98e39d}\defaults\preferences\xulcache.js

c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{39f1a78d-10a6-4d48-85dd-efb58c98e39d}\install.rdf

c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{ca62d5d9-1b07-4fcc-9cd9-9674fc2715b4}

c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{ca62d5d9-1b07-4fcc-9cd9-9674fc2715b4}\chrome.manifest

c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{ca62d5d9-1b07-4fcc-9cd9-9674fc2715b4}\chrome\xulcache.jar

c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{ca62d5d9-1b07-4fcc-9cd9-9674fc2715b4}\defaults\preferences\xulcache.js

c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{ca62d5d9-1b07-4fcc-9cd9-9674fc2715b4}\install.rdf

c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{d5d50813-fdf1-4680-98f5-84924cc535d7}

c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{d5d50813-fdf1-4680-98f5-84924cc535d7}\chrome.manifest

c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{d5d50813-fdf1-4680-98f5-84924cc535d7}\chrome\xulcache.jar

c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{d5d50813-fdf1-4680-98f5-84924cc535d7}\defaults\preferences\xulcache.js

c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{d5d50813-fdf1-4680-98f5-84924cc535d7}\install.rdf

c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{f3ec5a95-5a3b-4538-8f3d-793fdae3d29b}

c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{f3ec5a95-5a3b-4538-8f3d-793fdae3d29b}\chrome.manifest

c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{f3ec5a95-5a3b-4538-8f3d-793fdae3d29b}\chrome\xulcache.jar

c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{f3ec5a95-5a3b-4538-8f3d-793fdae3d29b}\defaults\preferences\xulcache.js

c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{f3ec5a95-5a3b-4538-8f3d-793fdae3d29b}\install.rdf

c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\WINDOWS

c:\documents and settings\Compaq_Owner\Application Data\TMInc

c:\documents and settings\Compaq_Owner\Application Data\TMInc\game.cfg

c:\documents and settings\Compaq_Owner\Application Data\TMInc\user1.sav

c:\documents and settings\Compaq_Owner\WINDOWS

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\Guest.YOUR-27E1513D96\WINDOWS

c:\documents and settings\Guest\WINDOWS

c:\documents and settings\princesa fiat.YOUR-27E1513D96\WINDOWS

c:\documents and settings\princesa fiat\WINDOWS

c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Gmail

c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{13c8085d-e1a6-466f-a1bb-446a9e4743c0}

c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{13c8085d-e1a6-466f-a1bb-446a9e4743c0}\chrome.manifest

c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{13c8085d-e1a6-466f-a1bb-446a9e4743c0}\chrome\xulcache.jar

c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{13c8085d-e1a6-466f-a1bb-446a9e4743c0}\defaults\preferences\xulcache.js

c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{13c8085d-e1a6-466f-a1bb-446a9e4743c0}\install.rdf

c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{3087f1e0-e7d6-4f55-8436-cbca6ad1d0bf}

c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{3087f1e0-e7d6-4f55-8436-cbca6ad1d0bf}\chrome.manifest

c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{3087f1e0-e7d6-4f55-8436-cbca6ad1d0bf}\chrome\xulcache.jar

c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{3087f1e0-e7d6-4f55-8436-cbca6ad1d0bf}\defaults\preferences\xulcache.js

c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{3087f1e0-e7d6-4f55-8436-cbca6ad1d0bf}\install.rdf

c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{39f1a78d-10a6-4d48-85dd-efb58c98e39d}

c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{39f1a78d-10a6-4d48-85dd-efb58c98e39d}\chrome.manifest

c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{39f1a78d-10a6-4d48-85dd-efb58c98e39d}\chrome\xulcache.jar

c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{39f1a78d-10a6-4d48-85dd-efb58c98e39d}\defaults\preferences\xulcache.js

c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{39f1a78d-10a6-4d48-85dd-efb58c98e39d}\install.rdf

c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{ca62d5d9-1b07-4fcc-9cd9-9674fc2715b4}

c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{ca62d5d9-1b07-4fcc-9cd9-9674fc2715b4}\chrome.manifest

c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{ca62d5d9-1b07-4fcc-9cd9-9674fc2715b4}\chrome\xulcache.jar

c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{ca62d5d9-1b07-4fcc-9cd9-9674fc2715b4}\defaults\preferences\xulcache.js

c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{ca62d5d9-1b07-4fcc-9cd9-9674fc2715b4}\install.rdf

c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{d5d50813-fdf1-4680-98f5-84924cc535d7}

c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{d5d50813-fdf1-4680-98f5-84924cc535d7}\chrome.manifest

c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{d5d50813-fdf1-4680-98f5-84924cc535d7}\chrome\xulcache.jar

c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{d5d50813-fdf1-4680-98f5-84924cc535d7}\defaults\preferences\xulcache.js

c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{d5d50813-fdf1-4680-98f5-84924cc535d7}\install.rdf

c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{f3ec5a95-5a3b-4538-8f3d-793fdae3d29b}

c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{f3ec5a95-5a3b-4538-8f3d-793fdae3d29b}\chrome.manifest

c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{f3ec5a95-5a3b-4538-8f3d-793fdae3d29b}\chrome\xulcache.jar

c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{f3ec5a95-5a3b-4538-8f3d-793fdae3d29b}\defaults\preferences\xulcache.js

c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{f3ec5a95-5a3b-4538-8f3d-793fdae3d29b}\install.rdf

c:\documents and settings\Rosemary.YOUR-27E1513D96\WINDOWS

c:\documents and settings\Rosemary\Application Data\.#

c:\documents and settings\Rosemary\Application Data\.#\MBX@16E0@384180.###

c:\documents and settings\Rosemary\Application Data\.#\MBX@16E0@3841B0.###

c:\documents and settings\Rosemary\Application Data\.#\MBX@16E0@3841E0.###

c:\documents and settings\Rosemary\WINDOWS

c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf

c:\windows\run.log

c:\windows\system32\ativtmxx32.dll

c:\windows\system32\config\systemprofile\WINDOWS

D:\Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2011-05-14 to 2011-06-14 )))))))))))))))))))))))))))))))

.

.

2011-05-29 23:37 . 2011-05-29 23:37 -------- d-----w- c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Malwarebytes

2011-05-28 20:07 . 2011-05-28 20:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-15 02:23 . 2011-05-15 02:23 0 ---ha-w- c:\windows\system32\qqaxzcpxhr.tmp

2011-04-29 02:24 . 2011-04-29 02:24 0 ---ha-w- c:\documents and settings\Rosemary.YOUR-27E1513D96\qqaxzcpxhr.tmp

2011-04-24 15:48 . 2011-04-24 15:48 0 ---ha-w- c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\qqaxzcpxhr.tmp

2011-04-06 17:34 . 2011-04-06 17:34 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-04-05 00:44 . 2011-04-05 00:44 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2011-04-05 00:44 . 2011-04-05 00:44 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-04-03 23:32 . 2011-04-03 23:32 0 ---ha-w- c:\documents and settings\Alex.YOUR-27E1513D96\qqaxzcpxhr.tmp

2011-04-30 20:35 . 2011-03-25 00:10 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2009-04-01 05:47 . 2008-10-24 21:52 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll

2008-11-05 18:23 . 2008-11-05 18:24 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-02-05 00:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-05 1197448]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]

"HostManager"="c:\program files\Common Files\AOL\1256577640\EE\AOLHostManager.exe" [2004-11-03 125528]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-21 202256]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]

"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-03-28 57344]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-09 47904]

"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 34904]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

.

c:\documents and settings\Alex\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

MEMonitor.lnk - c:\program files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [N/A]

.

c:\documents and settings\Rosemary\Start Menu\Programs\Startup\

LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-3-30 503808]

.

c:\documents and settings\Rosemary.YOUR-27E1513D96\Start Menu\Programs\Startup\

LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-3-30 503808]

.

c:\documents and settings\Alex.YOUR-27E1513D96\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

MEMonitor.lnk - c:\program files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [N/A]

PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2010-6-17 447952]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2005-8-9 36903]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\drivers\\svchost.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\Common Files\\AOL\\1256577640\\EE\\AOLServiceHost.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=

"c:\\Program Files\\America Online 9.0a\\waol.exe"=

"c:\\Program Files\\America Online 9.0b\\waol.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R1 MpKsl189476f3;MpKsl189476f3;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C74EC8E8-93CD-4C30-915D-1AD5EC2864ED}\MpKsl189476f3.sys [x]

R1 MpKsl1eaf214a;MpKsl1eaf214a;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7BFEE481-3B7E-4A2E-9568-49DCBBDCD699}\MpKsl1eaf214a.sys [x]

R1 MpKsl248ca737;MpKsl248ca737;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A59632A-7DE1-432D-BCBC-C27FC2375301}\MpKsl248ca737.sys [x]

R1 MpKsl7856198f;MpKsl7856198f;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A59632A-7DE1-432D-BCBC-C27FC2375301}\MpKsl7856198f.sys [x]

R1 MpKsl95da7b5a;MpKsl95da7b5a;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A59632A-7DE1-432D-BCBC-C27FC2375301}\MpKsl95da7b5a.sys [x]

R1 MpKslc73aaf1a;MpKslc73aaf1a;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A59632A-7DE1-432D-BCBC-C27FC2375301}\MpKslc73aaf1a.sys [x]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-18 133104]

R3 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-18 133104]

R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]

R3 htcdiag;HTC Android Diag Port;c:\windows\system32\DRIVERS\htcdiag.sys [2009-02-25 101376]

R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 268528]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\SYMDS.SYS [2010-02-04 328752]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\SYMEFA.SYS [2010-04-22 173104]

S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110519.002\BHDrvx86.sys [2011-05-19 810616]

S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\ccHPx86.sys [2010-02-26 501888]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\Ironx86.SYS [2010-04-29 116784]

S2 N360;Norton 360;c:\program files\Norton 360\Norton 360\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-10 105592]

S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110610.006\IDSxpx86.sys [2011-06-03 355256]

S3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm.sys [2006-09-28 9472]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WUAUSERV

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

.

2011-06-12 c:\windows\Tasks\CCleaner.job

- c:\program files\CCleaner\CCleaner.exe [2009-10-22 18:32]

.

2011-06-14 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 18:20]

.

2011-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-18 07:11]

.

2011-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-18 07:11]

.

2011-06-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1466507265-3955298561-2766828942-1009.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

.

2011-06-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1466507265-3955298561-2766828942-1010.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

.

2011-06-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1466507265-3955298561-2766828942-1011.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

.

2011-04-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1466507265-3955298561-2766828942-1009.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

.

2011-04-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1466507265-3955298561-2766828942-1010.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

.

2011-06-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1466507265-3955298561-2766828942-1011.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

.

2011-06-14 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2010-02-05 00:50]

.

2011-06-14 c:\windows\Tasks\User_Feed_Synchronization-{3F14442E-A655-4B89-9B97-4A15BC58CD0C}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

.

2011-06-14 c:\windows\Tasks\User_Feed_Synchronization-{4311C772-6E19-470E-8699-9B3BD2B9285D}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

.

2011-06-14 c:\windows\Tasks\User_Feed_Synchronization-{4E12AE8E-4909-4DEE-BFC4-6E81356C2399}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.msn.com

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\Alex.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\mkcpxvmu.default\

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{001872DF-507C-48D7-8CFA-C57FA33CE83a} - c:\windows\system32\ativtmxx32.dll

BHO-{00192B3E-24D5-40A1-B750-A15ED80AE3A1} - c:\windows\system32\ativtmxx32.dll

BHO-{0030E5BE-507C-48D7-8CFA-C57FA33CE83a} - (no file)

BHO-{0032567D-24D5-40A1-B750-A15ED80AE3A1} - (no file)

BHO-{0061CB7C-507C-48D7-8CFA-C57FA33CE83a} - (no file)

BHO-{0064ACFB-24D5-40A1-B750-A15ED80AE3A1} - (no file)

BHO-{00C396F8-507C-48D7-8CFA-C57FA33CE83a} - c:\windows\system32\ativtmxx32.dll

BHO-{00C959F7-24D5-40A1-B750-A15ED80AE3A1} - c:\windows\system32\ativtmxx32.dll

BHO-{01872DF1-507C-48D7-8CFA-C57FA33CE83a} - c:\windows\system32\ativtmxx32.dll

BHO-{01A72C05-D6D6-4F46-A9F9-F1EE038B98Ab} - c:\windows\system32\ativtmxx32.dll

BHO-{032567DE-24D5-40A1-B750-A15ED80AE3A1} - c:\windows\system32\ativtmxx32.dll

BHO-{034E580B-D6D6-4F46-A9F9-F1EE038B98Ab} - c:\windows\system32\ativtmxx32.dll

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKCU-Run-Lala Music Mover - c:\program files\Lala.com\Lala Music Mover\LalaMover.exe

HKLM-Run-PCDrProfiler - (no file)

SafeBoot-Wdf01000.sys

SafeBoot-WudfPf

SafeBoot-WudfRd

AddRemove-VCast Music Essentials Manager - c:\progra~1\VERIZO~1\VCASTM~1\Setup.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-14 11:23

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton 360\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(604)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(3776)

c:\windows\system32\WININET.dll

c:\docume~1\ALEX~1.YOU\LOCALS~1\Temp\IadHide5.dll

c:\program files\Common Files\AOL\ACS\WLHook.dll

c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\MSVCR90.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Common Files\aolshare\aolshcpy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\LEXBCES.EXE

c:\windows\system32\LEXPPS.EXE

c:\program files\Common Files\AOL\ACS\AOLAcsd.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\RealVNC\VNC4\WinVNC4.exe

c:\windows\system32\ZuneBusEnum.exe

c:\program files\Zune\ZuneNss.exe

c:\windows\system32\Ati2evxx.exe

c:\progra~1\COMMON~1\AOL\125657~1\EE\AOLHOS~1.EXE

c:\program files\Lexmark X1100 Series\lxbkbmon.exe

c:\progra~1\COMMON~1\AOL\125657~1\EE\AOLServiceHost.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

.

**************************************************************************

.

Completion time: 2011-06-14 11:42:52 - machine was rebooted

ComboFix-quarantined-files.txt 2011-06-14 18:42

.

Pre-Run: 22,103,027,712 bytes free

Post-Run: 23,933,743,104 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

.

- - End Of File - - C2F14AD598D95819D09145F671367222

Link to post
Share on other sites

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

File::
c:\windows\system32\qqaxzcpxhr.tmp
c:\documents and settings\Rosemary.YOUR-27E1513D96\qqaxzcpxhr.tmp
c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\qqaxzcpxhr.tmp
c:\documents and settings\Alex.YOUR-27E1513D96\qqaxzcpxhr.tmp

Folder::
c:\program files\Ask.com

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Computer behavior is the same as my last post (No redirects so far). It seems as though it's back to normal, but I'll wait until we're finished to make any other assessments.

ComboFix log:

ComboFix 11-06-14.01 - Alex 06/14/2011 12:19:52.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.165 [GMT -7:00]

Running from: c:\documents and settings\Alex.YOUR-27E1513D96\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Alex.YOUR-27E1513D96\Desktop\CFScript.txt

AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

FILE ::

"c:\documents and settings\Alex.YOUR-27E1513D96\qqaxzcpxhr.tmp"

"c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\qqaxzcpxhr.tmp"

"c:\documents and settings\Rosemary.YOUR-27E1513D96\qqaxzcpxhr.tmp"

"c:\windows\system32\qqaxzcpxhr.tmp"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Ask.com

c:\program files\Ask.com\cobrand.ico

c:\program files\Ask.com\config.xml

c:\program files\Ask.com\favicon.ico

c:\program files\Ask.com\GenericAskToolbar.dll

c:\program files\Ask.com\mupcfg.xml

c:\program files\Ask.com\SaUpdate.exe

c:\program files\Ask.com\Thumbs.db

c:\program files\Ask.com\UpdateTask.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-05-14 to 2011-06-14 )))))))))))))))))))))))))))))))

.

.

2011-05-29 23:37 . 2011-05-29 23:37 -------- d-----w- c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Malwarebytes

2011-05-28 20:07 . 2011-05-28 20:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-15 02:23 . 2011-05-15 02:23 0 ---ha-w- c:\windows\system32\qqaxzcpxhr.tmp

2011-04-29 02:24 . 2011-04-29 02:24 0 ---ha-w- c:\documents and settings\Rosemary.YOUR-27E1513D96\qqaxzcpxhr.tmp

2011-04-24 15:48 . 2011-04-24 15:48 0 ---ha-w- c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\qqaxzcpxhr.tmp

2011-04-06 17:34 . 2011-04-06 17:34 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-04-05 00:44 . 2011-04-05 00:44 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2011-04-05 00:44 . 2011-04-05 00:44 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-04-03 23:32 . 2011-04-03 23:32 0 ---ha-w- c:\documents and settings\Alex.YOUR-27E1513D96\qqaxzcpxhr.tmp

2011-04-30 20:35 . 2011-03-25 00:10 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2009-04-01 05:47 . 2008-10-24 21:52 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll

2008-11-05 18:23 . 2008-11-05 18:24 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]

"HostManager"="c:\program files\Common Files\AOL\1256577640\EE\AOLHostManager.exe" [2004-11-03 125528]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-21 202256]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]

"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-03-28 57344]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-09 47904]

"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 34904]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

.

c:\documents and settings\Alex\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

MEMonitor.lnk - c:\program files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [N/A]

.

c:\documents and settings\Rosemary\Start Menu\Programs\Startup\

LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-3-30 503808]

.

c:\documents and settings\Rosemary.YOUR-27E1513D96\Start Menu\Programs\Startup\

LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-3-30 503808]

.

c:\documents and settings\Alex.YOUR-27E1513D96\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

MEMonitor.lnk - c:\program files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [N/A]

PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2010-6-17 447952]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2005-8-9 36903]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\drivers\\svchost.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\Common Files\\AOL\\1256577640\\EE\\AOLServiceHost.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=

"c:\\Program Files\\America Online 9.0a\\waol.exe"=

"c:\\Program Files\\America Online 9.0b\\waol.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [4/5/2011 7:04 PM 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [4/5/2011 7:04 PM 173104]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110519.002\BHDrvx86.sys [6/14/2011 9:39 AM 810616]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [4/5/2011 7:04 PM 501888]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [4/5/2011 7:04 PM 116784]

R2 N360;Norton 360;c:\program files\Norton 360\Norton 360\Engine\4.3.0.5\ccsvchst.exe [4/5/2011 7:03 PM 126392]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/9/2011 7:11 PM 105592]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110610.006\IDSXpx86.sys [6/14/2011 9:39 AM 355256]

R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [6/17/2010 3:07 PM 9472]

S1 MpKsl189476f3;MpKsl189476f3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C74EC8E8-93CD-4C30-915D-1AD5EC2864ED}\MpKsl189476f3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C74EC8E8-93CD-4C30-915D-1AD5EC2864ED}\MpKsl189476f3.sys [?]

S1 MpKsl1eaf214a;MpKsl1eaf214a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7BFEE481-3B7E-4A2E-9568-49DCBBDCD699}\MpKsl1eaf214a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7BFEE481-3B7E-4A2E-9568-49DCBBDCD699}\MpKsl1eaf214a.sys [?]

S1 MpKsl248ca737;MpKsl248ca737;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A59632A-7DE1-432D-BCBC-C27FC2375301}\MpKsl248ca737.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A59632A-7DE1-432D-BCBC-C27FC2375301}\MpKsl248ca737.sys [?]

S1 MpKsl7856198f;MpKsl7856198f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A59632A-7DE1-432D-BCBC-C27FC2375301}\MpKsl7856198f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A59632A-7DE1-432D-BCBC-C27FC2375301}\MpKsl7856198f.sys [?]

S1 MpKsl95da7b5a;MpKsl95da7b5a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A59632A-7DE1-432D-BCBC-C27FC2375301}\MpKsl95da7b5a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A59632A-7DE1-432D-BCBC-C27FC2375301}\MpKsl95da7b5a.sys [?]

S1 MpKslc73aaf1a;MpKslc73aaf1a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A59632A-7DE1-432D-BCBC-C27FC2375301}\MpKslc73aaf1a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A59632A-7DE1-432D-BCBC-C27FC2375301}\MpKslc73aaf1a.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/18/2009 12:13 AM 133104]

S3 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [9/21/2010 4:42 PM 401920]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/18/2009 12:13 AM 133104]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [5/14/2010 9:01 PM 24576]

S3 htcdiag;HTC Android Diag Port;c:\windows\system32\drivers\htcdiag.sys [5/14/2010 9:01 PM 101376]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [9/24/2010 2:19 PM 268528]

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

.

2011-06-12 c:\windows\Tasks\CCleaner.job

- c:\program files\CCleaner\CCleaner.exe [2009-10-22 18:32]

.

2011-06-14 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 18:20]

.

2011-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-18 07:11]

.

2011-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-18 07:11]

.

2011-06-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1466507265-3955298561-2766828942-1009.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

.

2011-06-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1466507265-3955298561-2766828942-1010.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

.

2011-06-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1466507265-3955298561-2766828942-1011.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

.

2011-04-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1466507265-3955298561-2766828942-1009.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

.

2011-04-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1466507265-3955298561-2766828942-1010.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

.

2011-06-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1466507265-3955298561-2766828942-1011.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

.

2011-06-14 c:\windows\Tasks\User_Feed_Synchronization-{3F14442E-A655-4B89-9B97-4A15BC58CD0C}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

.

2011-06-14 c:\windows\Tasks\User_Feed_Synchronization-{4311C772-6E19-470E-8699-9B3BD2B9285D}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

.

2011-06-14 c:\windows\Tasks\User_Feed_Synchronization-{4E12AE8E-4909-4DEE-BFC4-6E81356C2399}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.msn.com

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\Alex.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\mkcpxvmu.default\

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-14 12:48

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton 360\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(588)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(3988)

c:\windows\system32\WININET.dll

c:\docume~1\ALEX~1.YOU\LOCALS~1\Temp\IadHide5.dll

c:\program files\Common Files\AOL\ACS\WLHook.dll

c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\MSVCR90.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Common Files\aolshare\aolshcpy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\LEXBCES.EXE

c:\windows\system32\LEXPPS.EXE

c:\program files\Common Files\AOL\ACS\AOLAcsd.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\RealVNC\VNC4\WinVNC4.exe

c:\windows\system32\ZuneBusEnum.exe

c:\program files\Zune\ZuneNss.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Lexmark X1100 Series\lxbkbmon.exe

c:\progra~1\COMMON~1\AOL\125657~1\EE\AOLHOS~1.EXE

c:\progra~1\COMMON~1\AOL\125657~1\EE\AOLServiceHost.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2011-06-14 13:02:23 - machine was rebooted

ComboFix-quarantined-files.txt 2011-06-14 20:02

ComboFix2.txt 2011-06-14 18:42

.

Pre-Run: 23,930,048,512 bytes free

Post-Run: 23,843,586,048 bytes free

.

- - End Of File - - 6AB44A5C8EC9F9C7B2B4474A1DF006A8

Link to post
Share on other sites

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    5. Change the Download signed ActiveX controls to Prompt
    6. Change the Download unsigned ActiveX controls to Disable
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
    8. Change the Installation of desktop items to Prompt
    9. Change the Launching programs and files in an IFRAME to Prompt
    10. Change the Navigate sub-frames across different domains to Prompt
    11. When all these settings have been made, click on the OK button.
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    13. Next press the Apply button and then the OK to exit the Internet Properties page.

    [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

    Without a firewall your computer is succeptible to being hacked and taken over.

    I am very serious about this and see it happen almost every day with my clients.

    Simply using a Firewall in its default configuration can lower your risk greatly.

    [*]Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.