Jump to content

Google Redirect & no system restore


Recommended Posts

Hello, I also have been fighting this google redirect problem for a few weeks now, with the other following symptoms:

1) IE keeps running in Task manager

2) printer spooler not starting

3) unable to complete a system restore

4)lost programs in start menu

5) desktop icons hidden

6)windows service pack 3 will not install with setup error "windows\system32\drivers\volsnap.sys is open or in use by another application".

7)windows update had not been working, and I used windows update reset microsoft fix-it #50202 to get it running again

8) used Malwarebytes numerous times and also paid for PRO but it will not load with errors "start service failed to perform desired action error code 1068"

Windows XP home ver 5.1.2600 service pack 2 build 2600

IE explorer 8 version 0

Should I run the ComboFix.exe program to solve this?

Thanks for any help!

Link to post
Share on other sites

Hello lionvp and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Should I run the ComboFix.exe program to solve this?

If you mean on your own, absolutely not. ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained.

It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

With that said, please do the following:

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • C:\ComboFix.txt
  • TDSSKiller log
  • Security Check checkup.txt

How is your computer running now?

Link to post
Share on other sites

Here is the DDS and GMER info. The GMER ran with the IAT/EAT box checked. I am re-running it now with that box unchecked, but it is taking its time. I also had run the Defogger program. I downloaded and extracted the TDSKILLER.exe program, but it does not seem to run, only the "sands of time" icon flashes briefly when I try

to run it. Do you want me to download and run the combofix.exe program next?

Thanks for any help..

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15

Run by Paul at 11:45:03 on 2011-07-02

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1013.432 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

svchost.exe

C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\WINDOWS\system32\mfevtps.exe

C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe

C:\WINDOWS\system32\CAPM1RSK.EXE

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files\Dantz\Retrospect\retrorun.exe

C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe

C:\WINDOWS\System32\snmp.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\WINDOWS\system32\fxssvc.exe

C:\WINDOWS\system32\CAPM1RSK.EXE

C:\WINDOWS\system32\CAPM1RSK.EXE

C:\WINDOWS\system32\CAPM1RSK.EXE

C:\WINDOWS\system32\CAPM1RSK.EXE

C:\Program Files\Citrix\GoToMyPC\G2ProcessFactory.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\Mozilla Firefox\firefox.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uWindow Title = Windows Internet Explorer provided by MSN & Bing

mSearch Bar = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110513141811.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

IE: &Search

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1269096774406

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab

DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{2C2CBADC-C982-43E6-84B1-3CEAFEEF45BD} : DhcpNameServer = 192.168.1.254

Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\paul\application data\mozilla\firefox\profiles\ar55773n.default\

FF - component: c:\documents and settings\paul\application data\mozilla\firefox\profiles\ar55773n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\documents and settings\paul\application data\mozilla\firefox\profiles\ar55773n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll

FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

FF - component: c:\program files\mozilla firefox\components\Scriptff.dll

FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\musicnotes\npmusicn.dll

FF - plugin: c:\program files\musicnotes\NPSibelius.dll

FF - plugin: c:\program files\picasa2\npPicasa2.dll

FF - plugin: c:\program files\picasa2\npPicasa3.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-1 387480]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-3-1 84200]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-1 271480]

R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-1 271480]

R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-3-1 171168]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-3-1 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-3-1 141792]

R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [2008-2-29 34916]

R2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER;c:\ups\wstd\mssql$upswsdbserver\binn\sqlservr.exe -supswsdbserver --> c:\ups\wstd\mssql$upswsdbserver\binn\sqlservr.exe -sUPSWSDBSERVER [?]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-3-1 153280]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-3-1 52320]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-1 314088]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-3-1 88736]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-21 363344]

S2 RapidPortM1;RapidPortM1;c:\windows\system32\drivers\CAPM1LP.SYS [2008-1-29 22912]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-1 56064]

S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-1-21 30192]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664]

S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-3-1 88736]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-1 84488]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-10 14336]

S3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER;c:\ups\wstd\mssql$upswsdbserver\binn\sqlagent.exe -i upswsdbserver --> c:\ups\wstd\mssql$upswsdbserver\binn\sqlagent.EXE -i UPSWSDBSERVER [?]

.

=============== Created Last 30 ================

.

2011-06-30 18:05:47 -------- d-----w- c:\documents and settings\all users\application data\McAfee Security Scan

2011-06-30 18:05:46 -------- d-----w- c:\program files\McAfee Security Scan

2011-06-30 15:40:29 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2011-06-30 15:40:28 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

2011-06-27 20:59:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-21 13:11:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-21 13:11:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-18 17:47:13 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-06-18 17:47:12 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe

2011-06-18 17:47:11 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-06-18 17:47:11 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-06-18 17:47:11 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll

2011-06-18 17:47:11 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-06-18 17:47:11 1850328 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-06-18 17:47:11 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-06-07 17:35:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2011-06-07 17:35:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

.

==================== Find3M ====================

.

2011-04-14 19:01:38 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-04-14 19:01:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-04-14 19:01:38 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2011-04-14 19:01:38 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-04-14 19:01:38 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2011-04-14 19:01:38 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-04-14 19:01:38 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-04-14 19:01:38 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-04-14 19:01:38 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-04-14 19:01:38 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-04-14 19:01:38 141792 ----a-w- c:\windows\system32\mfevtps.exe

.

============= FINISH: 11:46:48.06 ===============

attach.zip

Link to post
Share on other sites

Sorry, I failed to mention this:

Here is the combofix file, and it is also included in the attach2.zip file with the TDSkiller and security check logs. The volsnap.sys file was replaced by combofix, and it seems to have helped. Should I reinstall McAffe now, or do you have a more secure recommendation for antivirus?

Thanks for your help!

***Note: In order for ComboFix to run properly McAfee must be uninstalled. Please go here and follow the instructions to uninstall McAfee.

You can reinstall it after the computer is clean.

ComboFix 11-07-01.02 - Paul 07/02/2011 13:11:02.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1013.587 [GMT -5:00]

Running from: c:\documents and settings\Paul\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\HelpAssistant\g2mdlhlpx.exe

c:\documents and settings\HelpAssistant\WINDOWS

c:\documents and settings\Paul\g2mdlhlpx.exe

c:\documents and settings\Paul\Local Settings\Application Data\{61A795F0-9FB4-4229-A3CD-E37BFDDBE4B7}

c:\documents and settings\Paul\Local Settings\Application Data\{61A795F0-9FB4-4229-A3CD-E37BFDDBE4B7}\chrome.manifest

c:\documents and settings\Paul\Local Settings\Application Data\{61A795F0-9FB4-4229-A3CD-E37BFDDBE4B7}\chrome\content\_cfg.js

c:\documents and settings\Paul\Local Settings\Application Data\{61A795F0-9FB4-4229-A3CD-E37BFDDBE4B7}\chrome\content\overlay.xul

c:\documents and settings\Paul\Local Settings\Application Data\{61A795F0-9FB4-4229-A3CD-E37BFDDBE4B7}\install.rdf

c:\documents and settings\Paul\Start Menu\Programs\Windows XP Repair

c:\documents and settings\Paul\Start Menu\Programs\Windows XP Repair\Uninstall Windows XP Repair.lnk

c:\documents and settings\Paul\Start Menu\Programs\Windows XP Repair\Windows XP Repair.lnk

c:\documents and settings\Paul\WINDOWS

c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf

c:\windows\system32\linkinfo(2).dll

.

Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected

Restored copy from - Kitty had a snack :P

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_MYWEBSEARCHSERVICE

.

.

((((((((((((((((((((((((( Files Created from 2011-06-02 to 2011-07-02 )))))))))))))))))))))))))))))))

.

.

2011-06-18 14:04 . 2011-06-18 16:14 -------- d-----w- c:\documents and settings\Administrator.VOSTRO-OFFICE.000

2011-06-07 17:35 . 2011-06-07 17:35 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2011-06-07 17:35 . 2011-06-07 17:35 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-30 15:40 . 2011-06-18 17:47 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-03-26 18:09 . 2010-03-26 18:09 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-17 1197648]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Canon PC1200 iC D600 iR1200G Status Window.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAPM1LAK.EXE [2003-11-3 30208]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]

2010-07-26 18:42 15216 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk

backup=c:\windows\pss\Billminder.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk

backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk

backup=c:\windows\pss\Quicken Startup.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UPS WorldShip Messaging Utility.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk

backup=c:\windows\pss\UPS WorldShip Messaging Utility.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UPS WorldShip PLD Reminder Utility.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk

backup=c:\windows\pss\UPS WorldShip PLD Reminder Utility.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2007-06-14 02:41 69632 ----a-w- c:\windows\ALCMTR.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2004-08-04 11:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]

2009-05-21 15:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

2007-11-15 15:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2010-03-26 18:09 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2007-06-14 01:21 162584 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2007-06-14 01:21 142104 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]

2009-11-26 06:04 1087752 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NA1Messenger]

2009-12-02 03:36 24576 ----a-w- c:\ups\WSTD\UPSNA1Msgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]

2006-10-11 17:45 75304 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]

2006-10-20 23:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2007-06-14 01:21 138008 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2008-05-27 15:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2007-06-14 02:41 16132608 ----a-w- c:\windows\RTHDCPL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

2006-09-28 18:16 185896 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-07-25 10:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2008-10-11 13:51 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2010-01-27 15:09 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]

2009-04-10 19:54 331776 ----a-w- c:\windows\system32\WDBtnMgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"GoToMyPC"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

"2479:TCP"= 2479:TCP:Services

"5052:TCP"= 5052:TCP:Services

"3389:TCP"= 3389:TCP:Remote Desktop

"2899:TCP"= 2899:TCP:Services

"4298:TCP"= 4298:TCP:Services

.

R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [2/29/2008 5:40 PM 34916]

R2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -sUPSWSDBSERVER --> c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -sUPSWSDBSERVER [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 8:04 AM 135664]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/21/2011 8:11 AM 363344]

S2 RapidPortM1;RapidPortM1;c:\windows\system32\drivers\CAPM1LP.SYS [1/29/2008 9:18 AM 22912]

S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/21/2008 11:54 AM 30192]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 8:04 AM 135664]

S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/10/2004 1:51 PM 14336]

S3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -i UPSWSDBSERVER --> c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -i UPSWSDBSERVER [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 13:04]

.

2011-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 13:04]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.254

Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\ar55773n.default\

.

- - - - ORPHANS REMOVED - - - -

.

Notify-NavLogon - (no file)

MSConfigStartUp-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

MSConfigStartUp-DellAutomatedPCTuneUp - c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe

MSConfigStartUp-My Web Search Bar - c:\progra~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL

MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe

MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

MSConfigStartUp-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL

MSConfigStartUp-pMkKaQsoKXBW - c:\documents and settings\All Users\Application Data\pMkKaQsoKXBW.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-02 13:17

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(696)

c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

.

- - - - - - - > 'explorer.exe'(432)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe

c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

c:\windows\system32\CAPM1RSK.EXE

c:\program files\Dantz\Retrospect\retrorun.exe

c:\progra~1\Dantz\RETROS~1\wdsvc.exe

c:\windows\System32\snmp.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2011-07-02 13:23:52 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-02 18:23

.

Pre-Run: 56,605,470,720 bytes free

Post-Run: 58,073,403,392 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 61038229D3EF380900E1959ACE6A2FA3

attach2.zip

Link to post
Share on other sites

Looking better! We still have some more to cleanup ;)

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Driver::

MYWEBSEARCHSERVICE

File::

C:\Windows\System32\Drivers\MYWEBSEARCHSERVICE.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know of any issues you've encountered :)

Link to post
Share on other sites

Hello and I trust you had some time to enjoy the weekend! I reran ComboFix, although it asked if I wanted to update the program before running and I did not update. I also took the liberty of running the ESET online scanner, but since I was connected through firefox, it ran from a separate window. Attached are the threats found. Thank you again for your help!

ComboFix 11-07-01.02 - Paul 07/05/2011 8:06.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1013.669 [GMT -5:00]

Running from: c:\documents and settings\Paul\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Paul\Desktop\CFScript.txt

* Created a new restore point

.

FILE ::

"c:\windows\system32\drivers\mywebsearchservice.sys"

.

.

((((((((((((((((((((((((( Files Created from 2011-06-05 to 2011-07-05 )))))))))))))))))))))))))))))))

.

.

2011-06-18 14:04 . 2011-06-18 16:14 -------- d-----w- c:\documents and settings\Administrator.VOSTRO-OFFICE.000

2011-06-07 17:35 . 2011-06-07 17:35 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2011-06-07 17:35 . 2011-06-07 17:35 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-30 15:40 . 2011-06-18 17:47 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-03-26 18:09 . 2010-03-26 18:09 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-07-02_18.17.10 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-07-05 13:13 . 2011-07-05 13:13 16384 c:\windows\temp\Perflib_Perfdata_764.dat

+ 2011-07-05 13:13 . 2011-07-05 13:13 16384 c:\windows\temp\Perflib_Perfdata_748.dat

+ 2011-07-05 13:13 . 2011-07-05 13:13 16384 c:\windows\temp\Perflib_Perfdata_290.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-17 1197648]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Canon PC1200 iC D600 iR1200G Status Window.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAPM1LAK.EXE [2003-11-3 30208]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]

2010-07-26 18:42 15216 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk

backup=c:\windows\pss\Billminder.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk

backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk

backup=c:\windows\pss\Quicken Startup.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UPS WorldShip Messaging Utility.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk

backup=c:\windows\pss\UPS WorldShip Messaging Utility.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UPS WorldShip PLD Reminder Utility.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk

backup=c:\windows\pss\UPS WorldShip PLD Reminder Utility.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2007-06-14 02:41 69632 ----a-w- c:\windows\ALCMTR.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2004-08-04 11:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]

2009-05-21 15:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

2007-11-15 15:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2010-03-26 18:09 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2007-06-14 01:21 162584 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2007-06-14 01:21 142104 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]

2009-11-26 06:04 1087752 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NA1Messenger]

2009-12-02 03:36 24576 ----a-w- c:\ups\WSTD\UPSNA1Msgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]

2006-10-11 17:45 75304 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]

2006-10-20 23:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2007-06-14 01:21 138008 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2008-05-27 15:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2007-06-14 02:41 16132608 ----a-w- c:\windows\RTHDCPL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

2006-09-28 18:16 185896 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-07-25 10:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2008-10-11 13:51 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2010-01-27 15:09 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]

2009-04-10 19:54 331776 ----a-w- c:\windows\system32\WDBtnMgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"GoToMyPC"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

"2479:TCP"= 2479:TCP:Services

"5052:TCP"= 5052:TCP:Services

"3389:TCP"= 3389:TCP:Remote Desktop

"2899:TCP"= 2899:TCP:Services

"4298:TCP"= 4298:TCP:Services

.

R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [2/29/2008 5:40 PM 34916]

R2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -sUPSWSDBSERVER --> c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -sUPSWSDBSERVER [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 8:04 AM 135664]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/21/2011 8:11 AM 363344]

S2 RapidPortM1;RapidPortM1;c:\windows\system32\drivers\CAPM1LP.SYS [1/29/2008 9:18 AM 22912]

S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/21/2008 11:54 AM 30192]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 8:04 AM 135664]

S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/10/2004 1:51 PM 14336]

S3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -i UPSWSDBSERVER --> c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -i UPSWSDBSERVER [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 13:04]

.

2011-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 13:04]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.254

Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\ar55773n.default\

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-05 08:19

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(696)

c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

.

- - - - - - - > 'explorer.exe'(3204)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe

c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

c:\windows\system32\CAPM1RSK.EXE

c:\program files\Dantz\Retrospect\retrorun.exe

c:\progra~1\Dantz\RETROS~1\wdsvc.exe

c:\windows\System32\snmp.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\windows\system32\spool\drivers\w32x86\3\CAPM1SWK.EXE

.

**************************************************************************

.

Completion time: 2011-07-05 08:22:00 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-05 13:21

ComboFix2.txt 2011-07-02 18:23

.

Pre-Run: 58,048,294,912 bytes free

Post-Run: 58,033,360,896 bytes free

.

- - End Of File - - F68D5CC598932021B603A801998221E6

C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\BCP6M6MQ\KAV6[1].htm JS/Exploit.Agent.NBA trojan cleaned by deleting - quarantined

C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\TX68MVYL\kav6[1].htm JS/Exploit.Agent.NBA trojan cleaned by deleting - quarantined

C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\6.0\49\73190831-67ba8f3e a variant of Java/Exploit.CVE-2010-4452.A trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1300\A0130697.sys Win32/Olmasco.E trojan deleted - quarantined

Link to post
Share on other sites

Looking good! ;)

Hello and I trust you had some time to enjoy the weekend!

I did, thanks! :D

Let's run one more online scan to confirm you're clean, before we move on:

Please use the Internet Explorer and run a BitDefender Online scan from Here

  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan

Please post the results in your next reply.

Link to post
Share on other sites

Looking good! ;)

I did, thanks! :D

Let's run one more online scan to confirm you're clean, before we move on:

Please use the Internet Explorer and run a BitDefender Online scan from Here

  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan

Please post the results in your next reply.

QuickScan Beta 32-bit v0.9.9.96

-------------------------------

Scan date: Tue Jul 05 17:02:45 2011

Machine ID: 5C91CCC6

No infection found.

-------------------

Processes

---------

Canon Advanced Printing Technology 208 C:\WINDOWS\system32\CAPM1RSK.EXE

Canon Advanced Printing Technology 3524 C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM1LAK.EXE

Canon Advanced Printing Technology 3572 C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM1SWK.EXE

Canon My Printer 3440 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

eEBSvc.exe 1652 C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe

Java Platform SE 6 U15 1864 C:\Program Files\Java\jre6\bin\jqs.exe

Microsoft SQL Server 1892 C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe

Microsoft® Windows® Operating System 3204 C:\WINDOWS\explorer.exe

Microsoft® Windows® Operating System 2316 C:\WINDOWS\system32\alg.exe

Microsoft® Windows® Operating System 672 C:\WINDOWS\system32\csrss.exe

Microsoft® Windows® Operating System 3160 C:\WINDOWS\system32\ctfmon.exe

Microsoft® Windows® Operating System 752 C:\WINDOWS\system32\lsass.exe

Microsoft® Windows® Operating System 740 C:\WINDOWS\system32\services.exe

Microsoft® Windows® Operating System 624 C:\WINDOWS\system32\smss.exe

Microsoft® Windows® Operating System 656 C:\WINDOWS\system32\snmp.exe

Microsoft® Windows® Operating System 1448 C:\WINDOWS\system32\spoolsv.exe

Microsoft® Windows® Operating System 928 C:\WINDOWS\system32\svchost.exe

Microsoft® Windows® Operating System 996 C:\WINDOWS\system32\svchost.exe

Microsoft® Windows® Operating System 1036 C:\WINDOWS\system32\svchost.exe

Microsoft® Windows® Operating System 1092 C:\WINDOWS\system32\svchost.exe

Microsoft® Windows® Operating System 1212 C:\WINDOWS\system32\svchost.exe

Microsoft® Windows® Operating System 1256 C:\WINDOWS\system32\svchost.exe

Microsoft® Windows® Operating System 1620 C:\WINDOWS\system32\svchost.exe

Microsoft® Windows® Operating System 696 C:\WINDOWS\system32\winlogon.exe

QuickBooks for Windows 1952 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

Retrospect 544 C:\Program Files\Dantz\Retrospect\retrorun.exe

Retrospect 644 C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe

SupportSoft sprtsvc 804 C:\Program Files\Dell Support Center\bin\sprtsvc.exe

(verified) Windows® Internet Explorer 10260 C:\Program Files\Internet Explorer\iexplore.exe

(verified) Windows® Internet Explorer 10444 C:\Program Files\Internet Explorer\iexplore.exe

Network activity

----------------

Process iexplore.exe (10260) connected on port 80 (HTTP) --> 207.152.124.59

Process iexplore.exe (10260) connected on port 80 (HTTP) --> 207.152.124.49

Process iexplore.exe (10260) connected on port 80 (HTTP) --> 209.85.225.96

Process iexplore.exe (10260) connected on port 80 (HTTP) --> 207.152.124.59

Process iexplore.exe (10260) connected on port 80 (HTTP) --> 207.152.124.59

Process iexplore.exe (10260) connected on port 80 (HTTP) --> 74.125.225.57

Process iexplore.exe (10260) connected on port 80 (HTTP) --> 74.125.225.14

Process iexplore.exe (10260) connected on port 443 (HTTP over SSL) --> 74.125.95.95

Process iexplore.exe (10260) connected on port 80 (HTTP) --> 207.152.124.59

Process iexplore.exe (10260) connected on port 443 (HTTP over SSL) --> 209.85.225.96

Process iexplore.exe (10260) connected on port 80 (HTTP) --> 207.152.124.59

Process iexplore.exe (10260) connected on port 80 (HTTP) --> 66.235.142.57

Process iexplore.exe (10260) connected on port 80 (HTTP) --> 69.171.228.14

Process iexplore.exe (10260) connected on port 80 (HTTP) --> 207.152.124.59

Process svchost.exe (996) listens on ports: 135 (RPC)

Process QBCFMonitorService.exe (1952) listens on ports: 8019

Autoruns and critical files

---------------------------

Canon Advanced Printing Technology C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM1LAK.EXE

Canon My Printer C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

GoToMyPC C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll

Intel® Common User Interface C:\WINDOWS\system32\igfxdev.dll

Malwarebytes' Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll

Microsoft® Windows® Operating System c:\windows\system32\userinit.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll

QuickTime C:\Program Files\QuickTime\qttask.exe

(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll

(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll

Browser plugins

---------------

AcroIEHelperShim Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll

Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll

Browser Address Error Redirector C:\Program Files\Dell\BAE\BAE.dll

Easy-WebPrint c:\program files\canon\easy-webprint\toolband.dll

Easy-WebPrint EWPBrowseLoader Module c:\program files\canon\easy-webprint\ewpbrowseloader.dll

frozen.dll C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\ar55773n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

Google Toolbar for Internet Explorer C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

Google Update C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

googletoolbar-ff3.dll C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\ar55773n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll

googletoolbar-ff4.dll C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\ar55773n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff4.dll

GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

InstallShield Update Service C:\WINDOWS\Downloaded Program Files\isusweb.dll

Java Deployment Toolkit 6.0.150.3 C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll

Java Platform SE 6 U15 C:\Program Files\Java\jre6\bin\jp2ssv.dll

Java Platform SE 6 U15 C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

Messenger C:\Program Files\Messenger\msmsgs.exe

Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll

Musicnotes C:\Program Files\Musicnotes\npmusicn.dll

npsibelius.dll C:\Program Files\Musicnotes\npsibelius.dll

NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

Picasa C:\Program Files\Picasa2\npPicasa2.dll

Picasa C:\Program Files\Picasa2\npPicasa3.dll

QuickTime Plug-in 7.5 (861) C:\Program Files\Internet Explorer\plugins\npqtplugin.dll

QuickTime Plug-in 7.5 (861) C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll

QuickTime Plug-in 7.5 (861) C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll

QuickTime Plug-in 7.5 (861) C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll

QuickTime Plug-in 7.5 (861) C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll

QuickTime Plug-in 7.5 (861) C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll

QuickTime Plug-in 7.5 (861) C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll

QuickTime Plug-in 7.5 (861) C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

QuickTime Plug-in 7.5 (861) C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

QuickTime Plug-in 7.5 (861) C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

QuickTime Plug-in 7.5 (861) C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

QuickTime Plug-in 7.5 (861) C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

QuickTime Plug-in 7.5 (861) C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

QuickTime Plug-in 7.5 (861) C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

RealPlayer Download and Record Plugin C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

RealPlayer G2 LiveConnect-Enabled P C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

RealPlayer G2 LiveConnect-Enabled P C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll

(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll

(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\mswsock.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll

(verified) RealJukebox NS Plugin C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll

(verified) RealJukebox NS Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

(verified) RealPlayer Version Plugin C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

(verified) RealPlayer Version Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

Scan

----

MD5: 8c3de46457b62e82035bfb1cba29fd7d C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\ar55773n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

MD5: 182bc06b8cddb225f1d9444e0af88003 C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\ar55773n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll

MD5: eb28fe2670c1670cd077c3976f6a68f7 C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\ar55773n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff4.dll

MD5: 4393dcb856a2a109e266e6f59e2ef31a C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

MD5: 64e5eee4ff6b9ef96ceb013cf20fa308 c:\program files\canon\easy-webprint\ewpbrowseloader.dll

MD5: f61fffa032544a035f7b30075c3e12d6 c:\program files\canon\easy-webprint\toolband.dll

MD5: b3540f5d4d772b87062e06b971951bd8 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

MD5: 0d6491da11562e7750e208cdb88a31c0 C:\Program Files\Canon\MyPrinter\BJMyRes.dll

MD5: 46b7a77463cb9dec2688cc42c7309c39 C:\Program Files\Citrix\GoToMyPC\g2svc.exe

MD5: 3f451bf615c2e23624bd31aa1fe0665a C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll

MD5: c3104be7d2b689ebe47e2aac64c07530 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

MD5: 203a74767eb81f96a5166b1933db46d0 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

MD5: ff575e76da89a3cede920bb71ee2f3c7 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

MD5: 27cd1c60031cc2d45b7446eedc6dfa86 C:\Program Files\Common Files\EPSON\EBAPI\EBPLPT.DLL

MD5: e5bff3e8de08f738ebfc488534aa6cbc C:\Program Files\Common Files\EPSON\EBAPI\eEBIPDev.dll

MD5: 59e302b619d88d22be87dd682d405730 C:\Program Files\Common Files\EPSON\EBAPI\eEBLPDev.dll

MD5: 6b2a03b5b97812ddbfe03bc8ceee0cab C:\Program Files\Common Files\EPSON\EBAPI\eEBMSDev.dll

MD5: c4e937e07f862c2ce84e65745b68963e C:\Program Files\Common Files\EPSON\EBAPI\eEBNWDev.dll

MD5: 9f51dd58d358fbed8eed9f2301d0fe1f C:\Program Files\Common Files\EPSON\EBAPI\eEBRSVC.dll

MD5: cd64ce62be47df0e9a459fd9002221fe C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe

MD5: be0dbb25706762ff6fec7210349fa8ac C:\Program Files\Common Files\Intuit\QuickBooks\CFScan.dll

MD5: 6bee1814470dc12fa20c53dfc3c97ebb C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

MD5: c8afe59e2d1fda67a6c5777a13082103 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

MD5: 98deebc97bc4788a242e7f8deb10e47b C:\Program Files\Common Files\Intuit\QuickBooks\QBDBPortFinder.dll

MD5: fc2741a70b84d7e7ba5f51a352669ee8 C:\Program Files\Common Files\Intuit\QuickBooks\stlport_r50.dll

MD5: 361ee3cab00e94aab27ba966ea44b1e8 C:\Program Files\Dantz\Retrospect\bdrock20.dll

MD5: 826e99140b7febc945112a5e37a18f69 C:\Program Files\Dantz\Retrospect\bdrockui.dll

MD5: 6fb9b33d20a2aac7c89884246a0e25fb C:\Program Files\Dantz\Retrospect\retrorun.exe

MD5: 5b767df028dc39d4246f09f5628d7fdd C:\Program Files\Dantz\Retrospect\rthlpsvc.exe

MD5: 6f5386267113fe4e0f87a882de48c577 C:\Program Files\Dantz\Retrospect\wdsvc.exe

MD5: 5c5209b04b1942a534259c2ab7bb1eea C:\Program Files\Dell Support Center\bin\LIBEAY32.dll

MD5: 0ab6629467d8f073b762fca1d416bf2d C:\Program Files\Dell Support Center\bin\sprtfod.dll

MD5: 8e8d1251c52de0256c076caaa79af327 C:\Program Files\Dell Support Center\bin\sprtsched.dll

MD5: 777115c9cc675bd98127660712d2f784 C:\Program Files\Dell Support Center\bin\sprtsvc.exe

MD5: e4d3f600cff1e76950abb0d790f2a1ef C:\Program Files\Dell Support Center\bin\sprtupdate.dll

MD5: 1a4f60ef6da38621f1091b0cb0fa2c09 C:\Program Files\Dell\BAE\BAE.dll

MD5: 621a9728f52645c3e1b859e642aed1e3 C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_D1B8F90352BD52A9.dll

MD5: 5ff2f46be1d8be01b5c304ee4703478a C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll

MD5: 815a3cfde5abe0ce53d7a3b33f0dba6b C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

MD5: a953e104137df406b70477d60bc29008 C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

MD5: b226054bfa3d3a1920f7b95e54f3e87d C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

MD5: ad7125bc367bdc060729984ec2e5377a C:\Program Files\Internet Explorer\ieproxy.dll

MD5: 4393dcb856a2a109e266e6f59e2ef31a C:\Program Files\Internet Explorer\plugins\nppdf32.dll

MD5: 27f9e0201d27d1c6472285de35898ca1 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll

MD5: 27f9e0201d27d1c6472285de35898ca1 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll

MD5: 27f9e0201d27d1c6472285de35898ca1 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll

MD5: 27f9e0201d27d1c6472285de35898ca1 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll

MD5: 27f9e0201d27d1c6472285de35898ca1 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll

MD5: 27f9e0201d27d1c6472285de35898ca1 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll

MD5: 27f9e0201d27d1c6472285de35898ca1 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll

MD5: bb0ee0c172e3d626263299ef1832fd40 C:\Program Files\internet explorer\xpshims.dll

MD5: 55e583817a2012fd75f1f8cf87ee760c C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

MD5: 87ffc1ff3b269fd8e0bb010294b697f6 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

MD5: 246af5a08b0339231bdd7437ab6ff6b8 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

MD5: 74e6e96c6f0e2eca4edbb7f7a468f259 C:\Program Files\Messenger\msmsgs.exe

MD5: 1d1b22613eab9287af902398867bc93c C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe

MD5: 2a30d4b6319a69c82def52cb3672eceb C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll

MD5: 4393dcb856a2a109e266e6f59e2ef31a C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

MD5: 27f9e0201d27d1c6472285de35898ca1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

MD5: 27f9e0201d27d1c6472285de35898ca1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

MD5: 27f9e0201d27d1c6472285de35898ca1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

MD5: 27f9e0201d27d1c6472285de35898ca1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

MD5: 27f9e0201d27d1c6472285de35898ca1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

MD5: 27f9e0201d27d1c6472285de35898ca1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

MD5: 27f9e0201d27d1c6472285de35898ca1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

MD5: b0753e73ff63f485521a9ddeb7de91eb C:\Program Files\Musicnotes\npmusicn.dll

MD5: 0dd1e0a385b888107a1f9206189596cf C:\Program Files\Musicnotes\npsibelius.dll

MD5: fd7e9aba274df75e08320420b8e9a1d5 C:\Program Files\NOS\bin\getPlus_Helper.dll

MD5: 1acf98d80e95add298832c7a8996b48c C:\Program Files\NOS\bin\getPlus_Helper_3004.dll

MD5: 625d0a824f513ce1cabb8861e97f2142 C:\Program Files\Picasa2\npPicasa2.dll

MD5: 2d5e502371e736eb033ab0c5c6795674 C:\Program Files\Picasa2\npPicasa3.dll

MD5: f34eb5d4f145ed5fe50033ca3a41ed24 C:\Program Files\QuickTime\qttask.exe

MD5: 6f5386267113fe4e0f87a882de48c577 C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe

MD5: 4c90dc07f50d3928ec5176098a811e82 C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\opends60.dll

MD5: 109bf99c6ca4c590d4abb4f67b499099 C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\Resources\1033\sqlevn70.RLL

MD5: 352e375ab298c23b0f9bc307652c7f50 C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE

MD5: 1b959a0614d575d0ab3b09095f0a8b83 C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe

MD5: 0e3388bc341fcaf843e85541fcccdd83 C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlsort.dll

MD5: 2c04fd22c5e2bcbd612d1ea4f4046274 C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\SSmsLPCn.dll

MD5: f0f26a48165edb26e33c5598acd1f019 C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\binn\SSNETLIB.dll

MD5: 6bd0412235b2a16fc3c333ce7e93bdf2 C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\ums.dll

MD5: fb537f29a827d78f756154cf397a113f C:\WINDOWS\AppPatch\AcGenral.DLL

MD5: c41203e76f7f4cfd5a81966ba3c129ba C:\WINDOWS\AppPatch\AcLayers.DLL

MD5: fc6427ffb3d95cf1bb9babe68baa8385 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll

MD5: 7c009119f6851465acd1d21f7aee2125 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll

MD5: 3bfe3d86bb8101acf59e532e612ec4c6 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll

MD5: 3f4413dcd8d3bbabf08f68f25e6d60e1 C:\WINDOWS\Downloaded Program Files\isusweb.dll

MD5: 23dc75d158d484177ffe99e23264f89f C:\WINDOWS\Downloaded Program Files\qsax.dll

MD5: 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\explorer.exe

MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

MD5: cebed017c4965fc4407ccd986ae0a528 C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

MD5: 875d770f477e0ae0088be1810d537b23 C:\WINDOWS\system32\activeds.dll

MD5: 13510490bea0997db625daa0178cbfca C:\WINDOWS\system32\actxprxy.dll

MD5: e8e57b0f9eb03d1aabec28d550c75116 C:\WINDOWS\system32\ADVAPI32.dll

MD5: f1958fbf86d5c004cf19a5951a9514b7 C:\WINDOWS\system32\alg.exe

MD5: eca24ab73fcffa754d4070cdb03529e3 C:\WINDOWS\system32\Apphelp.dll

MD5: fae38db973cb03de0779fb02ac1ed8e4 C:\WINDOWS\system32\asycfilt.dll

MD5: 5c3df25926729ebeef5cc7ff1933b360 C:\WINDOWS\system32\AUTHZ.dll

MD5: 4c04d0d0f6f480832a2e336c61f18850 C:\WINDOWS\system32\browselc.dll

MD5: e3cfccdda4edd1d0dc9168b2e18f27b8 c:\windows\system32\browser.dll

MD5: a965b0deb87c075165e10dacd8fd9041 C:\WINDOWS\system32\BROWSEUI.dll

MD5: 08f0190ae201ec331b4ca3b0fa2d2cce C:\WINDOWS\System32\Cabinet.dll

MD5: e4b814fd217114df27717f4a7bd5b0ea C:\WINDOWS\system32\CAPM1LMK.DLL

MD5: 740baad99c97257d37c77d55daf2d00e C:\WINDOWS\system32\CAPM1PTN.DLL

MD5: 56d60b099d88d101dddc7b58776d2bf7 C:\WINDOWS\system32\CAPM1RSK.EXE

MD5: 88add6a268b4358922488f8d10550c02 C:\WINDOWS\system32\CAPM1SMK.DLL

MD5: ad44c5bc21213f394f6afcb55cc39293 c:\windows\system32\certcli.dll

MD5: 0fcb11b39af688035e1cde754684ee5c c:\windows\system32\CFGMGR32.dll

MD5: ec8a848fc4f17f3b3d9da4a0c43fb930 C:\WINDOWS\system32\CLBCATQ.DLL

MD5: 98c1ff6676e02d43da208802286a6ee7 C:\WINDOWS\System32\CLUSAPI.DLL

MD5: 07f0460ce9a571d1db6aebe83df6aa9e C:\WINDOWS\system32\CNCC160.DLL

MD5: df588e45cc12913b3c63b7b03a971b81 C:\WINDOWS\system32\CNCL160.DLL

MD5: 43bae2a78de14f25979d09647f4b681d C:\WINDOWS\system32\CNMLM83.DLL

MD5: 69d7630b2b64c48121adee09e73e339f C:\WINDOWS\system32\colbact.DLL

MD5: b0124cb21d28b1c9f678b566b6b57d92 C:\WINDOWS\system32\COMCTL32.dll

MD5: 6728270cb7dbb776ed086f5ac4c82310 C:\WINDOWS\system32\COMRes.dll

MD5: 75deb92422d955373825a11f9f74ec6a C:\WINDOWS\system32\comsvcs.dll

MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll

MD5: 1ecb753d7ceec8f5a94c9781ca64ec44 c:\windows\system32\credui.dll

MD5: cad4aa32e7eca00c23cc39c0eb833f9d C:\WINDOWS\system32\cryptnet.dll

MD5: 10654f9ddcea9c46cfb77554231be73b c:\windows\system32\cryptsvc.dll

MD5: 587729679b4fe04ce06a5c61d6c56dcd C:\WINDOWS\system32\cscdll.dll

MD5: f12b178b1678d778cfd3ff1fc38c71fb C:\WINDOWS\system32\csrss.exe

MD5: 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\ctfmon.exe

MD5: 8e19878192348e8bd426a389c942808e C:\WINDOWS\system32\D3DIM700.DLL

MD5: 6479a184873f7ca797ff0375d711e9a6 C:\WINDOWS\system32\dbghelp.dll

MD5: 7ed462f353b3d915a418a689fa881f96 C:\WINDOWS\system32\DDRAW.dll

MD5: ad805da7015d155ef9899f73a1c27753 C:\WINDOWS\system32\ddrawex.dll

MD5: ef545e1a4b043da4c84e230dd471c55f c:\windows\system32\dhcpcsvc.dll

MD5: aac8ffbfd61e784fa3bac851d4a0bd5f c:\windows\system32\dnsrslvr.dll

MD5: 2c428fa0c3e3a01ed93c9b2a27d8d4bb C:\WINDOWS\system32\DRIVERS\agp440.sys

MD5: 67288b07d6aba6c1267b626e67bc56fd C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

MD5: f312b7cef21eff52fa23056b9d815fad C:\WINDOWS\system32\DRIVERS\alim1541.sys

MD5: 675c16a3c1f8482f85ee4a97fc0dde3d C:\WINDOWS\system32\DRIVERS\amdagp.sys

MD5: 40caace7f2e7668148a1d45cf91e1131 C:\WINDOWS\system32\DRIVERS\atapi.sys

MD5: 7f599e8bcc5ebc78fa711e9e55eea40c C:\WINDOWS\system32\Drivers\CAPM1LP.SYS

MD5: 34aaa3b298a852b3663e6e0d94d12945 C:\WINDOWS\system32\DRIVERS\e1e5132.sys

MD5: e31363d186b3e1d7c4e9117884a6aee5 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

MD5: ed6bf9e441fdea13292a6d30a64a24c3 C:\WINDOWS\system32\DRIVERS\i2omp.sys

MD5: 997e8f5939f2d12cd9f2e6b395724c16 C:\WINDOWS\system32\drivers\iaStor.sys

MD5: 28423512370705aeda6a652fedb25468 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

MD5: 2d722b2b54ab55b2fa475eb58d7b2aad C:\WINDOWS\system32\DRIVERS\intelide.sys

MD5: e182fa8e49e8ee41b4adc53093f3c7e6 C:\WINDOWS\system32\DRIVERS\kbdhid.sys

MD5: bc2a92cff784555ed622f861cb34f2e6 C:\WINDOWS\System32\Drivers\Mpfp.sys

MD5: 17bbbabb21f86b650b2626045a9d016c C:\WINDOWS\system32\drivers\RtkHDAud.sys

MD5: 732d859b286da692119f286b21a2a114 C:\WINDOWS\system32\DRIVERS\sisagp.sys

MD5: c6db9f873b09c63f5cb1de10c08bf6f9 C:\WINDOWS\system32\DRIVERS\SymIM.sys

MD5: ced744117e91bdc0beb810f7d8608183 C:\WINDOWS\system32\DRIVERS\update.sys

MD5: 708579b01fed227aadb393cb0c3b4a2c C:\WINDOWS\system32\DRIVERS\usbehci.sys

MD5: d92e7c8a30cfd14d8e15b5f7f032151b C:\WINDOWS\system32\DRIVERS\viaagp.sys

MD5: 55e148c01296696588eafa425782c3e8 C:\WINDOWS\system32\DSOUND.dll

MD5: cacd2c63a79268d131ea37e85524cc44 C:\WINDOWS\system32\dssenh.dll

MD5: ed7e847905dd2797565b4b695e92f42b C:\WINDOWS\system32\DUSER.dll

MD5: e24f419e8d5414de6480041075b0cd10 C:\WINDOWS\system32\EBPMON2.DLL

MD5: d6387af664c64d8d8dc7fdc880964058 C:\WINDOWS\system32\eEBUtil.dll

MD5: 50de118da580208b914b40dd47c90d52 c:\windows\system32\ESENT.dll

MD5: c7f69894e6c2a9b2159e8bbc2c6dcff5 C:\WINDOWS\System32\evntagnt.dll

MD5: d4db912260f0ce3d10b20f3a24baa14f C:\WINDOWS\system32\FXSAPI.dll

MD5: 9cc834bddffd69ffbf3c58408c4e47b3 C:\WINDOWS\system32\FXSEVENT.dll

MD5: f517bd3b95fb375b42aedbb386615392 C:\WINDOWS\system32\FXSMON.DLL

MD5: 634bd178592169d7890b5ac105a8f208 C:\WINDOWS\system32\fxsst.dll

MD5: fcbd571fa0ee8dc238944ae5fab74461 C:\WINDOWS\system32\fxssvc.exe

MD5: 170e5758469d83e269ced8aadf8b5b90 C:\WINDOWS\system32\gotomon.dll

MD5: f8f80460c7b36d824cffc8053dff4c74 C:\WINDOWS\system32\hccutils.DLL

MD5: 765b30c776a1780b46b479fe614f707c C:\WINDOWS\System32\hnetcfg.dll

MD5: 35c1f6ca4fa6ef9822d9e9912426b2c5 C:\WINDOWS\System32\hostmib.dll

MD5: 39860787f4e6de9a35ab1e74330cc788 C:\WINDOWS\system32\iepeers.dll

MD5: 11d2eaaf3eb3fe282b38e9ec8e4bb206 C:\WINDOWS\system32\igfxdev.dll

MD5: 20906fea416188d06747cd4372077ab3 C:\WINDOWS\system32\igfxpph.dll

MD5: adac5ffc41bda7897275037c0feebd01 C:\WINDOWS\system32\igfxres.dll

MD5: 6c4f7cc933a34c3e99b259917d8c0700 C:\WINDOWS\system32\igfxress.dll

MD5: 392de3e940155dbab2dab36801b48f48 C:\WINDOWS\system32\igfxsrvc.dll

MD5: c13b8585bdc134a4988e0328cce73057 C:\WINDOWS\System32\igmpagnt.dll

MD5: 5afce94e8286b2f57a04da37f01bf21a C:\WINDOWS\system32\IMAGEHLP.dll

MD5: 87ca7ce6469577f059297b9d6556d66d C:\WINDOWS\system32\IMM32.DLL

MD5: abbb064336dc11194e2341ad06b8314e C:\WINDOWS\System32\inetmib1.dll

MD5: f14a6bd840e4d7cd4c0535cb3cef2887 C:\WINDOWS\system32\inetpp.dll

MD5: 011eacf9153ef90e6cbce2987acae411 C:\WINDOWS\System32\iphlpapi.dll

MD5: 36cc8c01b5e50163037bef56cb96deff c:\windows\system32\ipnathlp.dll

MD5: 1206e36eb45cd0372fa200b3b0bb7841 C:\WINDOWS\system32\javacypt.dll

MD5: 1efbd57fa79b96f638f3f72dcc393f34 C:\WINDOWS\system32\kerberos.dll

MD5: b6acaed7588295129791e0e6a2b0fade C:\WINDOWS\system32\kernel32.dll

MD5: 20fa028cb6506591a99c51432a3c0174 C:\WINDOWS\system32\LangWrbk.dll

MD5: a1a688ee56cf3bbd24edeb815d48e9ba C:\WINDOWS\system32\LINKINFO.dll

MD5: 745c69bf7ed3374833b8535e7895dce5 C:\WINDOWS\System32\lmmib2.dll

MD5: 2e632f071817ad3758c386571cbd9858 C:\WINDOWS\system32\localspl.dll

MD5: 7db59fff2af32c27eb2276424fa5eddb C:\WINDOWS\system32\logonui.exe

MD5: c958e5dec0465523fe9c058c2f3eca80 C:\WINDOWS\system32\LPRHELP.dll

MD5: ed6ee8d7f78fc8267a394bb982ec8de3 C:\WINDOWS\system32\lprmon.dll

MD5: 8185eee4e645f74c9ff30271365e0aba C:\WINDOWS\system32\LSASRV.dll

MD5: 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\lsass.exe

MD5: efbef826c183cf8edab324ce514d69b7 C:\WINDOWS\system32\Macromed\Flash\Flash10t.ocx

MD5: 5ff9d3dbdb154fc50f680a32ba397614 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

MD5: 39f32be798462a491f502bdb9cb31ae9 C:\WINDOWS\System32\mcastmib.dll

MD5: 0346da24de3c85909717d5997510a31f C:\WINDOWS\system32\MLANG.dll

MD5: 2cfe80aa3428c09e6de67fac50da65cf C:\WINDOWS\system32\MPR.dll

MD5: 9f78f329b1858e845087b923b4dba0f3 C:\WINDOWS\System32\MPRAPI.dll

MD5: a9753f3343eb7a8bc3b498841c8be6fd C:\WINDOWS\system32\MSCTF.dll

MD5: 892f4bc54d486feb4df03e4e2ecb14e0 C:\WINDOWS\system32\msi.dll

MD5: d3ad4f21dd60b4b9bfeb415564a6c308 C:\WINDOWS\system32\msimtf.dll

MD5: e75aa32c6b79c846f5314ca4da92f29e C:\WINDOWS\system32\msjava.dll

MD5: f5ee7cacd1784241f138a5e55b715897 c:\windows\system32\mstlsapi.dll

MD5: 9eea0ca999a33c9d2eabe82e4c624cc3 C:\WINDOWS\system32\MSUTB.dll

MD5: 8bcc4cb5ae075bfa6dde97cc3dac1dc6 C:\WINDOWS\system32\msv1_0.dll

MD5: 1f57eb5b92b2ac7f9d71a77d184d8c13 C:\WINDOWS\System32\MSVCP60.dll

MD5: 5a542c4e0f036431d0b7b607fc08758f C:\WINDOWS\system32\MSVCR70.dll

MD5: b0fefa816d61ec66aa765ddf534eab5e C:\WINDOWS\system32\msvcrt.dll

MD5: 146d198e3ad9d4b69c9eb0aea6ef333b C:\WINDOWS\system32\MSVCRT40.dll

MD5: 99f43b9b76c88acead42fe84744f8c87 C:\WINDOWS\system32\MTXCLU.DLL

MD5: e3ae8dc04643850d2dfd431443558b28 c:\windows\system32\netcfgx.dll

MD5: 6c476d33d82f1054849790181e8f7772 C:\WINDOWS\system32\netlogon.dll

MD5: 36739b39267914ba69ad0610a0299732 c:\windows\system32\netman.dll

MD5: bf52a4d4eb4cfb3109667e429b93e21a c:\windows\system32\netshell.dll

MD5: 01520b46830c8178e1b2c05a4f3f6c16 C:\WINDOWS\System32\NETUI0.dll

MD5: 88b918e7fb3b09595dd8a0fd09a35b8f C:\WINDOWS\System32\NETUI1.dll

MD5: 2f868bffbf50524653d7fe0d99afb064 C:\WINDOWS\system32\ntdll.dll

MD5: 6201bacf384292a5fe94ce73364ae53a C:\WINDOWS\system32\NTDSAPI.dll

MD5: daa91b358e685fc6cca9aca72be6fe85 C:\WINDOWS\system32\NTMARTA.DLL

MD5: b62f29c00ac55a761b2e45877d85ea0f C:\WINDOWS\system32\ntmssvc.dll

MD5: 385e9aec6e100dbebee5bd1f27a55e1d C:\WINDOWS\system32\ntshrui.dll

MD5: f79d7d98cd764499eccbaaf3f800d349 C:\WINDOWS\system32\ODBC32.dll

MD5: c237fb08f52f27823c4e4e6705ecd196 C:\WINDOWS\system32\odbcint.dll

MD5: ab8231d13692ac5088eb9c226b0c0576 C:\WINDOWS\system32\ole32.dll

MD5: 0144abc4c4a624b583d432ee478a711c C:\WINDOWS\system32\OLEAUT32.dll

MD5: e7584239b46c4e0702aff5a1c8a410bb C:\WINDOWS\system32\pdh.dll

MD5: 39dc8d9bfb2d7fef8634fbf0b83dbc2f C:\WINDOWS\system32\printui.dll

MD5: 4d3ccdf22d2b4bae229ba73b81d13e26 C:\WINDOWS\system32\psbase.dll

MD5: 037438a305f1eff51af788c32eff4360 C:\WINDOWS\system32\qmgrprxy.dll

MD5: 5f098bd2ae6b03044b085decffdf91ec C:\WINDOWS\system32\rasadhlp.dll

MD5: cd1f7ed9842138beadf9ecbf37818bef C:\WINDOWS\system32\RASAPI32.dll

MD5: 44db7a9bdd2fb58747d123fbf1d35adb C:\WINDOWS\System32\rasauto.dll

MD5: ba5d5fd3cca6f64a429e2e0e1a1a0917 C:\WINDOWS\System32\RASDLG.dll

MD5: 30e244a707e6ce0a4b099cd6384ec6ca C:\WINDOWS\system32\rasman.dll

MD5: 49b5eed5fb89d39456a2f616ccd8ba5d c:\windows\system32\rasmans.dll

MD5: 04ecec0447f79419ad25227205b8277d C:\WINDOWS\System32\rasppp.dll

MD5: 1d536bebc30dd8d0d3b6ff3b0cd2d32b C:\WINDOWS\System32\rastapi.dll

MD5: 899ed710fdc37eb7d0115c2932c2b1eb C:\WINDOWS\system32\REGAPI.dll

MD5: 2738c8a33ff07dd3c99c7c8f0a85da72 C:\WINDOWS\System32\RESUTILS.DLL

MD5: 461b6e2f04112e659280314b7a414f30 C:\WINDOWS\system32\RPCRT4.dll

MD5: 24b5d53b9accc1e2edcf0a878d6659d4 c:\windows\system32\rpcss.dll

MD5: 26acbd865f8cff730f1791c4d0854352 C:\WINDOWS\system32\rsaenh.dll

MD5: eb6dbf63a06590aa75ed58fcb58784de C:\WINDOWS\System32\rtipxmib.dll

MD5: ebe12f403fde45e7312e7bf764bfb6c6 C:\WINDOWS\System32\SAMLIB.dll

MD5: e15154e7fda8a580a8f74c7cc16b1ffe C:\WINDOWS\system32\SAMSRV.dll

MD5: 0f78e27f563f2aaf74b91a49e2abf19a C:\WINDOWS\system32\scecli.dll

MD5: 9a42c1f3154545a4d32e5043038b01fa C:\WINDOWS\system32\SCESRV.dll

MD5: 3732492edd6c46454752f9ac78f2539e C:\WINDOWS\system32\schannel.dll

MD5: 92360854316611f6cc471612213c3d92 c:\windows\system32\schedsvc.dll

MD5: d636fa41e50671160d838ea2dace3330 C:\WINDOWS\system32\sclgntfy.dll

MD5: 1d141672ce98383b22a1846e4d43c159 C:\WINDOWS\system32\Secur32.dll

MD5: a624930228b698cf5b89f91caf23a908 C:\WINDOWS\system32\security.dll

MD5: 4712531ab7a01b7ee059853ca17d39bd C:\WINDOWS\system32\services.exe

MD5: a1abf509b1a1f01fbf52d34a0e1cde3d C:\WINDOWS\system32\SETUPAPI.dll

MD5: 9858cc4d73a4ccf2f852fae07c11a0b5 C:\WINDOWS\system32\sfc_os.dll

MD5: 137a36b389a1848e355f491bb3896d70 C:\WINDOWS\system32\SHDOCVW.dll

MD5: 06da8c5383aaf17127fc4b1658ba3f4f C:\WINDOWS\system32\SHELL32.dll

MD5: 43da983415ea533f9e667fdb415f4655 C:\WINDOWS\system32\ShimEng.dll

MD5: 7c972c7f0e3ce48503e1e9fbe9890009 C:\WINDOWS\system32\SHLWAPI.dll

MD5: 6815def9b810aefac107eeaf72da6f82 C:\WINDOWS\system32\SHSVCS.dll

MD5: bd7fb0957c716f1a60333aee04de2178 C:\WINDOWS\system32\smss.exe

MD5: 6feb04de6288f5466391e29057dc5b0e C:\WINDOWS\system32\snmp.exe

MD5: 0484c838adfc880b74b0e9d2d97738e2 C:\WINDOWS\System32\snmpapi.dll

MD5: 3ca0a12df02108e3186dc355ed74b3b2 C:\WINDOWS\System32\snmpmib.dll

MD5: 6f591dbefd11f7697042907b516f1212 C:\WINDOWS\System32\snmptrap.exe

MD5: 091be61c27675fa94f25f2e303f0eb6f C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM1LAK.EXE

MD5: 8eafe585d51b9f21d3abbbb634ee65c2 C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM1PMN.DLL

MD5: 88add6a268b4358922488f8d10550c02 C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM1SMK.DLL

MD5: 05ccd4c4c7a74f1b90555bed201c2b66 C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM1SWK.EXE

MD5: cf3c1e404b818b59317c770d636c1e11 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMDR83.DLL

MD5: 8489eda0d2b53505cc98c02c3bcb751d C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMUI83.DLL

MD5: fec3ace4d5e9b8b13c401941ee50f476 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD83.DLL

MD5: c1f032c90579b2f820af5f25206093aa C:\WINDOWS\System32\spool\PRTPROCS\W32X86\GoToPrintProcessor.dll

MD5: 87b85bc1e1f6e0228876204a20a9c24c C:\WINDOWS\system32\SPOOLSS.DLL

MD5: da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\spoolsv.exe

MD5: 92bdf74f12d6cbec43c94d4b7f804838 c:\windows\system32\srsvc.dll

MD5: 0cb3af149a0bac0836022ca307c7a0f8 c:\windows\system32\srvsvc.dll

MD5: 4b8d61792f7175bed48859cc18ce4e38 c:\windows\system32\ssdpsrv.dll

MD5: 297101a925ecffdcdf7f6341ffbb6c1a C:\WINDOWS\system32\stobject.dll

MD5: 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe

MD5: 0ff9fa27706fbe9048990c108c0d62f0 C:\WINDOWS\system32\sxs.dll

MD5: 9c28b09c8757065d74e662e5a3503c89 C:\WINDOWS\system32\T2EMBED.DLL

MD5: 6307a1b82f6ca87d7e0cdf49e6e7bc00 C:\WINDOWS\system32\TAPI32.dll

MD5: fb78839b36025aa286a51289ed28b73e c:\windows\system32\tapisrv.dll

MD5: 32933b07fc16d9f778bee12545fa1b1a C:\WINDOWS\system32\tcpsvcs.exe

MD5: e6796d51ced309e46d29c0b787735615 C:\WINDOWS\system32\themeui.dll

MD5: 6d9ac544b30f96c57f8206566c1fb6a1 c:\windows\system32\trkwks.dll

MD5: 586211f4ff4bc49cc215c956919cd33b C:\WINDOWS\system32\umpnpmgr.dll

MD5: 339089d6c3fc3bc5ced8d9049c4d2101 C:\WINDOWS\system32\upnp.dll

MD5: aca5d98663d879c6baafcea7e2f1b710 C:\WINDOWS\System32\upnphost.dll

MD5: b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\USER32.dll

MD5: 2b9b56a89a8a42e917511972a6db36e3 C:\WINDOWS\system32\USERENV.dll

MD5: 39b1ffb03c2296323832acbae50d2aff c:\windows\system32\userinit.exe

MD5: 2cde496666a975a2ce8f969f3042c8db C:\WINDOWS\system32\uxtheme.dll

MD5: 9af7d69ba8e58573721c8b6785db4dc3 C:\WINDOWS\system32\VMHELPER.DLL

MD5: 2b281958f5d0cf99ed626e3ef39d5c8d C:\WINDOWS\system32\w32time.dll

MD5: de578e4e6844954823fc7688625f00c8 C:\WINDOWS\system32\wbem\esscli.dll

MD5: 4de2616b80c62930fd337ec395462b21 C:\WINDOWS\system32\wbem\FastProx.dll

MD5: 9a66728efe501d855d0ffe3de023ce32 C:\WINDOWS\system32\wbem\repdrvfs.dll

MD5: 4e39c36213e95fb971a61a247bde2f61 C:\WINDOWS\system32\wbem\wbemcomn.dll

MD5: 36360b625d7290bba2cd03ad4975e1bc C:\WINDOWS\system32\wbem\wbemcore.dll

MD5: 6708e1ddf12cab2d5b5a2b66b76e0038 C:\WINDOWS\system32\wbem\wbemess.dll

MD5: 44266e3a948fa690585b2d7205a672f6 C:\WINDOWS\system32\wbem\wmiprvsd.dll

MD5: 0a1161db4fccf7821736c70d70a0f5a3 C:\WINDOWS\system32\wbem\wmiutils.dll

MD5: 6e2aba80e627a6b2caccc6d0c60874b1 C:\WINDOWS\system32\wdigest.dll

MD5: 265f534ef76832435afbf771ec97176d c:\windows\system32\webclnt.dll

MD5: b6763f8534ac547cf1af98afdff2edc8 c:\windows\system32\wiaservc.dll

MD5: a1c10f87248529173f39f4b4734df14b C:\WINDOWS\system32\win32spl.dll

MD5: 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe

MD5: 90fdaa22f38d9e911f91fa3b8a1f7e5d C:\WINDOWS\system32\winmm.dll

MD5: 2c8fdb176f22629ea5342db474fac391 C:\WINDOWS\System32\winrnr.dll

MD5: 7bcb23fa39ce266af4347a6beab60f8c C:\WINDOWS\system32\WINSCARD.DLL

MD5: 3d21b3be0c5768e76fd9780e9cf9e07c C:\WINDOWS\system32\winsrv.dll

MD5: 7bc4ba4c33adf3ef5cd370d99bc60b04 C:\WINDOWS\system32\WINSTA.dll

MD5: 10f36fa092d7a309a0647fcdc764ae6c C:\WINDOWS\system32\WLDAP32.dll

MD5: a599e5e366c1408e48aa5d37882d4e3e C:\WINDOWS\system32\WlNotify.dll

MD5: 4d59daa66c60858cdf4f67a900f42d4a c:\windows\system32\wscsvc.dll

MD5: 9a9bbc71d0ebcd400a33abcd5f0ab39c c:\windows\system32\WZCSAPI.DLL

MD5: 5a91e6feab9f901302fa7ff768c0120f c:\windows\system32\wzcsvc.dll

MD5: eef46dab68229a14da3d8e73c99e2959 C:\WINDOWS\System32\xmlprov.dll

MD5: 1320aea7057a26a671d9548cc7bebda5 C:\WINDOWS\system32\xpsp2res.dll

MD5: 424162325a32183bf65bbaf740209749 C:\WINDOWS\system32\zipfldr.dll

MD5: c4e80875c1cf1222fc5efd0314ae5c01 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll

No file uploaded.

Scan finished - communication took 2 sec

Total traffic - 0.01 MB sent, 1.29 KB recvd

Scanned 629 files and modules - 27 seconds

==============================================================================

Link to post
Share on other sites

Fred, I have to leave work to play some tennis now, but I will check back first thing tomorrow morning. Thanks again for your expert help!

No worries, take all the time you need. Thank you for letting me know, and go hit some aces! ;)

I'll go ahead and list the next set of instructions for you to reference once you're back:

-----

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Link to post
Share on other sites

No worries, take all the time you need. Thank you for letting me know, and go hit some aces! ;)

I'll go ahead and list the next set of instructions for you to reference once you're back:

-----

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Fred, here is the security check output. I just used the same program, securitycheck.exe, that was still on my desktop from a few days ago. I am only a 3.5 rated player, but getting ready for the local summer tournament this weekend.

Results of screen317's Security Check version 0.99.17

Windows XP Service Pack 2

Out of date service pack!!

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 15

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

Out of date Java installed!

Adobe Flash Player 10.3.181.34

````````````````````````````````

Process Check:

objlist.exe by Laurent

``````````End of Log````````````

Link to post
Share on other sites

I am only a 3.5 rated player, but getting ready for the local summer tournament this weekend.

Nice! My brother plays in college and I used to play for quite some time as well; summer tournies were always a blast! :D

Before we move on, please take the time to install the following updates, as using outdated applications leaves you vulnerable to getting infected again ;):

:excl:Please consider updating to the latest Windows Service Pack.

Windows Service Pack 3 (SP3) contains critical security updates released since SP1 and SP2 plus support for new types of hardware and emerging hardware standards.

Please visit: Windows Update to download the latest Service Pack. NOTE: you will have to install SP2 and a number of other updates before SP3. However, all of this will leave you much safer than before.

-------

Java is out of date and older versions contain vulnerabilities. Please update to the newest version.

Download the newest version from here http://www.oracle.com/technetwork/java/javase/downloads/index.html.

It's important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.

Go to Start > Control Panel and open Add or Remove Programs.

Search in the list for all previous installed versions of Java. (J2SE Runtime Environment).

They will have this icon next to them: javaicon.gif

Select each in turn and click Remove.

Once old versions are gone, please install the newest version.

-------

Please let me know how the updates went, as failed updates may indicate additional malware ;)

Link to post
Share on other sites

Nice! My brother plays in college and I used to play for quite some time as well; summer tournies were always a blast! :D

Before we move on, please take the time to install the following updates, as using outdated applications leaves you vulnerable to getting infected again ;):

:excl:Please consider updating to the latest Windows Service Pack.

Windows Service Pack 3 (SP3) contains critical security updates released since SP1 and SP2 plus support for new types of hardware and emerging hardware standards.

Please visit: Windows Update to download the latest Service Pack. NOTE: you will have to install SP2 and a number of other updates before SP3. However, all of this will leave you much safer than before.

-------

Java is out of date and older versions contain vulnerabilities. Please update to the newest version.

Download the newest version from here http://www.oracle.com/technetwork/java/javase/downloads/index.html.

It's important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.

Go to Start > Control Panel and open Add or Remove Programs.

Search in the list for all previous installed versions of Java. (J2SE Runtime Environment).

They will have this icon next to them: javaicon.gif

Select each in turn and click Remove.

Once old versions are gone, please install the newest version.

-------

Please let me know how the updates went, as failed updates may indicate additional malware ;)

Fred, The XP SP3 and latest Java install/old Java removals went fine. Windows also updated a few times with numerous security updates. I also ran the latest Malwarebytes PRO program, with results below, and everything seems to be working fine. Let em know when I can delete the Combofix.exe program and install an anti-virus program.

My first tennis match is scheduled for Friday night at 6:00pm.Hopefully, I will play well.

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 7042

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

7/7/2011 2:04:17 PM

mbam-log-2011-07-07 (14-04-16).txt

Scan type: Quick scan

Objects scanned: 237578

Time elapsed: 7 minute(s), 53 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Fred, The XP SP3 and latest Java install/old Java removals went fine. Windows also updated a few times with numerous security updates. I also ran the latest Malwarebytes PRO program, with results below, and everything seems to be working fine.

Glad to hear the updates went well, and that things are running fine! :D

My first tennis match is scheduled for Friday night at 6:00pm.Hopefully, I will play well.

I wish you the best of luck! ;)

Let em know when I can delete the Combofix.exe program and install an anti-virus program.

I will provide you with some suggestions for security software, but first, ComboFix must be uninstalled ;):

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

**You may now reinstall McAfee AntiVirus if you haven't already.

-------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :)

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.

AntiVir

AVG

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard

A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.

A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available

A tutorial on understanding and using firewalls may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad for ZonedOut which provides protections against malicious websites. (Requires 2 downloads)

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.

If you are interested, Firefox may be downloaded from here

Opera is available here: http://www.opera.com/download/

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

Link to post
Share on other sites

Fred,

I uninstalled the combofix program , installed the antivir program, and also re-activated the system restore. Whew! What a relief to get this finally taken care of. I would like to make a donation in appreciation for your expert help, and will use the link you have at the bottom of the page. Thanks again, and hopefully I won't need to bother you again!

Link to post
Share on other sites

Fred,

I uninstalled the combofix program , installed the antivir program, and also re-activated the system restore. Whew! What a relief to get this finally taken care of. Thanks again, and hopefully I won't need to bother you again!

Glad to hear everything went well! :D

I would like to make a donation in appreciation for your expert help, and will use the link you have at the bottom of the page.

You are very kind. Thank you! :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.