aeg Posted July 4, 2011 ID:448996 Share Posted July 4, 2011 Greetings,I have been seeing outgoing IP attacks blocked by malware antibytes since I started using the paid edition. I don't know old the infection is.I am attaching information per the "What do I do know?" post. Thanks in advance for any insight you may provide.AEG .DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Run by AEG at 23:16:34 on 2011-07-03Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.173 [GMT -4:00].AV: Malware Defense *Enabled/Outdated* {28e00e3b-806e-4533-925c-f4c3d79514b9}AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}.============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Sandboxie\SbieSvc.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exeC:\WINDOWS\Explorer.EXEsvchost.exeC:\Program Files\Connected\AgentSrv.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exesvchost.exeC:\WINDOWS\system32\drivers\CDAC11BA.EXEC:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\stsystra.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\MozyHome\mozybackup.exeC:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\system32\MSTMON_Q.EXEC:\Program Files\eFax Messenger 4.4\J2GDllCmd.exeC:\Program Files\BOINC\boincmgr.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\BOINC\boinctray.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Google\Google Talk\googletalk.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Sandboxie\SbieCtrl.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exeC:\Program Files\palmOne\Hotsync.exeC:\Program Files\MozyHome\mozystat.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exeC:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exeC:\Program Files\BOINC\boinc.exeC:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exeC:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exeC:\Documents and Settings\All Users\Application Data\BOINC\projects\www.worldcommunitygrid.org\wcg_hcc1_img_6.42_windows_intelx86C:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\AEG\Desktop\m7b59tdq.exeC:\Program Files\Mozilla Firefox\plugin-container.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/uSearch Page = hxxp://www.google.comuWindow Title = Windows Internet Explorer provided by Yahoo!uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uSearch Bar = hxxp://www.google.com/ieuDefault_Search_URL = hxxp://www.google.com/ieuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search/?q=%smSearchAssistant = hxxp://www.google.com/ieuURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dllBHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.6.0.29\ips\IPSBHO.DLLBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dllBHO: Video Download Toolbar Intercept: {b29002a0-87a1-4dc4-ac55-5982034eb61e} - c:\progra~1\videod~1\VIDEOD~1.DLLBHO: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - c:\program files\somototoolbar\vmntemplateX.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllBHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\12.0.742.112\npchrome_frame.dllBHO: PKIEhlpr Class: {ff32a4ce-e54d-11d3-9fb7-e3582b1bd44d} - c:\windows\system32\PKIEHLP2.dllTB: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - c:\program files\somototoolbar\vmntemplateX.dllTB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No FileTB: {C4069E3A-68F1-403E-B40E-20066696354B} - No FileTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No FileTB: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No Filec:\docume~1\aeg\locals~1\temp\nsv27d.tmp\temp00c:\docume~1\aeg\locals~1\temp\nsv27d.tmp\temp00c:\docume~1\aeg\locals~1\temp\nsv27d.tmp\temp00c:\docume~1\aeg\locals~1\temp\nsv27d.tmp\temp00c:\docume~1\aeg\locals~1\temp\nsv27d.tmp\temp00c:\docume~1\aeg\locals~1\temp\nsv27d.tmp\temp00dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -tStartupFolder: c:\docume~1\aeg\startm~1\programs\startup\palmon~1.lnk - c:\program files\palmone\register.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\connec~1.lnk - c:\program files\connected\CBSysTray.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXEStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exeIE: Add to EverNote - c:\program files\evernote\evernote\enbar.dll/2000IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Add to MobiPassword - c:\program files\icom consulting inc\mobipassword\PKLinksScript.htmIE: Address to MobiPassword - c:\program files\icom consulting inc\mobipassword\PKLinksScript1.htmIE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dllIE: {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - {2151DA8C-C5B6-4B4F-86AB-BDA449BF8747} - c:\program files\evernote\evernote\enbar.dllTrusted Zone: citibank.comTrusted Zone: intuit.comTrusted Zone: intuit.com\ttlcTrusted Zone: turbotax.comDPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxps://support.dell.com/systemprofiler/SysPro.CABDPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cabDPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cabDPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204768226484DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabDPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cabDPF: {FD3FF62E-61A7-48EE-A4A4-97CE7BD1F99D} - hxxps://sa.kaplan.com/prx/000/http/localhost/client_sec/ktpa/SodaAgent.CABTCP: DhcpNameServer = 209.18.47.61 209.18.47.62TCP: Interfaces\{67EA944E-ED7F-47AE-873A-40602E5E9843} : DhcpNameServer = 209.18.47.61 209.18.47.62Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\12.0.742.112\npchrome_frame.dllNotify: igfxcui - igfxdev.dllAppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLLSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\aeg\application data\mozilla\firefox\profiles\xhuw7x3q.default\FF - prefs.js: browser.startup.homepage - hxxp://www.igoogle.com/FF - component: c:\documents and settings\aeg\application data\mozilla\firefox\profiles\xhuw7x3q.default\extensions\piclens@cooliris.com\components\coolirisstub.dllFF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\ipsffplgn\components\IPSFFPl.dllFF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dllFF - plugin: c:\documents and settings\aeg\application data\facebook\npfbplugin_1_0_1.dllFF - plugin: c:\documents and settings\aeg\application data\facebook\npfbplugin_1_0_3.dllFF - plugin: c:\documents and settings\aeg\application data\mozilla\firefox\profiles\xhuw7x3q.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dllFF - plugin: c:\documents and settings\aeg\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dllFF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dllFF - plugin: c:\program files\google\picasa3\npPicasa3.dllFF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dllFF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.comFF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}FF - Ext: Delicious Bookmarks: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} - %profile%\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}FF - Ext: AddonFox: {ad48108d-92a6-4eb9-87e4-978aca1dbae4} - %profile%\extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4}FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}FF - Ext: Context Search: {902D2C4A-457A-4EF9-AD43-7014562929FF} - %profile%\extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF}FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtensionFF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\google\google gears\FirefoxFF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ffFF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\IPSFFPlgn.============= SERVICES / DRIVERS ===============.R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1206000.01d\symds.sys [2011-5-2 340088]R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1206000.01d\symefa.sys [2011-5-2 744568]R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\bashdefs\20110616.003\BHDrvx86.sys [2011-6-20 810616]R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1206000.01d\ironx86.sys [2011-5-2 136312]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-10-31 366640]R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.6.0.29\ccsvchst.exe [2011-5-2 130008]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-9 105592]R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\ipsdefs\20110701.051\IDSXpx86.sys [2011-7-2 355256]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-10-31 22712]R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\virusdefs\20110703.003\NAVENG.SYS [2011-7-3 86008]R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\virusdefs\20110703.003\NAVEX15.SYS [2011-7-3 1542392]R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-3-24 126696]S1 VET-FILT;VET File System Filter; [x]S1 VET-REC;VET File System Recognizer; [x]S1 VETEFILE;VET File Scan Engine; [x]S1 VETFDDNT;VET Floppy Boot Sector Monitor; [x]S1 VETMONNT;VET File Monitor; [x]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-18 135664]S2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.SYS [2004-11-18 18848]S2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe --> c:\program files\ca\ca internet security suite\ca anti-virus\VetMsg.exe [?]S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-12-23 30192]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-11-18 135664]S3 PPCtlPriv;PPCtlPriv;"c:\program files\ca\ca internet security suite\ca anti-spyware\ppctlpriv.exe" --> c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [?]S3 VETEBOOT;VET Boot Scan Engine; [x].=============== Created Last 30 ================.2011-06-20 22:39:27 -------- d--h--w- c:\windows\$hf_mig$2011-06-20 22:34:37 105472 ------w- c:\windows\system32\dllcache\mup.sys2011-06-06 16:55:30 183696 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll2011-06-06 16:55:30 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll.==================== Find3M ====================.2011-06-26 00:31:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys2011-05-02 23:28:19 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL2011-05-02 23:28:19 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys.============= FINISH: 23:18:11.14 ===============attach.zipprotection-log-2011-07-03.txt Link to post Share on other sites More sharing options...
Staff screen317 Posted July 6, 2011 Staff ID:450194 Share Posted July 6, 2011 Hi and welcome to Malwarebytes.Please update MBAM, run a Quick Scan, and post its log.Next, please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317 Link to post Share on other sites More sharing options...
aeg Posted July 8, 2011 Author ID:450980 Share Posted July 8, 2011 Hi and welcome to Malwarebytes.Please update MBAM, run a Quick Scan, and post its log.Next, please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317Am attaching the MBAM log. (MBAM was updated.) After the quickscan it said I had exploit.drop.2. I don't recall this appearing after running the full scan. I have marked the exploit for deletion.Will be working on using combofix over the next day.Thanks!Andrewmbam-log-2011-07-08 (00-07-16).txt Link to post Share on other sites More sharing options...
aeg Posted July 10, 2011 Author ID:451940 Share Posted July 10, 2011 Hi and welcome to Malwarebytes.Please update MBAM, run a Quick Scan, and post its log.Next, please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317Hi,The Combofix log is below. ComboFix 11-07-10.03 - AEG 07/10/2011 13:55:18.1.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.371 [GMT -4:00]Running from: c:\documents and settings\AEG\Desktop\folderzzz\cf\ComboFix.exeAV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\AEG\GoToAssistDownloadHelper.exec:\documents and settings\AEG\WINDOWSc:\program files\InfoSafec:\program files\InfoSafe\C1.C1Preview.2.dllc:\program files\InfoSafe\C1.C1Zip.2.dllc:\program files\InfoSafe\C1.Win.C1FlexGrid.2.dllc:\program files\InfoSafe\C1.Win.C1Preview.2.dllc:\program files\InfoSafe\CASLcn20.dllc:\program files\InfoSafe\CASLcopy.exec:\program files\InfoSafe\CASLremas.exec:\program files\InfoSafe\CondReg.exec:\program files\InfoSafe\Getting-Started-Palm.pdfc:\program files\InfoSafe\HSAPI.dllc:\program files\InfoSafe\InfoSafe Help.chmc:\program files\InfoSafe\InfoSafe_Installer.prcc:\program files\InfoSafe\InfoSafePlus.exec:\program files\InfoSafe\InfoSafePlus_empty.mdbc:\program files\InfoSafe\InfoSafePlus_full.mdbc:\program files\InfoSafe\Instaide.dllc:\program files\InfoSafe\RemCond.exec:\program files\InfoSafe\uninst\unins000.datc:\program files\InfoSafe\uninst\unins000.exec:\program files\InfoSafe\ZylIdleTimer.dllc:\program files\somototoolbar\vmNTemplatex.dllc:\windows\system32\spool\prtprocs\w32x86\Ppbiproc.dll..((((((((((((((((((((((((( Files Created from 2011-06-10 to 2011-07-10 )))))))))))))))))))))))))))))))..2011-07-10 17:40 . 2011-07-10 17:40 -------- d-----w- C:\32788R22FWJFW2011-06-20 22:39 . 2011-07-01 03:20 -------- d--h--w- c:\windows\$hf_mig$2011-06-20 22:34 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-06-26 00:31 . 2011-05-15 23:44 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-05-29 13:11 . 2010-10-31 22:31 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-05-29 13:11 . 2010-10-31 22:31 22712 ----a-w- c:\windows\system32\drivers\mbam.sys2011-05-02 23:28 . 2011-02-09 02:01 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL2011-05-02 23:28 . 2011-02-09 02:01 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS2011-05-02 15:31 . 2004-08-11 23:12 692736 ----a-w- c:\windows\system32\inetcomm.dll2011-04-29 17:25 . 2004-08-11 23:00 151552 ----a-w- c:\windows\system32\schannel.dll2011-04-29 16:19 . 2006-03-28 23:04 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys2011-04-25 16:11 . 2004-08-11 23:00 916480 ----a-w- c:\windows\system32\wininet.dll2011-04-25 16:11 . 2004-08-11 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll2011-04-25 16:11 . 2004-08-11 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl2011-04-25 12:01 . 2004-08-11 23:00 385024 ----a-w- c:\windows\system32\html.iec2011-04-21 13:37 . 2004-08-11 23:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys2010-08-25 00:00 . 2007-12-24 02:13 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B29002A0-87A1-4DC4-AC55-5982034EB61E}].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]2011-02-08 18:24 3443000 ----a-w- c:\program files\MozyHome\mozyshell.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]2011-02-08 18:24 3443000 ----a-w- c:\program files\MozyHome\mozyshell.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 68856]"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-03-24 409320].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]"SigmatelSysTrayApp"="stsystra.exe" [2005-11-17 397312]"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-07-14 94208]"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-07-14 77824]"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-07-14 118784]"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 49152]"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-25 30192]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-26 198160]"KONICA MINOLTA PagePro 1350WStatusDisplay"="c:\windows\system32\MSTMON_Q.EXE" [2004-11-22 163840]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2008-10-07 95744]"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2010-09-23 4543232]"boinctray"="c:\program files\BOINC\boinctray.exe" [2010-09-23 58112]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264].c:\documents and settings\AEG\Start Menu\Programs\Startup\palmOne Registration.lnk - c:\program files\palmOne\register.exe [2005-9-19 2367488].c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]Connected TaskBar Icon.LNK - c:\program files\Connected\CBSysTray.exe [2006-6-4 114688]HOTSYNCSHORTCUTNAME.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040]Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2011-2-8 3600184].[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]"DisableMonitoring"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\download\\active note\\anote.exe"="c:\\Program Files\\Real\\RealPlayer\\realplay.exe"="c:\\Program Files\\ScanSoft\\PaperPort\\NAVBrowser.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Mozilla Firefox\\firefox.exe"="c:\\Program Files\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe"="c:\\Program Files\\palmOne\\Hotsync.exe"="c:\\Program Files\\Java\\jre6\\bin\\java.exe"="c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=.R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1206000.01D\symds.sys [5/2/2011 7:28 PM 340088]R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1206000.01D\symefa.sys [5/2/2011 7:28 PM 744568]R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20110701.001\BHDrvx86.sys [7/5/2011 11:03 PM 810616]R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1206000.01D\ironx86.sys [5/2/2011 7:28 PM 136312]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/31/2010 6:31 PM 366640]R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe [5/2/2011 7:27 PM 130008]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/9/2011 7:50 PM 105592]R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20110708.032\IDSXpx86.sys [7/9/2011 12:34 PM 355256]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/31/2010 6:31 PM 22712]S0 hniffhus;hniffhus;c:\windows\system32\drivers\tekkxu.sys --> c:\windows\system32\drivers\tekkxu.sys [?]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/18/2009 10:13 PM 135664]S2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.SYS [11/18/2004 9:13 PM 18848]S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/23/2007 10:13 PM 30192]S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/18/2009 10:13 PM 135664]S3 PPCtlPriv;PPCtlPriv;"c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe" --> c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [?].Contents of the 'Scheduled Tasks' folder.2011-07-10 c:\windows\Tasks\Google Software Updater.job- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-28 23:47].2011-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-19 02:13].2011-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-19 02:13].2011-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-896780939-1988205787-443253394-1005Core.job- c:\documents and settings\AEG\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-15 02:07].2011-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-896780939-1988205787-443253394-1005UA.job- c:\documents and settings\AEG\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-15 02:07].2011-06-28 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13].2011-07-10 c:\windows\Tasks\SystemToolsDailyTest.job- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.com/uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uDefault_Search_URL = hxxp://www.google.com/ieuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search/?q=%sIE: Add to EverNote - c:\program files\EverNote\EverNote\enbar.dll/2000IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Add to MobiPassword - c:\program files\Icom Consulting Inc\Mobipassword\PKLinksScript.htmIE: Address to MobiPassword - c:\program files\Icom Consulting Inc\Mobipassword\PKLinksScript1.htmIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000Trusted Zone: citibank.comTrusted Zone: intuit.comTrusted Zone: intuit.com\ttlcTrusted Zone: turbotax.comTCP: DhcpNameServer = 209.18.47.61 209.18.47.62FF - ProfilePath - c:\documents and settings\AEG\Application Data\Mozilla\Firefox\Profiles\xhuw7x3q.default\FF - prefs.js: browser.startup.homepage - hxxp://www.igoogle.com/FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.comFF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}FF - Ext: Delicious Bookmarks: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} - %profile%\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}FF - Ext: AddonFox: {ad48108d-92a6-4eb9-87e4-978aca1dbae4} - %profile%\extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4}FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}FF - Ext: Context Search: {902D2C4A-457A-4EF9-AD43-7014562929FF} - %profile%\extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF}FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\FirefoxFF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ffFF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\IPSFFPlgn.- - - - ORPHANS REMOVED - - - -.HKCU-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exeHKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exeAddRemove-WakefieldSoft-InfoSafe Plus_is1 - c:\program files\InfoSafe\uninst\unins000.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-07-10 14:29Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NAV]"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll\" /prefetch:1".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\x** ]"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'explorer.exe'(2600)c:\windows\system32\WININET.dllc:\program files\MozyHome\mozyshell.dllc:\program files\MozyHome\LIBEAY32.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\program files\Sandboxie\SbieSvc.exec:\program files\Google\Update\1.3.21.57\GoogleCrashHandler.exec:\program files\Connected\AgentSrv.EXEc:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exec:\windows\system32\drivers\CDAC11BA.EXEc:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exec:\program files\Java\jre6\bin\jqs.exec:\program files\MozyHome\mozybackup.exec:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exec:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exec:\windows\stsystra.exec:\windows\system32\rundll32.exec:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exec:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exec:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exec:\program files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exec:\program files\BOINC\boinc.exec:\documents and settings\All Users\Application Data\BOINC\projects\www.worldcommunitygrid.org\wcg_hcc1_img_6.42_windows_intelx86.**************************************************************************.Completion time: 2011-07-10 14:36:39 - machine was rebootedComboFix-quarantined-files.txt 2011-07-10 18:36.Pre-Run: 15,845,679,104 bytes freePost-Run: 15,820,099,584 bytes free.WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect.- - End Of File - - 08E272BCA1B44E3A018EAF77030FD402 Link to post Share on other sites More sharing options...
aeg Posted July 10, 2011 Author ID:451947 Share Posted July 10, 2011 ...[*]Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317The first time I ran DDS after comboxfix I failed to save the log. Ran DDS a second time; log is below. Am thinking you don't need the attach.txt log. I believe I have supplied everything you requested; if not, please advise. .DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Run by AEG at 14:56:34 on 2011-07-10Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.172 [GMT -4:00].AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}.============== Running Processes ===============.C:\WINDOWS\system32\svchost.exe -k DcomLaunchsvchost.exeC:\Program Files\Sandboxie\SbieSvc.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exesvchost.exeC:\Program Files\Connected\AgentSrv.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exesvchost.exeC:\WINDOWS\system32\drivers\CDAC11BA.EXEC:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\MozyHome\mozybackup.exeC:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\stsystra.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\system32\MSTMON_Q.EXEC:\Program Files\eFax Messenger 4.4\J2GDllCmd.exeC:\Program Files\BOINC\boincmgr.exeC:\Program Files\BOINC\boinctray.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Google\Google Talk\googletalk.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Sandboxie\SbieCtrl.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exeC:\Program Files\palmOne\Hotsync.exeC:\Program Files\MozyHome\mozystat.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exeC:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exeC:\Program Files\BOINC\boinc.exeC:\Documents and Settings\All Users\Application Data\BOINC\projects\www.worldcommunitygrid.org\wcg_hcc1_img_6.42_windows_intelx86C:\WINDOWS\explorer.exeC:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exeC:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\EverNote\EverNote\EverNote.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uDefault_Search_URL = hxxp://www.google.com/ieuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search/?q=%suURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dllBHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.6.0.29\ips\IPSBHO.DLLBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dllBHO: Video Download Toolbar Intercept: {b29002a0-87a1-4dc4-ac55-5982034eb61e} - c:\progra~1\videod~1\VIDEOD~1.DLLBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllBHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\12.0.742.112\npchrome_frame.dllBHO: PKIEhlpr Class: {ff32a4ce-e54d-11d3-9fb7-e3582b1bd44d} - c:\windows\system32\PKIEHLP2.dllTB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No FileTB: {C4069E3A-68F1-403E-B40E-20066696354B} - No FileTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No FileTB: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No FileuRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRun: [sandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exemRun: [sigmatelSysTrayApp] stsystra.exemRun: [dla] c:\windows\system32\dla\tfswctrl.exemRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startupmRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -startmRun: [igfxtray] c:\windows\system32\igfxtray.exemRun: [igfxhkcmd] c:\windows\system32\hkcmd.exemRun: [igfxpers] c:\windows\system32\igfxpers.exemRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentmRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startupmRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osbootmRun: [KONICA MINOLTA PagePro 1350WStatusDisplay] c:\windows\system32\MSTMON_Q.EXEmRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /RmRun: [boincmgr] "c:\program files\boinc\boincmgr.exe" /a /smRun: [boinctray] "c:\program files\boinc\boinctray.exe"mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraymRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostartdRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -tStartupFolder: c:\docume~1\aeg\startm~1\programs\startup\palmon~1.lnk - c:\program files\palmone\register.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\connec~1.lnk - c:\program files\connected\CBSysTray.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXEStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exeIE: Add to EverNote - c:\program files\evernote\evernote\enbar.dll/2000IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Add to MobiPassword - c:\program files\icom consulting inc\mobipassword\PKLinksScript.htmIE: Address to MobiPassword - c:\program files\icom consulting inc\mobipassword\PKLinksScript1.htmIE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dllIE: {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - {2151DA8C-C5B6-4B4F-86AB-BDA449BF8747} - c:\program files\evernote\evernote\enbar.dllTrusted Zone: citibank.comTrusted Zone: intuit.comTrusted Zone: intuit.com\ttlcTrusted Zone: turbotax.comDPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxps://support.dell.com/systemprofiler/SysPro.CABDPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cabDPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cabDPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204768226484DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabDPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cabDPF: {FD3FF62E-61A7-48EE-A4A4-97CE7BD1F99D} - hxxps://sa.kaplan.com/prx/000/http/localhost/client_sec/ktpa/SodaAgent.CABTCP: DhcpNameServer = 209.18.47.61 209.18.47.62TCP: Interfaces\{67EA944E-ED7F-47AE-873A-40602E5E9843} : DhcpNameServer = 209.18.47.61 209.18.47.62Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\12.0.742.112\npchrome_frame.dllNotify: igfxcui - igfxdev.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\aeg\application data\mozilla\firefox\profiles\xhuw7x3q.default\FF - prefs.js: browser.startup.homepage - hxxp://www.igoogle.com/FF - component: c:\documents and settings\aeg\application data\mozilla\firefox\profiles\xhuw7x3q.default\extensions\piclens@cooliris.com\components\coolirisstub.dllFF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\ipsffplgn\components\IPSFFPl.dllFF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dllFF - plugin: c:\documents and settings\aeg\application data\facebook\npfbplugin_1_0_1.dllFF - plugin: c:\documents and settings\aeg\application data\facebook\npfbplugin_1_0_3.dllFF - plugin: c:\documents and settings\aeg\application data\mozilla\firefox\profiles\xhuw7x3q.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dllFF - plugin: c:\documents and settings\aeg\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dllFF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dllFF - plugin: c:\program files\google\picasa3\npPicasa3.dllFF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dllFF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.comFF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}FF - Ext: Delicious Bookmarks: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} - %profile%\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}FF - Ext: AddonFox: {ad48108d-92a6-4eb9-87e4-978aca1dbae4} - %profile%\extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4}FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}FF - Ext: Context Search: {902D2C4A-457A-4EF9-AD43-7014562929FF} - %profile%\extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF}FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtensionFF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\google\google gears\FirefoxFF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ffFF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\IPSFFPlgn.============= SERVICES / DRIVERS ===============.R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1206000.01d\symds.sys [2011-5-2 340088]R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1206000.01d\symefa.sys [2011-5-2 744568]R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\bashdefs\20110701.001\BHDrvx86.sys [2011-7-5 810616]R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1206000.01d\ironx86.sys [2011-5-2 136312]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-10-31 366640]R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.6.0.29\ccsvchst.exe [2011-5-2 130008]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-9 105592]R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\ipsdefs\20110708.032\IDSXpx86.sys [2011-7-9 355256]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-10-31 22712]R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\virusdefs\20110710.003\NAVENG.SYS [2011-7-10 86008]R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\virusdefs\20110710.003\NAVEX15.SYS [2011-7-10 1542392]R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-3-24 126696]S0 hniffhus;hniffhus;c:\windows\system32\drivers\tekkxu.sys --> c:\windows\system32\drivers\tekkxu.sys [?]S1 VET-FILT;VET File System Filter; [x]S1 VET-REC;VET File System Recognizer; [x]S1 VETEFILE;VET File Scan Engine; [x]S1 VETFDDNT;VET Floppy Boot Sector Monitor; [x]S1 VETMONNT;VET File Monitor; [x]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-18 135664]S2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.SYS [2004-11-18 18848]S2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe --> c:\program files\ca\ca internet security suite\ca anti-virus\VetMsg.exe [?]S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-12-23 30192]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-11-18 135664]S3 PPCtlPriv;PPCtlPriv;"c:\program files\ca\ca internet security suite\ca anti-spyware\ppctlpriv.exe" --> c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [?]S3 VETEBOOT;VET Boot Scan Engine; [x].=============== Created Last 30 ================.2011-07-10 17:45:46 -------- d-sha-r- C:\cmdcons2011-07-10 17:40:46 98816 ----a-w- c:\windows\sed.exe2011-07-10 17:40:46 518144 ----a-w- c:\windows\SWREG.exe2011-07-10 17:40:46 256000 ----a-w- c:\windows\PEV.exe2011-07-10 17:40:46 208896 ----a-w- c:\windows\MBR.exe2011-06-20 22:39:27 -------- d--h--w- c:\windows\$hf_mig$2011-06-20 22:34:37 105472 ------w- c:\windows\system32\dllcache\mup.sys.==================== Find3M ====================.2011-06-26 00:31:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys2011-05-02 23:28:19 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL2011-05-02 23:28:19 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys.============= FINISH: 14:58:07.87 =============== Link to post Share on other sites More sharing options...
Staff screen317 Posted July 15, 2011 Staff ID:454126 Share Posted July 15, 2011 Hi,My apologies for the delay.Next, please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick ScanWait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topicNext, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Let me know how things are running now and what issues remain.-screen317 Link to post Share on other sites More sharing options...
aeg Posted July 17, 2011 Author ID:454846 Share Posted July 17, 2011 Hi,My apologies for the delay.Next, please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick ScanWait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topicNext, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Let me know how things are running now and what issues remain.-screen317Here is the ESET log file....ESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OK# version=7# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)# OnlineScanner.ocx=1.0.0.6528# api_version=3.0.2# EOSSerial=44cbe2ca756a3045b250a2b276a5a86a# end=finished# remove_checked=true# archives_checked=false# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2011-07-16 11:57:58# local_time=2011-07-16 07:57:58 (-0500, Eastern Daylight Time)# country="United States"# lang=9# osver=5.1.2600 NT Service Pack 3# compatibility_mode=768 16777215 100 0 13144022 13144022 0 0# compatibility_mode=1024 16777215 100 0 18321583 18321583 0 0# compatibility_mode=3584 16777175 100 0 0 0 0 0# compatibility_mode=8192 67108863 100 0 0 0 0 0# scanned=112068# found=0# cleaned=0# scan_time=10827and here is the Security Check log file... Results of screen317's Security Check version 0.99.7 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET Online Scanner v3 Norton AntiVirus Antivirus up to date! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Temp File Cleaner EasyCleaner Java 6 Update 20 Java SE Runtime Environment 6 Update 1 Java 6 Update 2 Java 6 Update 3 Java 2 Runtime Environment, SE v1.4.2_03 Out of date Java installed! Adobe Flash Player 10.3.181.26 Adobe Reader X (10.1.0) Mozilla Firefox (3.6.18) ```````````````````````````````` Process Check: objlist.exe by Laurent Norton ccSvcHst.exe Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe ``````````End of Log```````````` I haven't seen an attack in about a day but I don't find that reassuring. It's 8:13pm ET on Saturday in my timezone. I will post again by 6pm ET Sunday as to how the PC is doing.Thanks again for your help!Andrew Link to post Share on other sites More sharing options...
aeg Posted July 17, 2011 Author ID:455032 Share Posted July 17, 2011 I haven't seen an attack in about a day but I don't find that reassuring. It's 8:13pm ET on Saturday in my timezone. I will post again by 6pm ET Sunday as to how the PC is doing.Thanks again for your help!AndrewJust had an attack. Am posting the log from MBAM...12:49:14 (null) MESSAGE Protection started successfully12:50:23 AEG MESSAGE IP Protection started successfully13:20:31 AEG IP-BLOCK 208.87.32.75 (Type: outgoing)13:20:34 AEG IP-BLOCK 208.87.32.75 (Type: outgoing)Thanks,Andrew Link to post Share on other sites More sharing options...
Staff screen317 Posted July 21, 2011 Staff ID:456414 Share Posted July 21, 2011 Hi,Navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):Java™ 6 Update 20Java™ SE Runtime Environment 6 Update 1Java™ 6 Update 2Java™ 6 Update 3Java 2 Runtime Environment, SE v1.4.2_03 Restart your computer.Get the latest version of Java.Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.Next, please open Notepad - don't use any other text editor than notepad or the script will fail.Copy/paste the text in the box below into Notepad:Driver::hniffhusSave this as CFScript Then drag the CFScript into ComboFix.exe as you see in the screenshot below.This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.-screen317 Link to post Share on other sites More sharing options...
aeg Posted August 3, 2011 Author ID:461242 Share Posted August 3, 2011 Screen317,I had all the Java environments/patches you listed; they have been uninstalled. I have downloaded a new java environment but have not installed it yet. Combofix.txt was actaully log.txt (does this matter) and the contents are: ComboFix 11-08-02.03 - AEG 08/02/2011 22:04:11.2.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.321 [GMT -4:00]Running from: c:\documents and settings\AEG\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\AEG\Desktop\CFScript.txtAV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))...((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Service_hniffhus..((((((((((((((((((((((((( Files Created from 2011-07-03 to 2011-08-03 )))))))))))))))))))))))))))))))..2011-08-03 01:28 . 2006-12-15 08:09 49265 ----a-w- c:\windows\system32\jpicpl32.cpl2011-07-31 21:45 . 2011-08-02 16:55 -------- d-----w- c:\windows\system32\wbem\Logs2011-07-31 20:17 . 2011-07-31 20:17 -------- d-----w- c:\documents and settings\AEG\Local Settings\Application Data\Temp2011-07-27 01:43 . 2011-07-08 07:16 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll2011-07-27 01:43 . 2011-07-08 07:16 713016 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe2011-07-27 01:43 . 2011-07-08 07:16 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll2011-07-27 01:43 . 2011-07-08 07:16 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll2011-07-27 01:43 . 2011-07-08 07:16 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll2011-07-27 01:43 . 2011-07-08 07:16 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll2011-07-27 01:43 . 2011-07-08 07:16 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll2011-07-27 01:43 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll2011-07-27 01:43 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll2011-07-16 20:48 . 2011-07-16 20:48 -------- d-----w- c:\program files\ESET2011-07-11 03:36 . 1999-12-08 21:33 411352 ------w- c:\windows\system32\Vsflex6.ocx...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-07-12 01:21 . 2010-10-28 04:10 54776 ----a-w- c:\windows\system32\drivers\mozy.sys2011-07-06 23:52 . 2010-10-31 22:31 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-07-06 23:52 . 2010-10-31 22:31 22712 ----a-w- c:\windows\system32\drivers\mbam.sys2011-06-26 00:31 . 2011-05-15 23:44 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-06-02 14:02 . 2004-08-11 23:00 1858944 ----a-w- c:\windows\system32\win32k.sys2011-07-08 07:16 . 2011-07-27 01:43 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll2010-08-25 00:00 . 2007-12-24 02:13 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll..((((((((((((((((((((((((((((( SnapShot@2011-07-10_18.29.52 ))))))))))))))))))))))))))))))))))))))))).+ 2011-08-03 02:32 . 2011-08-03 02:32 16384 c:\windows\Temp\Perflib_Perfdata_c4.dat+ 2011-08-03 01:54 . 2011-08-03 01:54 16384 c:\windows\Temp\Perflib_Perfdata_6fc.dat+ 2011-08-03 01:52 . 2011-08-03 01:52 16384 c:\windows\Temp\Perflib_Perfdata_688.dat+ 2011-08-03 02:30 . 2011-08-03 02:30 16384 c:\windows\Temp\Perflib_Perfdata_26c.dat+ 2010-05-23 18:26 . 2006-12-15 06:31 53346 c:\windows\system32\javaw.exe+ 2010-05-23 18:26 . 2006-12-15 06:30 49248 c:\windows\system32\java.exe+ 2011-08-01 02:20 . 2011-07-12 01:21 54776 c:\windows\system32\DRVSTORE\mozy_B68A2C1AC1A0BBC5FE7D94CD5F67C3401062233A\mozy.sys+ 2009-12-14 07:08 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll- 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll+ 2004-08-11 23:00 . 2011-04-26 11:07 33280 c:\windows\system32\csrsrv.dll- 2004-08-11 23:00 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll+ 2006-06-03 18:00 . 2011-07-14 03:44 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat- 2006-06-03 18:00 . 2011-03-06 07:05 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat+ 2006-06-03 18:00 . 2011-07-14 03:44 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat- 2006-06-03 18:00 . 2011-03-06 07:05 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat- 2006-06-03 18:00 . 2011-03-06 07:05 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat+ 2011-07-14 03:44 . 2011-07-14 03:44 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat+ 2011-07-31 22:46 . 2011-07-31 22:46 22016 c:\windows\Installer\35f5db.msi- 2004-08-11 23:00 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll+ 2004-08-11 23:00 . 2011-04-26 11:07 293376 c:\windows\system32\winsrv.dll+ 2010-05-23 18:26 . 2006-12-15 08:09 127078 c:\windows\system32\javaws.exe+ 2004-08-11 23:06 . 2011-07-15 02:40 234368 c:\windows\system32\FNTCACHE.DAT- 2004-08-11 23:06 . 2011-04-17 13:34 234368 c:\windows\system32\FNTCACHE.DAT- 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll+ 2010-06-18 17:45 . 2011-04-26 11:07 293376 c:\windows\system32\dllcache\winsrv.dll- 2004-08-11 23:24 . 1998-10-29 21:45 306688 c:\windows\IsUninst.exe+ 2004-08-11 23:24 . 1998-10-29 20:45 306688 c:\windows\IsUninst.exe+ 2008-10-15 02:52 . 2011-06-02 14:02 1858944 c:\windows\system32\dllcache\win32k.sys+ 2011-08-01 02:20 . 2011-08-01 02:20 2178048 c:\windows\Installer\f8606a.msi+ 2006-06-03 18:30 . 2011-07-14 03:36 49089992 c:\windows\system32\MRT.exe.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B29002A0-87A1-4DC4-AC55-5982034EB61E}].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]2011-07-12 01:21 3473688 ----a-w- c:\program files\MozyHome\mozyshell.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]2011-07-12 01:21 3473688 ----a-w- c:\program files\MozyHome\mozyshell.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 68856]"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-03-24 409320].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]"SigmatelSysTrayApp"="stsystra.exe" [2005-11-17 397312]"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-07-14 94208]"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-07-14 77824]"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-07-14 118784]"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 49152]"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-25 30192]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-26 198160]"KONICA MINOLTA PagePro 1350WStatusDisplay"="c:\windows\system32\MSTMON_Q.EXE" [2004-11-22 163840]"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2008-10-07 95744]"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2010-09-23 4543232]"boinctray"="c:\program files\BOINC\boinctray.exe" [2010-09-23 58112]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264].c:\documents and settings\AEG\Start Menu\Programs\Startup\palmOne Registration.lnk - c:\program files\palmOne\register.exe [2005-9-19 2367488].c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]Connected TaskBar Icon.LNK - c:\program files\Connected\CBSysTray.exe [2006-6-4 114688]HOTSYNCSHORTCUTNAME.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040]Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2011-7-11 3640088].[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]"DisableMonitoring"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\download\\active note\\anote.exe"="c:\\Program Files\\Real\\RealPlayer\\realplay.exe"="c:\\Program Files\\ScanSoft\\PaperPort\\NAVBrowser.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Mozilla Firefox\\firefox.exe"="c:\\Program Files\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe"="c:\\Program Files\\palmOne\\Hotsync.exe"="c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=.R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1206000.01D\symds.sys [5/2/2011 7:28 PM 340088]R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1206000.01D\symefa.sys [5/2/2011 7:28 PM 744568]R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20110723.001\BHDrvx86.sys [7/22/2011 8:27 PM 815736]R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1206000.01D\ironx86.sys [5/2/2011 7:28 PM 136312]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/31/2010 6:31 PM 366640]R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe [5/2/2011 7:27 PM 130008]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/28/2011 5:32 AM 105592]R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20110729.030\IDSXpx86.sys [7/30/2011 2:35 PM 355256]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/31/2010 6:31 PM 22712]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/18/2009 10:13 PM 135664]S2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.SYS [11/18/2004 9:13 PM 18848]S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/23/2007 10:13 PM 30192]S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/18/2009 10:13 PM 135664]S3 PPCtlPriv;PPCtlPriv;"c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe" --> c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [?].Contents of the 'Scheduled Tasks' folder.2011-08-03 c:\windows\Tasks\Google Software Updater.job- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-28 23:47].2011-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-19 02:13].2011-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-19 02:13].2011-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-896780939-1988205787-443253394-1005Core.job- c:\documents and settings\AEG\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-15 02:07].2011-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-896780939-1988205787-443253394-1005UA.job- c:\documents and settings\AEG\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-15 02:07]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.com/uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uDefault_Search_URL = hxxp://www.google.com/ieuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search/?q=%sIE: Add to EverNote - c:\program files\EverNote\EverNote\enbar.dll/2000IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Add to MobiPassword - c:\program files\Icom Consulting Inc\Mobipassword\PKLinksScript.htmIE: Address to MobiPassword - c:\program files\Icom Consulting Inc\Mobipassword\PKLinksScript1.htmIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000Trusted Zone: citibank.comTrusted Zone: intuit.comTrusted Zone: intuit.com\ttlcTrusted Zone: turbotax.comTCP: DhcpNameServer = 209.18.47.61 209.18.47.62FF - ProfilePath - c:\documents and settings\AEG\Application Data\Mozilla\Firefox\Profiles\xhuw7x3q.default\FF - prefs.js: browser.startup.homepage - hxxp://www.igoogle.com/..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-08-02 22:32Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NAV]"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll\" /prefetch:1".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\x** ]"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'explorer.exe'(548)c:\windows\system32\WININET.dllc:\program files\MozyHome\mozyshell.dllc:\program files\MozyHome\LIBEAY32.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\program files\Sandboxie\SbieSvc.exec:\program files\Google\Update\1.3.21.65\GoogleCrashHandler.exec:\program files\Connected\AgentSrv.EXEc:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exec:\windows\system32\drivers\CDAC11BA.EXEc:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exec:\program files\MozyHome\mozybackup.exec:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exec:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exec:\windows\stsystra.exec:\windows\system32\rundll32.exec:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exec:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exec:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exec:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exec:\program files\BOINC\boinc.exec:\program files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exec:\windows\boinc.scrc:\program files\BOINC\boincscr.exe.**************************************************************************.Completion time: 2011-08-02 22:41:50 - machine was rebootedComboFix-quarantined-files.txt 2011-08-03 02:41ComboFix2.txt 2011-07-10 18:36.Pre-Run: 15,791,509,504 bytes freePost-Run: 15,776,899,072 bytes free.- - End Of File - - 7B4C08DEC63748917037E6A242CFFB18Ran DDS which produced dds.txt which is below:.DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702Run by AEG at 23:02:14 on 2011-08-02Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.35 [GMT -4:00].AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}.============== Running Processes ===============.C:\WINDOWS\system32\svchost.exe -k DcomLaunchsvchost.exeC:\Program Files\Sandboxie\SbieSvc.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exesvchost.exeC:\Program Files\Connected\AgentSrv.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exesvchost.exeC:\WINDOWS\system32\drivers\CDAC11BA.EXEC:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\MozyHome\mozybackup.exeC:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\stsystra.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\system32\MSTMON_Q.EXEC:\Program Files\eFax Messenger 4.4\J2GDllCmd.exeC:\Program Files\BOINC\boincmgr.exeC:\Program Files\BOINC\boinctray.exeC:\Program Files\Google\Google Talk\googletalk.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Sandboxie\SbieCtrl.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exeC:\Program Files\palmOne\Hotsync.exeC:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exeC:\Program Files\MozyHome\mozystat.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exeC:\Program Files\BOINC\boinc.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system32\notepad.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exeC:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exeC:\WINDOWS\system32\ctfmon.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uDefault_Search_URL = hxxp://www.google.com/ieuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search/?q=%suURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dllBHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.6.0.29\ips\IPSBHO.DLLBHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_11\bin\ssv.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dllBHO: Video Download Toolbar Intercept: {b29002a0-87a1-4dc4-ac55-5982034eb61e} - c:\progra~1\videod~1\VIDEOD~1.DLLBHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dllBHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\12.0.742.122\npchrome_frame.dllBHO: PKIEhlpr Class: {ff32a4ce-e54d-11d3-9fb7-e3582b1bd44d} - c:\windows\system32\PKIEHLP2.dllTB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No FileTB: {C4069E3A-68F1-403E-B40E-20066696354B} - No FileTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No FileTB: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No FileuRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRun: [sandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exemRun: [sigmatelSysTrayApp] stsystra.exemRun: [dla] c:\windows\system32\dla\tfswctrl.exemRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startupmRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -startmRun: [igfxtray] c:\windows\system32\igfxtray.exemRun: [igfxhkcmd] c:\windows\system32\hkcmd.exemRun: [igfxpers] c:\windows\system32\igfxpers.exemRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentmRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startupmRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osbootmRun: [KONICA MINOLTA PagePro 1350WStatusDisplay] c:\windows\system32\MSTMON_Q.EXEmRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /RmRun: [boincmgr] "c:\program files\boinc\boincmgr.exe" /a /smRun: [boinctray] "c:\program files\boinc\boinctray.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostartmRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraymRun: [sunJavaUpdateSched] c:\program files\java\jre1.5.0_11\bin\jusched.exedRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -tStartupFolder: c:\docume~1\aeg\startm~1\programs\startup\palmon~1.lnk - c:\program files\palmone\register.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\connec~1.lnk - c:\program files\connected\CBSysTray.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXEStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exeIE: Add to EverNote - c:\program files\evernote\evernote\enbar.dll/2000IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Add to MobiPassword - c:\program files\icom consulting inc\mobipassword\PKLinksScript.htmIE: Address to MobiPassword - c:\program files\icom consulting inc\mobipassword\PKLinksScript1.htmIE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dllIE: {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - {2151DA8C-C5B6-4B4F-86AB-BDA449BF8747} - c:\program files\evernote\evernote\enbar.dllTrusted Zone: citibank.comTrusted Zone: intuit.comTrusted Zone: intuit.com\ttlcTrusted Zone: turbotax.comDPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxps://support.dell.com/systemprofiler/SysPro.CABDPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cabDPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cabDPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204768226484DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabDPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cabDPF: {FD3FF62E-61A7-48EE-A4A4-97CE7BD1F99D} - hxxps://sa.kaplan.com/prx/000/http/localhost/client_sec/ktpa/SodaAgent.CABTCP: DhcpNameServer = 209.18.47.61 209.18.47.62TCP: Interfaces\{67EA944E-ED7F-47AE-873A-40602E5E9843} : DhcpNameServer = 209.18.47.61 209.18.47.62Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\12.0.742.122\npchrome_frame.dllNotify: igfxcui - igfxdev.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\aeg\application data\mozilla\firefox\profiles\xhuw7x3q.default\FF - prefs.js: browser.startup.homepage - hxxp://www.igoogle.com/FF - plugin: c:\documents and settings\aeg\application data\facebook\npfbplugin_1_0_1.dllFF - plugin: c:\documents and settings\aeg\application data\facebook\npfbplugin_1_0_3.dllFF - plugin: c:\documents and settings\aeg\application data\mozilla\firefox\profiles\xhuw7x3q.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dllFF - plugin: c:\documents and settings\aeg\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dllFF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dllFF - plugin: c:\program files\google\picasa3\npPicasa3.dllFF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dllFF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dllFF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll.============= SERVICES / DRIVERS ===============.R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1206000.01d\symds.sys [2011-5-2 340088]R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1206000.01d\symefa.sys [2011-5-2 744568]R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\bashdefs\20110723.001\BHDrvx86.sys [2011-7-22 815736]R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1206000.01d\ironx86.sys [2011-5-2 136312]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-10-31 366640]R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.6.0.29\ccsvchst.exe [2011-5-2 130008]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-28 105592]R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\ipsdefs\20110729.030\IDSXpx86.sys [2011-7-30 355256]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-10-31 22712]R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\virusdefs\20110731.003\NAVENG.SYS [2011-7-31 86008]R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\virusdefs\20110731.003\NAVEX15.SYS [2011-7-31 1542392]R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-3-24 126696]S1 VET-FILT;VET File System Filter; [x]S1 VET-REC;VET File System Recognizer; [x]S1 VETEFILE;VET File Scan Engine; [x]S1 VETFDDNT;VET Floppy Boot Sector Monitor; [x]S1 VETMONNT;VET File Monitor; [x]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-18 135664]S2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.SYS [2004-11-18 18848]S2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe --> c:\program files\ca\ca internet security suite\ca anti-virus\VetMsg.exe [?]S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-12-23 30192]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-11-18 135664]S3 PPCtlPriv;PPCtlPriv;"c:\program files\ca\ca internet security suite\ca anti-spyware\ppctlpriv.exe" --> c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [?]S3 VETEBOOT;VET Boot Scan Engine; [x].=============== Created Last 30 ================.2011-08-03 02:00:32 -------- d-----w- C:\ComboFix2011-08-03 01:28:44 49265 ----a-w- c:\windows\system32\jpicpl32.cpl2011-07-31 21:45:53 -------- d-----w- c:\windows\system32\wbem\Logs2011-07-31 20:17:48 -------- d-----w- c:\documents and settings\aeg\local settings\application data\Temp2011-07-27 01:43:36 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll2011-07-27 01:43:34 713016 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe2011-07-27 01:43:18 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll2011-07-27 01:43:17 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll2011-07-27 01:43:17 1850328 ----a-w- c:\program files\mozilla firefox\mozjs.dll2011-07-27 01:43:17 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll2011-07-27 01:43:16 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll2011-07-27 01:43:14 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll2011-07-27 01:43:12 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll2011-07-16 20:48:48 -------- d-----w- c:\program files\ESET2011-07-11 03:36:05 411352 ------w- c:\windows\system32\Vsflex6.ocx2011-07-10 17:45:46 -------- d-sha-r- C:\cmdcons2011-07-10 17:40:46 98816 ----a-w- c:\windows\sed.exe2011-07-10 17:40:46 518144 ----a-w- c:\windows\SWREG.exe2011-07-10 17:40:46 256000 ----a-w- c:\windows\PEV.exe2011-07-10 17:40:46 208896 ----a-w- c:\windows\MBR.exe.==================== Find3M ====================.2011-07-12 01:21:36 54776 ----a-w- c:\windows\system32\drivers\mozy.sys2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys2011-06-26 00:31:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys.============= FINISH: 23:03:19.79 ===============Thank you,AEG Link to post Share on other sites More sharing options...
Staff screen317 Posted August 4, 2011 Staff ID:461837 Share Posted August 4, 2011 Hi,Describe the issues you are currently experiencing, in detail.Are you currently connected through a router? Link to post Share on other sites More sharing options...
aeg Posted August 8, 2011 Author ID:463227 Share Posted August 8, 2011 Hi,Describe the issues you are currently experiencing, in detail.Are you currently connected through a router?Just the same thing as initially reported. MBAM will occaisionally (usually at least once a week) post that an outoing IP attack has been halted. I use a linksys wireless router, but the PC that is experiencing the problem is cabled to the router.Thanks,AEG Link to post Share on other sites More sharing options...
Staff screen317 Posted August 10, 2011 Staff ID:464451 Share Posted August 10, 2011 Run DDS again and post attach.txtIs it when visiting a specific site? Is it the same IP being blocked every time? Post a protection log.. Link to post Share on other sites More sharing options...
aeg Posted August 12, 2011 Author ID:464991 Share Posted August 12, 2011 Run DDS again and post attach.txtIs it when visiting a specific site? Is it the same IP being blocked every time? Post a protection log..Requested filed uploaded as zips. Not always the same outgoing IP address attack but the IP addresses do seem to repeat themselves. Not sure which website it was... haven't had an attack sinc 8/2.Thanks again,AEGattach.zipprotection-log.zip Link to post Share on other sites More sharing options...
Staff screen317 Posted August 15, 2011 Staff ID:466002 Share Posted August 15, 2011 If you haven't had any alerts since 8/2, I think you're in good shape here. Are you currently experiencing any other issues? Link to post Share on other sites More sharing options...
Staff screen317 Posted September 1, 2011 Staff ID:471438 Share Posted September 1, 2011 Are you still with us? This topic will be closed in a few days if we do not hear back from you. Link to post Share on other sites More sharing options...
Staff screen317 Posted September 18, 2011 Staff ID:476993 Share Posted September 18, 2011 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts