Jump to content

Unable to remove malware


Recommended Posts

Please help, I cannot run any software that attempts to scan/clean the registry. Malwarebytes and GMER do not run.

Thank you for your help in advance!

Here is the DDS log:

.

DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK

Internet Explorer: 8.0.6001.18702

Run by Da Chief at 21:37:53 on 2011-07-26

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.651 [GMT -5:00]

.

AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *Enabled*

.

============== Running Processes ===============

.

"\\.\globalroot\Device\svchost.exe\svchost.exe"

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2645238

uSearch Page =

mSearch Bar =

mSearchAssistant =

uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZone.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {0AA6C63C-09D3-E5E7-0A8E-04F7B826233B} - No File

BHO: {23A77CDF-A00B-97AC-0C46-8F47AA1690AB} - No File

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: {33A52CAA-E6B2-6BF5-6851-6B2529CEB91F} - No File

BHO: {38684DAB-CE7D-692F-F285-5CE5F24E21F4} - No File

BHO: {4FFA43FF-72B3-546D-9E16-73461949C216} - No File

BHO: {538ECC2F-29D9-9161-D485-51734843D8C5} - No File

BHO: {6D630876-786A-8F26-109F-C41B095EC5DC} - No File

BHO: {7429B660-821E-1F16-2AAC-597DCDB12248} - No File

BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll

BHO: {7DA550B2-7C5D-9846-4100-3702AC47DCB4} - No File

BHO: {80D79146-9A94-94FC-2D86-344D3D04EE7A} - No File

BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

BHO: {8D48267B-92A9-5684-83DC-0E47E94F8B80} - No File

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZone.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll

BHO: {C147E648-9788-CC12-6EC4-B3F2FA7366D0} - No File

BHO: {C3F84830-18F3-1D3D-C769-86D58A213F17} - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: {E29CD8F5-8770-88FC-7869-830FD4AAE7E4} - No File

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: {fd36cb53-f43e-c115-ed98-e1f307c77fd6} - Class

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZone.dll

TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

EB: MoneySide: {9404901d-06da-4b23-a0ee-3ea4f64ec9b3} - c:\program files\microsoft money\system\mnyviewer.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden

uRun: [Google Update] "c:\documents and settings\da chief\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [basicsmssmenu] "c:\program files\seagate\basics\basics status\MaxMenuMgrBasics.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2

mRun: [<NO NAME>]

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [tray_ico]

mRun: [tray_ico1]

mRun: [tray_ico2]

mRun: [tray_ico3]

mRun: [tray_ico4]

mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot

mRun: [sysdriver32.exe] "c:\windows\sysdriver32.exe" rezerv

mRun: [sysdriver32_.exe] "c:\windows\sysdriver32_.exe" rezerv

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

dRunOnce: [RealUpgradeHelper] "c:\program files\common files\real\update_ob\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

mPolicies-explorer: <NO NAME> =

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableSecureUIAPaths = 0 (0x0)

IE: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}

LSP: mswsock.dll

DPF: DirectAnimation Java Classes

DPF: Microsoft XML Parser for Java

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab

DPF: {10000000-1000-0000-1000-000000000000}

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - hxxp://stream10k.redhotnetworks.com/cabs/videox.cab

DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1289663415859

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 208.67.222.222

TCP: Interfaces\{5CF3BE51-6AF6-44CB-BE3E-716AEACF4B28} : DhcpNameServer = 68.87.64.140

TCP: Interfaces\{A65E9A57-E5C3-406C-A1BF-D7848D03A58C} : DhcpNameServer = 68.87.64.196 68.87.66.196 68.42.44.6

TCP: Interfaces\{FACA92BF-8C92-4468-8385-3FC3AB1A456B} : DhcpNameServer = 208.67.222.222

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Notification Packages =

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-11-8 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-11-8 173104]

S1 BHDrvx86;BHDrvx86;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20110701.001\bhdrvx86.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20110701.001\BHDrvx86.sys [?]

S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-11-8 501888]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-11-8 116784]

S2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-25 135664]

S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-2-15 26872]

S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-2-15 488952]

S2 N360;Norton Security Suite;"c:\program files\norton security suite\engine\4.3.0.5\ccsvchst.exe" /s "n360" /m "c:\program files\norton security suite\engine\4.3.0.5\dimaster.dll" /prefetch:1 --> c:\program files\norton security suite\engine\4.3.0.5\ccSvcHst.exe [?]

S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\RUBotSrv.exe [2011-7-24 439632]

S2 srvsysdriver32;srvsysdriver32;c:\windows\sysdriver32.exe srv --> c:\windows\sysdriver32.exe srv [?]

S2 wxpdrivers;wxpdrivers;c:\windows\update.1\svchost.exe srv --> c:\windows\update.1\svchost.exe srv [?]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-15 105592]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2010-12-25 18560]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-25 135664]

S3 IDSxpx86;IDSxpx86;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20110722.031\idsxpx86.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20110722.031\IDSxpx86.sys [?]

S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [2010-12-25 33792]

S3 NAVENG;NAVENG;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110723.002\naveng.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110723.002\NAVENG.SYS [?]

S3 NAVEX15;NAVEX15;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110723.002\navex15.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110723.002\NAVEX15.SYS [?]

S3 RioS35;RioS35S driver;c:\windows\system32\drivers\RioS35.sys [2003-11-24 12661]

S3 srvbtcclient;srvbtcclient;c:\windows\update.5.0\svchost.exe srv --> c:\windows\update.5.0\svchost.exe srv [?]

S3 srviecheck;srviecheck;c:\windows\update.2\svchost.exe srv --> c:\windows\update.2\svchost.exe srv [?]

S3 Sunplus;Mega Camera Still Image Capture, Sunplus Version 1.00;c:\windows\system32\drivers\bulk504.sys --> c:\windows\system32\drivers\Bulk504.sys [?]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-7-24 532224]

S3 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2008-2-11 388936]

S4 252AC355;252AC355;c:\windows\system32\503b02b6.exe -k --> c:\windows\system32\503B02B6.EXE -k [?]

.

=============== Created Last 30 ================

.

2011-07-27 02:11:24 -------- d-----w- c:\program files\CCleaner

2011-07-27 01:23:26 -------- d-----w- c:\documents and settings\da chief\application data\Malwarebytes

2011-07-27 01:23:15 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-27 01:23:14 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-07-27 01:23:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-27 01:23:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-27 01:07:00 -------- d-----w- c:\windows\ufa

2011-07-27 01:07:00 -------- d-----w- c:\windows\rpcminer

2011-07-27 01:07:00 -------- d-----w- c:\windows\phoenix

2011-07-27 00:44:07 261632 ----a-w- c:\windows\sysdriver32.exe

2011-07-25 04:20:39 -------- d--h--w- c:\windows\update.3

2011-07-25 02:22:30 -------- d-----w- C:\_OTM

2011-07-25 01:24:39 -------- d-----w- c:\documents and settings\da chief\application data\CheckPoint

2011-07-25 01:24:04 -------- d-----w- c:\program files\Conduit

2011-07-25 01:23:59 -------- d-----w- c:\documents and settings\da chief\local settings\application data\ZoneAlarm_Security

2011-07-25 01:23:58 -------- d-----w- c:\documents and settings\da chief\local settings\application data\Conduit

2011-07-25 01:23:56 -------- d-----w- c:\program files\ZoneAlarm_Security

2011-07-25 01:23:01 -------- d-----w- c:\program files\CheckPoint

2011-07-25 01:22:45 1238528 ----a-w- c:\windows\system32\zpeng25.dll

2011-07-25 01:22:45 -------- d-----w- c:\windows\system32\ZoneLabs

2011-07-25 01:22:42 -------- d-----w- c:\program files\Zone Labs

2011-07-25 00:54:08 388096 ----a-r- c:\documents and settings\da chief\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-07-24 20:17:20 -------- d-----w- c:\documents and settings\da chief\application data\WinPatrol

2011-07-24 20:17:03 -------- d-----w- c:\program files\BillP Studios

2011-07-24 20:17:02 -------- d-----w- c:\documents and settings\all users\application data\InstallMate

2011-07-24 19:36:38 -------- d-----w- c:\program files\Program

2011-07-24 19:14:36 56400 ----a-w- c:\windows\system32\drivers\tmrkb.sys

2011-07-24 19:14:36 -------- d-----w- c:\documents and settings\da chief\log

2011-07-24 19:13:02 -------- d-----w- c:\documents and settings\all users\application data\Trend Micro

2011-07-24 19:04:04 -------- d-----w- c:\program files\Trend Micro

2011-07-24 18:40:27 118784 ----a-w- c:\windows\systemup.exe

2011-07-24 18:37:05 200464 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2011-07-24 18:36:40 -------- d--h--w- c:\windows\update.5.0

2011-07-24 18:34:36 232960 ----a-w- c:\windows\l1rezerv.exe

2011-07-24 18:30:59 -------- d--h--w- c:\windows\update.2

2011-07-24 18:29:39 246272 ----a-w- c:\windows\unrar.exe

2011-07-24 17:48:47 -------- d-----w- c:\windows\av_ico

2011-07-24 17:48:19 256000 ----a-w- c:\windows\sysdriver32_.exe

2011-07-24 17:48:05 256000 ----a-w- c:\windows\sysdriver32.exe100000

2011-07-24 17:38:43 -------- d--h--w- c:\windows\update.1

2011-07-24 17:38:00 -------- d--h--w- c:\windows\update.tray-10-0-lnk

2011-07-24 17:38:00 -------- d--h--w- c:\windows\update.tray-10-0

2011-07-24 16:36:30 1174016 ----a-w- c:\windows\services32.exe

2011-06-28 18:10:35 -------- d-----w- c:\documents and settings\da chief\local settings\application data\CyberLink

.

==================== Find3M ====================

.

2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-05-04 09:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-05-04 07:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2005-05-21 15:16:00 125855 -c----w- c:\program files\SBC Self Support Tool

.

============= FINISH: 21:39:35.53 ===============

attach.zip

Link to post
Share on other sites

  • Staff

Hello and welcome to Malwarebytes.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Thanks for the response!

I ran ComboFix and DDS again. The logs are below:

ComboFix 11-08-02.03 - Da Chief 08/02/2011 19:23:07.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.692 [GMT -5:00]

Running from: c:\documents and settings\Da Chief\Desktop\ComboFix.exe

AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\All Users\Start Menu\Programs\System Security

c:\documents and settings\All Users\Start Menu\Programs\System Security\Lavasoft Ad-Aware SE Personal\Ad-Aware SE Manual.lnk

c:\documents and settings\All Users\Start Menu\Programs\System Security\Lavasoft Ad-Aware SE Personal\Ad-Aware SE Personal.lnk

c:\documents and settings\All Users\Start Menu\Programs\System Security\Lavasoft Ad-Aware SE Personal\Uninstall Ad-Aware SE Personal.lnk

c:\documents and settings\All Users\Start Menu\Programs\System Security\RegSupreme Pro.lnk

c:\documents and settings\All Users\Start Menu\Programs\System Security\SBC Yahoo! DSL\SBC Yahoo! Online Protection.lnk

c:\documents and settings\All Users\Start Menu\Programs\System Security\SBC Yahoo! DSL\Uninstall SBC Yahoo! Applications.lnk

c:\documents and settings\All Users\Start Menu\Programs\System Security\Spybot - Search & Destroy\Spybot - Search & Destroy.lnk

c:\documents and settings\All Users\Start Menu\Programs\System Security\Spybot - Search & Destroy\Uninstall Spybot - Search & Destroy.lnk

c:\documents and settings\All Users\Start Menu\Programs\System Security\Zone Labs\Readme.lnk

c:\documents and settings\All Users\Start Menu\Programs\System Security\Zone Labs\Uninstall Zone Labs Security.lnk

c:\documents and settings\All Users\Start Menu\Programs\System Security\Zone Labs\Zone Labs Security Tutorial.lnk

c:\documents and settings\All Users\Start Menu\Programs\System Security\Zone Labs\Zone Labs Security.lnk

c:\documents and settings\Da Chief\WINDOWS

c:\documents and settings\Default User\WINDOWS

c:\program files\Dynamic Toolbar

c:\program files\Dynamic Toolbar\DivX\DivX Bundle.log

c:\program files\Dynamic Toolbar\DivX\DivX Codec\config.exe

c:\program files\Dynamic Toolbar\DivX\DivX Codec\DivX help guide.url

c:\program files\Dynamic Toolbar\DivX\DivX Codec\DivX.com.url

c:\program files\Dynamic Toolbar\DivX\DivX Codec\LICENSE.TXT

c:\program files\Dynamic Toolbar\DivX\DivX Codec\mm.ico

c:\program files\Dynamic Toolbar\DivX\DivX Codec\README.txt

c:\program files\Dynamic Toolbar\DivX\DivX Player 2.1\DivX Player 2.1.exe

c:\program files\Dynamic Toolbar\DivX\DivX Player 2.1\DivX.com.url

c:\program files\Dynamic Toolbar\DivX\DivX Player 2.1\DivXPlayer.dbf

c:\program files\Dynamic Toolbar\DivX\DivX Player 2.1\LICENSE.TXT

c:\program files\Dynamic Toolbar\DivX\DivX Player 2.1\README.txt

c:\program files\Dynamic Toolbar\DivX\DivX Player 2.1\Skins\Default.dps

c:\program files\INSTALL.LOG

c:\program files\messenger\msmsgsin.exe

c:\program files\MyWay

c:\windows\$NtUninstallKB44347$

c:\windows\$NtUninstallKB44347$\1623077498\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}

c:\windows\$NtUninstallKB44347$\1623077498\L\asobptkf

c:\windows\$NtUninstallKB44347$\1623077498\loader.tlb

c:\windows\$NtUninstallKB44347$\1623077498\U\$000000cf

c:\windows\$NtUninstallKB44347$\1623077498\U\@00000001

c:\windows\$NtUninstallKB44347$\1623077498\U\@000000c0

c:\windows\$NtUninstallKB44347$\1623077498\U\@000000cb

c:\windows\$NtUninstallKB44347$\1623077498\U\@000000cf

c:\windows\$NtUninstallKB44347$\1623077498\U\@80000000

c:\windows\$NtUninstallKB44347$\1623077498\U\@800000c0

c:\windows\$NtUninstallKB44347$\1623077498\U\@800000cb

c:\windows\$NtUninstallKB44347$\1623077498\U\@800000cf

c:\windows\$NtUninstallKB44347$\3096786832

c:\windows\btc_client_iplist.txt

c:\windows\ddh_iplist.txt

c:\windows\Fonts\acrsec.fon

c:\windows\Fonts\acrsecB.fon

c:\windows\Fonts\acrsecI.fon

c:\windows\front_ip_list.txt

c:\windows\geoiplist

c:\windows\geoiplist.rar

c:\windows\iecheck_iplist.txt

c:\windows\info1

c:\windows\iplist.txt

c:\windows\l1rezerv.exe

c:\windows\loader2.exe_ok

c:\windows\phoenix

c:\windows\phoenix.rar

c:\windows\phoenix\kernels\phatk\__init__.py

c:\windows\phoenix\kernels\phatk\BFIPatcher.py

c:\windows\phoenix\kernels\phatk\kernel.cl

c:\windows\phoenix\kernels\poclbm\__init__.py

c:\windows\phoenix\kernels\poclbm\BFIPatcher.py

c:\windows\phoenix\kernels\poclbm\kernel.cl

c:\windows\phoenix\phoenix.exe

c:\windows\proc_list1.log

c:\windows\rpcminer

c:\windows\rpcminer.rar

c:\windows\rpcminer\bitcoinminercuda_10.cubin

c:\windows\rpcminer\bitcoinminercuda_11.cubin

c:\windows\rpcminer\bitcoinminercuda_20.cubin

c:\windows\rpcminer\bitcoinmineropencl.cl

c:\windows\rpcminer\cudart32_32_16.dll

c:\windows\rpcminer\curllib.dll

c:\windows\rpcminer\libeay32.dll

c:\windows\rpcminer\libsasl.dll

c:\windows\rpcminer\openldap.dll

c:\windows\rpcminer\rpcminer-4way.exe

c:\windows\rpcminer\rpcminer-cpu.exe

c:\windows\rpcminer\rpcminer-cuda.exe

c:\windows\rpcminer\rpcminer-opencl.exe

c:\windows\rpcminer\ssleay32.dll

c:\windows\services32.exe

c:\windows\sysdriver32.exe

c:\windows\sysdriver32.exe100000

c:\windows\sysdriver32_.exe

c:\windows\system32\c_06904.nls

c:\windows\system32\config\systemprofile\WINDOWS

c:\windows\system32\drivers\etc\HSTS~1

c:\windows\system32\rnaph.dll

c:\windows\systemup.exe

c:\windows\TEMP\7614684.exe

c:\windows\ufa.rar

c:\windows\update.1

c:\windows\update.1\svchost.exe

c:\windows\update.2

c:\windows\update.3

c:\windows\update.3\svchost.exe

c:\windows\update.5.0

c:\windows\w_distrib_iplist.txt

c:\windows\winlog-dirs.txt

c:\windows\winlog-ids.txt

.

Infected copy of c:\windows\system32\drivers\ipsec.sys was found and disinfected

Restored copy from - The cat found it :)

Infected copy of c:\windows\SYSTEM32\wuauclt.exe was found and disinfected

Restored copy from - c:\windows\system32\dllcache\wuauclt.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

-------\Legacy_SRVBTCCLIENT

-------\Legacy_SRVIECHECK

-------\Legacy_SRVSYSDRIVER32

-------\Legacy_WXPDRIVERS

-------\Service_srvbtcclient

-------\Service_srviecheck

-------\Service_srvsysdriver32

-------\Service_wxpdrivers

.

.

((((((((((((((((((((((((( Files Created from 2011-07-03 to 2011-08-03 )))))))))))))))))))))))))))))))

.

.

2011-08-03 00:12 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys

2011-08-03 00:12 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\dllcache\ipsec.sys

2011-07-28 04:08 . 2011-07-28 04:08 -------- d-----w- c:\program files\CCleaner

2011-07-28 03:48 . 2011-07-28 03:48 388096 ----a-r- c:\documents and settings\Da Chief\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-07-27 01:23 . 2011-07-27 01:23 -------- d-----w- c:\documents and settings\Da Chief\Application Data\Malwarebytes

2011-07-27 01:23 . 2011-07-07 00:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-27 01:23 . 2011-07-27 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-07-27 01:23 . 2011-07-27 02:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-27 01:23 . 2011-07-07 00:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-27 01:07 . 2011-07-27 01:07 -------- d-----w- c:\windows\ufa

2011-07-25 02:22 . 2011-07-25 02:22 -------- d-----w- C:\_OTM

2011-07-25 01:24 . 2011-07-25 01:24 -------- d-----w- c:\documents and settings\Da Chief\Application Data\CheckPoint

2011-07-25 01:24 . 2011-07-25 01:24 -------- d-----w- c:\program files\Conduit

2011-07-25 01:23 . 2011-07-25 01:23 -------- d-----w- c:\documents and settings\Da Chief\Local Settings\Application Data\ZoneAlarm_Security

2011-07-25 01:23 . 2011-07-25 01:24 -------- d-----w- c:\documents and settings\Da Chief\Local Settings\Application Data\Conduit

2011-07-25 01:23 . 2011-07-25 01:23 -------- d-----w- c:\program files\ZoneAlarm_Security

2011-07-25 01:23 . 2011-07-25 01:23 -------- d-----w- c:\program files\CheckPoint

2011-07-25 01:22 . 2011-03-18 06:24 69120 ----a-w- c:\windows\system32\zlcomm.dll

2011-07-25 01:22 . 2011-03-18 06:24 104448 ----a-w- c:\windows\system32\zlcommdb.dll

2011-07-25 01:22 . 2011-07-25 01:24 -------- d-----w- c:\windows\system32\ZoneLabs

2011-07-25 01:22 . 2011-03-18 06:24 1238528 ----a-w- c:\windows\system32\zpeng25.dll

2011-07-25 01:22 . 2011-07-25 01:22 -------- d-----w- c:\program files\Zone Labs

2011-07-24 20:17 . 2011-07-24 20:17 -------- d-----w- c:\documents and settings\Da Chief\Application Data\WinPatrol

2011-07-24 20:17 . 2011-07-24 20:17 -------- d-----w- c:\program files\BillP Studios

2011-07-24 20:17 . 2011-07-24 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate

2011-07-24 19:36 . 2011-07-28 03:47 -------- d-----w- c:\program files\Program

2011-07-24 19:14 . 2011-07-25 00:59 56400 ----a-w- c:\windows\system32\drivers\tmrkb.sys

2011-07-24 19:14 . 2011-07-24 19:14 -------- d-----w- c:\documents and settings\Da Chief\log

2011-07-24 19:13 . 2011-07-24 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro

2011-07-24 19:04 . 2011-07-24 19:10 -------- d-----w- c:\program files\Trend Micro

2011-07-24 18:37 . 2011-05-16 01:04 200464 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2011-07-24 18:34 . 2011-07-24 18:34 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2011-07-24 18:29 . 2011-07-27 01:06 246272 ----a-w- c:\windows\unrar.exe

2011-07-24 17:48 . 2011-07-24 17:48 -------- d-----w- c:\windows\av_ico

2011-07-24 17:38 . 2011-07-24 17:38 -------- d--h--w- c:\windows\update.tray-10-0

2011-07-24 17:38 . 2011-07-24 17:38 -------- d--h--w- c:\windows\update.tray-10-0-lnk

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-02 14:02 . 2010-10-09 18:38 1858944 ----a-w- c:\windows\system32\win32k.sys

2005-05-21 15:16 . 2005-10-26 02:25 125855 -c----w- c:\program files\SBC Self Support Tool

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]

.

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

2011-03-28 16:22 176936 ----a-w- c:\program files\ZoneAlarm_Security\prxtbZone.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]

.

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-01 39408]

"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]

"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-10-06 49152]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]

"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]

"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-04 202256]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RealUpgradeHelper"="c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe" [2010-08-04 136744]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableSecureUIAPaths"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk

backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP OfficeJet Startup.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP OfficeJet Startup.lnk

backup=c:\windows\pss\HP OfficeJet Startup.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

c:\windows\system32\dumprep 0 -u [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

1 [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]

2002-12-17 18:28 684032 -c--a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-05-27 19:52 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]

2007-11-16 19:20 91432 ----a-w- c:\program files\CyberLink\Shared files\brs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]

2002-04-03 06:01 135264 ----a-w- c:\program files\Creative\SBLive\Diagnostics\diagent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]

2002-08-15 00:22 28672 -c--a-r- c:\windows\SYSTEM32\DSentry.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-09-24 07:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2007-10-11 17:06 62760 ------w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]

2006-01-19 15:06 11776 -c--a-w- c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]

2001-07-25 15:00 241714 -c--a-w- c:\program files\Microsoft Money\System\Activation.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2003-10-06 20:16 49152 ----a-w- c:\windows\SYSTEM32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2003-10-06 20:16 741376 ----a-w- c:\windows\SYSTEM32\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2007-10-28 14:35 72736 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]

2011-03-18 06:24 1043968 ----a-w- c:\program files\Zone Labs\ZoneAlarm\zlclient.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

"DisableThumbnailCache"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

"c:\\WINDOWS\\SYSTEM32\\ZoneLabs\\vsmon.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

.

R0 SymDS;Symantec Data Store;c:\windows\SYSTEM32\DRIVERS\N360\0403000.005\symds.sys [11/8/2010 1:13 AM 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\N360\0403000.005\symefa.sys [11/8/2010 1:13 AM 173104]

R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\N360\0403000.005\cchpx86.sys [11/8/2010 1:13 AM 501888]

R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [6/17/2009 12:49 PM 616408]

R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2/15/2011 10:25 AM 26872]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/26/2011 8:23 PM 366640]

R3 MBAMProtector;MBAMProtector;c:\windows\SYSTEM32\DRIVERS\mbam.sys [7/26/2011 8:23 PM 22712]

S1 BHDrvx86;BHDrvx86;\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110701.001\BHDrvx86.sys --> c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110701.001\BHDrvx86.sys [?]

S1 SymIRON;Symantec Iron Driver;c:\windows\SYSTEM32\DRIVERS\N360\0403000.005\ironx86.sys [11/8/2010 1:13 AM 116784]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/25/2010 10:55 AM 135664]

S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [2/15/2011 10:25 AM 488952]

S2 N360;Norton Security Suite;"c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe" /s "N360" /m "c:\program files\Norton Security Suite\Engine\4.3.0.5\diMaster.dll" /prefetch:1 --> c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe [?]

S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\RUBotSrv.exe [7/24/2011 2:10 PM 439632]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/15/2011 10:27 AM 105592]

S3 FlyUsb;FLY Fusion;c:\windows\SYSTEM32\DRIVERS\FlyUsb.sys [12/25/2010 4:38 PM 18560]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/25/2010 10:55 AM 135664]

S3 IDSxpx86;IDSxpx86;\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110722.031\IDSxpx86.sys --> c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110722.031\IDSxpx86.sys [?]

S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\SYSTEM32\DRIVERS\btblan.sys [12/25/2010 4:37 PM 33792]

S3 RioS35;RioS35S driver;c:\windows\SYSTEM32\DRIVERS\RioS35.sys [11/24/2003 7:52 PM 12661]

S3 Sunplus;Mega Camera Still Image Capture, Sunplus Version 1.00;c:\windows\system32\Drivers\Bulk504.sys --> c:\windows\system32\Drivers\Bulk504.sys [?]

S3 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2/11/2008 1:59 PM 388936]

S4 252AC355;252AC355;c:\windows\system32\503B02B6.EXE -k --> c:\windows\system32\503B02B6.EXE -k [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-22 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

.

2011-08-03 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-01 23:49]

.

2011-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 15:55]

.

2011-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 15:55]

.

2011-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2537126677-2292340186-2005485673-1006Core.job

- c:\documents and settings\Da Chief\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 06:15]

.

2011-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2537126677-2292340186-2005485673-1006UA.job

- c:\documents and settings\Da Chief\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 06:15]

.

2011-08-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2537126677-2292340186-2005485673-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]

.

2011-08-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2537126677-2292340186-2005485673-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2645238

mSearch Bar =

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

TCP: DhcpNameServer = 208.67.222.222

DPF: DirectAnimation Java Classes

DPF: Microsoft XML Parser for Java

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-tray_ico - (no file)

HKLM-Run-tray_ico1 - (no file)

HKLM-Run-tray_ico2 - (no file)

HKLM-Run-tray_ico3 - (no file)

HKLM-Run-tray_ico4 - (no file)

MSConfigStartUp-7614684 - c:\windows\TEMP\7614684.exe

MSConfigStartUp-DIGServices - c:\program files\ESPNRunTime\DIGServices.exe

MSConfigStartUp-DIGStream - c:\program files\DIGStream\digstream.exe

MSConfigStartUp-netoe - c:\windows\system32\netoe.exe

MSConfigStartUp-SemanticInsight - c:\program files\RXToolBar\Semantic Insight\SemanticInsight.exe

MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

AddRemove-N360 - c:\program files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\7190B588\4.3.0.5\InstStub.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-08-02 19:43

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(732)

c:\windows\system32\l3codeca.acm

.

- - - - - - - > 'explorer.exe'(1424)

c:\windows\system32\WININET.dll

c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe

c:\windows\system32\nvsvc32.exe

c:\windows\System32\ScsiAccess.EXE

c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

.

**************************************************************************

.

Completion time: 2011-08-02 19:55:06 - machine was rebooted

ComboFix-quarantined-files.txt 2011-08-03 00:55

.

Pre-Run: 3,061,145,600 bytes free

Post-Run: 3,271,102,464 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /SOS /noexecute=AlwaysOff

.

- - End Of File - - CE33AF61DAF86E5E619A6E50D352EF11

DDS:

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Da Chief at 20:09:13 on 2011-08-02

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.466 [GMT -5:00]

.

AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\ScsiAccess.EXE

C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe

C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\SupportSoft\bin\bcont.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\Da Chief\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Da Chief\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2645238

mSearch Bar =

uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZone.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll

BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZone.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZone.dll

TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

EB: MoneySide: {9404901d-06da-4b23-a0ee-3ea4f64ec9b3} - c:\program files\microsoft money\system\mnyviewer.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden

uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [basicsmssmenu] "c:\program files\seagate\basics\basics status\MaxMenuMgrBasics.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

dRunOnce: [RealUpgradeHelper] "c:\program files\common files\real\update_ob\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

mPolicies-explorer: <NO NAME> =

mPolicies-system: EnableSecureUIAPaths = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}

DPF: DirectAnimation Java Classes

DPF: Microsoft XML Parser for Java

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1289663415859

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 208.67.222.222

TCP: Interfaces\{5CF3BE51-6AF6-44CB-BE3E-716AEACF4B28} : DhcpNameServer = 68.87.64.140

TCP: Interfaces\{A65E9A57-E5C3-406C-A1BF-D7848D03A58C} : DhcpNameServer = 68.87.64.196 68.87.66.196 68.42.44.6

TCP: Interfaces\{FACA92BF-8C92-4468-8385-3FC3AB1A456B} : DhcpNameServer = 208.67.222.222

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-11-8 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-11-8 173104]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-11-8 501888]

R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]

R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-2-15 26872]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-26 366640]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-26 22712]

S1 BHDrvx86;BHDrvx86;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20110701.001\bhdrvx86.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20110701.001\BHDrvx86.sys [?]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-11-8 116784]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-25 135664]

S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-2-15 488952]

S2 N360;Norton Security Suite;"c:\program files\norton security suite\engine\4.3.0.5\ccsvchst.exe" /s "n360" /m "c:\program files\norton security suite\engine\4.3.0.5\dimaster.dll" /prefetch:1 --> c:\program files\norton security suite\engine\4.3.0.5\ccSvcHst.exe [?]

S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\RUBotSrv.exe [2011-7-24 439632]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-15 105592]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2010-12-25 18560]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-25 135664]

S3 IDSxpx86;IDSxpx86;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20110722.031\idsxpx86.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20110722.031\IDSxpx86.sys [?]

S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [2010-12-25 33792]

S3 NAVENG;NAVENG;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110723.002\naveng.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110723.002\NAVENG.SYS [?]

S3 NAVEX15;NAVEX15;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110723.002\navex15.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110723.002\NAVEX15.SYS [?]

S3 RioS35;RioS35S driver;c:\windows\system32\drivers\RioS35.sys [2003-11-24 12661]

S3 Sunplus;Mega Camera Still Image Capture, Sunplus Version 1.00;c:\windows\system32\drivers\bulk504.sys --> c:\windows\system32\drivers\Bulk504.sys [?]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-7-24 532224]

S3 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2008-2-11 388936]

S4 252AC355;252AC355;c:\windows\system32\503b02b6.exe -k --> c:\windows\system32\503B02B6.EXE -k [?]

.

=============== Created Last 30 ================

.

2011-08-03 00:12:55 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys

2011-08-03 00:12:55 75264 ----a-w- c:\windows\system32\dllcache\ipsec.sys

2011-08-03 00:09:17 -------- d-sha-r- C:\cmdcons

2011-08-03 00:06:59 98816 ----a-w- c:\windows\sed.exe

2011-08-03 00:06:59 518144 ----a-w- c:\windows\SWREG.exe

2011-08-03 00:06:59 256000 ----a-w- c:\windows\PEV.exe

2011-08-03 00:06:59 208896 ----a-w- c:\windows\MBR.exe

2011-07-28 04:08:48 -------- d-----w- c:\program files\CCleaner

2011-07-28 03:48:00 388096 ----a-r- c:\documents and settings\da chief\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-07-27 01:23:26 -------- d-----w- c:\documents and settings\da chief\application data\Malwarebytes

2011-07-27 01:23:15 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-27 01:23:14 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-07-27 01:23:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-27 01:23:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-27 01:07:00 -------- d-----w- c:\windows\ufa

2011-07-25 02:22:30 -------- d-----w- C:\_OTM

2011-07-25 01:24:39 -------- d-----w- c:\documents and settings\da chief\application data\CheckPoint

2011-07-25 01:24:04 -------- d-----w- c:\program files\Conduit

2011-07-25 01:23:59 -------- d-----w- c:\documents and settings\da chief\local settings\application data\ZoneAlarm_Security

2011-07-25 01:23:58 -------- d-----w- c:\documents and settings\da chief\local settings\application data\Conduit

2011-07-25 01:23:56 -------- d-----w- c:\program files\ZoneAlarm_Security

2011-07-25 01:23:01 -------- d-----w- c:\program files\CheckPoint

2011-07-25 01:22:45 1238528 ----a-w- c:\windows\system32\zpeng25.dll

2011-07-25 01:22:45 -------- d-----w- c:\windows\system32\ZoneLabs

2011-07-25 01:22:42 -------- d-----w- c:\program files\Zone Labs

2011-07-24 20:17:20 -------- d-----w- c:\documents and settings\da chief\application data\WinPatrol

2011-07-24 20:17:03 -------- d-----w- c:\program files\BillP Studios

2011-07-24 20:17:02 -------- d-----w- c:\documents and settings\all users\application data\InstallMate

2011-07-24 19:36:38 -------- d-----w- c:\program files\Program

2011-07-24 19:14:36 56400 ----a-w- c:\windows\system32\drivers\tmrkb.sys

2011-07-24 19:14:36 -------- d-----w- c:\documents and settings\da chief\log

2011-07-24 19:13:02 -------- d-----w- c:\documents and settings\all users\application data\Trend Micro

2011-07-24 19:04:04 -------- d-----w- c:\program files\Trend Micro

2011-07-24 18:37:05 200464 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2011-07-24 18:29:39 246272 ----a-w- c:\windows\unrar.exe

2011-07-24 17:48:47 -------- d-----w- c:\windows\av_ico

2011-07-24 17:38:00 -------- d--h--w- c:\windows\update.tray-10-0-lnk

2011-07-24 17:38:00 -------- d--h--w- c:\windows\update.tray-10-0

.

==================== Find3M ====================

.

2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys

2005-05-21 15:16:00 125855 -c----w- c:\program files\SBC Self Support Tool

.

============= FINISH: 20:09:44.92 ===============

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Thanks for the continued help!

I ran the scanner and looks as though there were some infected files that could not be deleted. I posted the scanner log and the security check log, let me know what else I can do.

Here is the ESET log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=bc33789e5679ff4a9a25f1b6c46b189b

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-08-05 04:28:39

# local_time=2011-08-04 11:28:39 (-0600, Central Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 892792 892792 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# compatibility_mode=9217 16777214 75 66 35020 11164317 0 0

# scanned=94514

# found=30

# cleaned=18

# scan_time=4735

C:\Documents and Settings\Da Chief\Application Data\WinPatrol\HOSTS Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe Win32/Patched.HN trojan (error while cleaning) 00000000000000000000000000000000 I

C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe Win32/Patched.HN trojan (error while cleaning) 00000000000000000000000000000000 I

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe Win32/Patched.HN trojan (error while cleaning) 00000000000000000000000000000000 I

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE Win32/Patched.HN trojan (error while cleaning) 00000000000000000000000000000000 I

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE Win32/Patched.HN trojan (error while cleaning) 00000000000000000000000000000000 I

C:\Program Files\iPod\bin\iPodService.exe Win32/Patched.HN trojan (error while cleaning) 00000000000000000000000000000000 I

C:\Program Files\Java\jre6\bin\jqs.exe Win32/Patched.HN trojan (error while cleaning) 00000000000000000000000000000000 I

C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe Win32/Patched.HN trojan (error while cleaning) 00000000000000000000000000000000 I

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe Win32/Patched.HN trojan (error while cleaning) 00000000000000000000000000000000 I

C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Webroot\Washer\WasherSvc.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\l1rezerv.exe.vir Win32/TrojanDownloader.Delf.QSA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\services32.exe.vir a variant of Win32/Kryptik.QSI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\sysdriver32.exe.vir a variant of Win32/TrojanDownloader.Delf.QRH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\sysdriver32.exe100000.vir a variant of Win32/TrojanDownloader.Delf.QRH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\sysdriver32_.exe.vir a variant of Win32/TrojanDownloader.Delf.QRH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\systemup.exe.vir probably a variant of Win32/TrojanDownloader.Delf.QQI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\assembly\GAC_MSIL\desktop.ini.vir a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\wuauclt.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ipsec.sys.vir a variant of Win32/Sirefef.CO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\update.1\svchost.exe.vir a variant of Win32/Kryptik.QSI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\update.3\svchost.exe.vir a variant of Win32/TrojanDownloader.Delf.QRH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\SYSTEM32\nvsvc32.exe Win32/Patched.HN trojan (error while cleaning) 00000000000000000000000000000000 I

C:\WINDOWS\SYSTEM32\ScsiAccess.EXE Win32/Patched.HN trojan (error while cleaning) 00000000000000000000000000000000 I

C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\ufa\ufa.exe a variant of Win32/BitCoinMiner application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\update.tray-10-0\svchost.exe a variant of Win32/Kryptik.QSI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\update.tray-10-0-lnk\svchost.exe a variant of Win32/Kryptik.QSI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

${Memory} Win32/Patched.HN trojan 00000000000000000000000000000000 I

Here is the security check log:

Results of screen317's Security Check version 0.99.18

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

ESET Online Scanner v3

ZoneAlarm

ZoneAlarm Toolbar

Trend Micro RUBotted 2.0 Beta

```````````````````````````````

Anti-malware/Other Utilities Check:

Ad-Aware

Malwarebytes' Anti-Malware

CCleaner

Driver Cleaner 3

Java Web Start

Java 6 Update 26

Java 2 Runtime Environment, SE v1.4.1_02

Flash Player Out of Date!

Adobe Flash Player 10.1.102.64

````````````````````````````````

Process Check:

objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!

Ad-Aware AAWTray.exe is disabled!

WinPatrol winpatrol.exe

Malwarebytes' Anti-Malware mbamservice.exe

BillP Studios WinPatrol winpatrol.exe

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Looks like you have a file infector on board.

Are any programs not currently working?Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

Java Web Start

Java 2 Runtime Environment, SE v1.4.1_02

Adobe Flash Player 10.1.102.64

Restart your computer.

Get the latest version of Adobe Flash Player.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

I am having trouble with virus scan software but other programs seem to be less sluggish. I appreciate the help, let me know what else I can do.

I did a quick scan first, then full scan... here are the reports:

Scanning Report

Thursday, August 11, 2011 21:00:01 - 21:23:28

Computer name: DA_PC

Scanning type: Quick scan

Target: System

8 malware found

Trojan.Generic.6104246 (spyware)

System (Disinfected)

Trojan.Generic.6106632 (spyware)

System (Disinfected)

Application.Dialer.INF (spyware)

System (Not cleaned)

TrackingCookie.Webtrends (spyware)

System (Disinfected)

Trojan.Generic.6177083 (spyware)

System (Disinfected)

Trojan.Generic.6129073 (spyware)

System (Disinfected)

Trojan.Generic.1709709 (spyware)

System (Disinfected)

Trojan.Patched.HE (spyware)

System (Disinfected)

Statistics

Scanned:

Files: 6903

System: 6903

Not scanned: 0

Actions:

Disinfected: 7

Renamed: 0

Deleted: 0

Not cleaned: 1

Submitted: 0

Options

Scanning engines:

Full Scan Report:

Scanning Report

Friday, August 12, 2011 17:25:55 - 20:17:34

Computer name: DA_PC

Scanning type: Scan system for malware, spyware and rootkits

Target: C:\ H:\

1 malware found

Application.Dialer.INF (spyware)

System (Not cleaned)

Statistics

Scanned:

Files: 110049

System: 5038

Not scanned: 36

Actions:

Disinfected: 0

Renamed: 0

Deleted: 0

Not cleaned: 1

Submitted: 0

Files not scanned:

C:\HIBERFIL.SYS

C:\PAGEFILE.SYS

C:\WINDOWS\SYSTEM32\ZONELABS\VSMON.EXE

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

C:\WINDOWS\SYSTEM32\CONFIG\SAM

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

C:\WINDOWS\ASSEMBLY\GAC_MSIL\

C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE

C:\PROGRAM FILES\SEAGATE\BASICS\SERVICE\SYNCSERVICESBASICS.EXE

C:\PROGRAM FILES\PROGRAM\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE

C:\PROGRAM FILES\PROGRAM\NEW\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE

C:\PROGRAM FILES\PROGRAM\NEW2\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE

C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\MBAM.EXE

C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\FIREFOX.EXE

C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\ISWSVC.EXE

C:\DOCUMENTS AND SETTINGS\DA CHIEF\MY DOCUMENTS\DOWNLOADS\CWSHREDDER.EXE

C:\DOCUMENTS AND SETTINGS\DA CHIEF\MY DOCUMENTS\DOWNLOADS\OTM.EXE

C:\DOCUMENTS AND SETTINGS\DA CHIEF\LOCAL SETTINGS\TEMP\ETILQS_AKJEL09VBNSVXNF

C:\DOCUMENTS AND SETTINGS\DA CHIEF\LOCAL SETTINGS\TEMP\ETILQS_JEIT2ETSDJP2BPE

C:\DOCUMENTS AND SETTINGS\DA CHIEF\LOCAL SETTINGS\TEMP\TEMPORARY DIRECTORY 3 FOR ROOTKITBUSTER_3.60.1016.ZIP\ROOTKITBUSTER.EXE

C:\DOCUMENTS AND SETTINGS\DA CHIEF\LOCAL SETTINGS\TEMP\TEMPORARY DIRECTORY 5 FOR ROOTKITBUSTER_3.60.1016.ZIP\ROOTKITBUSTER.EXE

C:\DOCUMENTS AND SETTINGS\DA CHIEF\LOCAL SETTINGS\TEMP\TEMPORARY DIRECTORY 4 FOR ROOTKITBUSTER_3.60.1016.ZIP\ROOTKITBUSTER.EXE

C:\DOCUMENTS AND SETTINGS\DA CHIEF\LOCAL SETTINGS\TEMP\TEMPORARY DIRECTORY 1 FOR ROOTKITBUSTER_3.60.1016.ZIP\ROOTKITBUSTER.EXE

C:\DOCUMENTS AND SETTINGS\DA CHIEF\LOCAL SETTINGS\TEMP\TEMPORARY DIRECTORY 2 FOR ROOTKITBUSTER_3.60.1016.ZIP\ROOTKITBUSTER.EXE

C:\DOCUMENTS AND SETTINGS\DA CHIEF\LOCAL SETTINGS\TEMP\HSPERFDATA_DA CHIEF\1220

C:\DOCUMENTS AND SETTINGS\DA CHIEF\LOCAL SETTINGS\TEMP\HSPERFDATA_DA CHIEF\700

C:\DOCUMENTS AND SETTINGS\DA CHIEF\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\CURRENT TABS

C:\DOCUMENTS AND SETTINGS\DA CHIEF\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\CURRENT SESSION

C:\DOCUMENTS AND SETTINGS\DA CHIEF\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_2

C:\DOCUMENTS AND SETTINGS\DA CHIEF\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_1

C:\DOCUMENTS AND SETTINGS\DA CHIEF\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_0

C:\DOCUMENTS AND SETTINGS\DA CHIEF\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_3

C:\DOCUMENTS AND SETTINGS\DA CHIEF\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\INDEX

C:\DOCUMENTS AND SETTINGS\DA CHIEF\DESKTOP\0J9V3V06.EXE

Options

Scanning engines:

Scanning options:

Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR

Use advanced heuristics

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay. Not sure how I missed this topic.

Next, please run the PCPitstop Full Tests here (NOT the PCMatic scan or any other scan; simply register with the box on the left and you will be taken to the Full Tests/Overdrive Test). When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.

Link to post
Share on other sites

  • 3 weeks later...
  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.