Jump to content

Google redirect and outbound connections


Recommended Posts

Good evening!

For about a week I've been getting some (not all) of my google search results redirected to random other search sites, as well as pop-ups from Malware bytes that outbound connections have been blocked from different sites - one being 91.217.153.48 (if that matters). Also, Norton keeps notifying me that msrepl4032.dll (Trojan Horse) was detected by Auto-Protect - a file which I can't actually locate on the machine.

Malware bytes log is below. DDS log follows.

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7539

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

8/22/2011 9:36:30 PM

mbam-log-2011-08-22 (21-36-30).txt

Scan type: Quick scan

Objects scanned: 185605

Time elapsed: 5 minute(s), 54 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

DDS Text file

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_15

Run by robyn davidson at 21:38:49 on 2011-08-22

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.291 [GMT -4:00]

.

AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *Enabled*

.

============== Running Processes ===============

.

C:\windows\system32\Ati2evxx.exe

C:\windows\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\windows\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\windows\System32\WLTRYSVC.EXE

C:\windows\System32\bcmwltry.exe

C:\windows\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe

C:\windows\system32\sxs32.exe

C:\windows\System32\snmp.exe

svchost.exe

C:\windows\system32\rdpdd32.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\windows\system32\dllhost.exe

C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe

C:\windows\system32\Ati2evxx.exe

C:\windows\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\windows\system32\ctfmon.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP

uInternet Settings,ProxyOverride = <local>;*.local

BHO: {05e09440-59cd-4a2f-9724-ec650dca4a81} - c:\windows\system32\atikvmag32.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll

BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL

BHO: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - c:\program files\freecordertoolbar\vmntemplateX.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll

TB: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - c:\program files\freecordertoolbar\vmntemplateX.dll

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"

mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\docume~1\robynd~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\robynd~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184275358437

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{E0412ADD-FCAC-4E0C-98B9-B34B89AA163B} : DhcpNameServer = 192.168.0.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

AppInit_DLLs: c:\windows\system32\msrepl4032.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\robyn davidson\application data\mozilla\firefox\profiles\uy4h1i8q.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\coffplgn_2011_7_1_3\components\coFFPlgn.dll

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\ipsffplgn\components\IPSFFPl.dll

FF - plugin: c:\documents and settings\robyn davidson\application data\mozilla\firefox\profiles\uy4h1i8q.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07074039.dll

FF - plugin: c:\documents and settings\robyn davidson\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\documents and settings\robyn davidson\local settings\application data\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com

FF - Ext: XUL Cache: {7b996a84-fd25-413c-922c-d47fe6172bba} - %profile%\extensions\{7b996a84-fd25-413c-922c-d47fe6172bba}

FF - Ext: XUL Cache: {60ad7f0c-34ac-49cc-b8b9-7cc44d7976f6} - %profile%\extensions\{60ad7f0c-34ac-49cc-b8b9-7cc44d7976f6}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\IPSFFPlgn

FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\coFFPlgn_2011_7_1_3

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys [2011-5-28 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys [2011-5-28 744568]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20110812.001\BHDrvx86.sys [2011-8-15 815736]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys [2011-5-28 136312]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-2-13 366640]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 N360;Norton 360;c:\program files\norton 360\engine\5.1.0.29\ccSvcHst.exe [2011-5-28 130008]

R2 NtLmSsp32;NT LM Security Support Provider ;c:\windows\system32\sxs32.exe [2011-8-15 706560]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-28 105592]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20110819.030\IDSXpx86.sys [2011-8-21 355256]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-2-13 22712]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20110822.004\NAVENG.SYS [2011-8-22 86136]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20110822.004\NAVEX15.SYS [2011-8-22 1576312]

S3 CSVirtA;Cisco Systems SSL VPN Adapter;c:\windows\system32\drivers\csvirta.sys --> c:\windows\system32\drivers\CSVirtA.sys [?]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-2-13 41272]

S4 Tcpsic;Tcpsic;c:\windows\system32\drivers\DRVMCDB.SYS [2007-7-4 89264]

.

=============== Created Last 30 ================

.

2011-08-23 01:24:16 -------- d-----w- c:\documents and settings\robyn davidson\application data\vmntemplate

2011-08-23 00:01:47 0 ---ha-w- c:\documents and settings\robyn davidson\qbgnmtbsph.tmp

2011-08-22 23:13:57 98816 ----a-w- c:\windows\sed.exe

2011-08-22 23:13:57 518144 ----a-w- c:\windows\SWREG.exe

2011-08-22 23:13:57 256000 ----a-w- c:\windows\PEV.exe

2011-08-22 23:13:57 208896 ----a-w- c:\windows\MBR.exe

2011-08-18 00:06:04 -------- d-----w- c:\program files\iPod

2011-08-17 23:58:29 -------- d-----w- c:\program files\Bonjour

2011-08-17 22:43:49 -------- d-----w- C:\_OTM

2011-08-16 23:12:20 -------- d-----w- C:\N360_BACKUP

2011-08-16 02:51:43 706560 ----a-w- c:\windows\system32\rdpdd32.exe

2011-08-16 02:51:23 706560 ----a-w- c:\windows\system32\sxs32.exe

2011-08-16 02:51:06 328704 ----a-w- c:\windows\system32\atikvmag32.dll

.

==================== Find3M ====================

.

2011-08-11 23:11:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-12 15:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 15:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 15:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 15:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-05 22:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-05 22:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-05-28 18:22:07 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL

2011-05-28 18:22:07 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

.

============= FINISH: 21:39:46.60 ===============

Attach text file

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-06-23.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 6/22/2007 9:51:57 PM

System Uptime: 8/22/2011 9:21:26 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 0XD720

Processor: Genuine Intel® CPU T2400 @ 1.83GHz | Microprocessor | 988/133mhz

Processor: Genuine Intel® CPU T2400 @ 1.83GHz | Microprocessor | 988/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 54 GiB total, 2.891 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP617: 8/17/2011 10:50:05 PM - System Checkpoint

RP618: 8/21/2011 9:30:01 PM - Norton 360 Registry Clean

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Media Player

Adobe Reader 8.1.2

Adobe Shockwave Player

AIM 6

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft PhotoStudio 5.5

ATI - Software Uninstall Utility

ATI Catalyst Control Center

ATI Display Driver

Audacity 1.2.6

AudioShell 1.3.5

BeatScanner 1.41

Bonjour

Broadcom 440x 10/100 Integrated Controller

Canon Camera Access Library

Canon Camera Support Core Library

Canon Camera Window DC_DV 5 for ZoomBrowser EX

Canon Camera Window DC_DV 6 for ZoomBrowser EX

Canon Camera Window MC 6 for ZoomBrowser EX

Canon G.726 WMP-Decoder

Canon MovieEdit Task for ZoomBrowser EX

Canon MP Navigator 3.0

Canon MP160

Canon MP160 User Registration

Canon My Printer

Canon RAW Image Task for ZoomBrowser EX

Canon RemoteCapture Task for ZoomBrowser EX

Canon Utilities Easy-PhotoPrint

Canon Utilities EOS Utility

Canon Utilities PhotoStitch

Canon Utilities ZoomBrowser EX

Compatibility Pack for the 2007 Office system

Conexant HDA D110 MDC V.92 Modem

Dell ResourceCD

Dell Wireless WLAN Card

Easy-WebPrint

EasyZip

ERUNT 1.1j

Exact Audio Copy 0.95b4

Final Draft 6

Freecorder 5

Freecorder Toolbar

GearDrvs

GemMaster Mystic

GIMP 2.6.11

Google Chrome

Google Earth

High Definition Audio Driver Package - KB835221

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows XP (KB888795)

Hotfix for Windows XP (KB891593)

Hotfix for Windows XP (KB895961)

Hotfix for Windows XP (KB896256)

Hotfix for Windows XP (KB899337)

Hotfix for Windows XP (KB899510)

Hotfix for Windows XP (KB902841)

Hotfix for Windows XP (KB908673)

Hotfix for Windows XP (KB914440)

Hotfix for Windows XP (KB914642)

Hotfix for Windows XP (KB915865)

Hotfix for Windows XP (KB952287)

IKEA Home Planner

iTunes

J2SE Runtime Environment 5.0 Update 11

Java 6 Update 15

Java 6 Update 2

Java 6 Update 5

Java SE Runtime Environment 6 Update 1

Last.fm 1.5.4.27091

LG USB Modem driver

LimeWire 4.14.8

Malwarebytes' Anti-Malware version 1.51.1.1800

Microsoft .NET Framework 1.0 Hotfix (KB930494)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office XP Professional with FrontPage

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

mkw Audio Compression Toolkit

MobileMe Control Panel

Mozilla Firefox (3.6.17)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MusicBrainz Picard 0.7.2

Norton 360

Otto

PopCap Browser Plugin

PowerDVD 5.7

QuickTime

Roxio DLA

Roxio MyDVD LE

Roxio RecordNow Audio

Roxio RecordNow Copy

Roxio RecordNow Data

ScanSoft OmniPage SE 4.0

Security Update for CAPICOM (KB931906)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917537)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918118)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921503)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB924667)

Security Update for Windows XP (KB925902)

Security Update for Windows XP (KB926247)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB926436)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB927802)

Security Update for Windows XP (KB928255)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB929123)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB931784)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB933566)

Security Update for Windows XP (KB933729)

Security Update for Windows XP (KB935839)

Security Update for Windows XP (KB935840)

Security Update for Windows XP (KB936021)

Security Update for Windows XP (KB937894)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB938829)

Security Update for Windows XP (KB939373)

Security Update for Windows XP (KB941202)

Security Update for Windows XP (KB941568)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB941644)

Security Update for Windows XP (KB941693)

Security Update for Windows XP (KB942830)

Security Update for Windows XP (KB942831)

Security Update for Windows XP (KB943055)

Security Update for Windows XP (KB943460)

Security Update for Windows XP (KB943485)

Security Update for Windows XP (KB944653)

Security Update for Windows XP (KB945553)

Security Update for Windows XP (KB946026)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB948590)

Security Update for Windows XP (KB948881)

Security Update for Windows XP (KB950749)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Shareaza 2.3.1.0

SigmaTel Audio

Skype Toolbars

Skype™ 4.2

Sonic Encoders

Sonic Foundry Sound Forge 6.0d

Sonic Update Manager

Sound Blaster ADVANCED MB Drivers

Spybot - Search & Destroy

Symantec Technical Support Web Controls

tagtraum industries beaTunes 1.2.1

Unity Web Player

Update for Windows Media Player 10 (KB913800)

Update for Windows Media Player 10 (KB926251)

Update for Windows XP (KB894391)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB904942)

Update for Windows XP (KB908531)

Update for Windows XP (KB910437)

Update for Windows XP (KB911280)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB927891)

Update for Windows XP (KB930916)

Update for Windows XP (KB931836)

Update for Windows XP (KB932823-v3)

Update for Windows XP (KB933360)

Update for Windows XP (KB936357)

Update for Windows XP (KB938828)

Update for Windows XP (KB942763)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update Rollup 2 for Windows XP Media Center Edition 2005

Viewpoint Media Player

WebFldrs XP

WIDCOMM Bluetooth Software

Winamp (remove only)

Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Media Format Runtime

Windows Media Player Firefox Plugin

Windows XP Hotfix - KB839210

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB885855

Windows XP Hotfix - KB885884

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB891781

Windows XP Media Center Edition 2005 KB908250

Windows XP Service Pack 3

XPMedic

Xvid 1.1.3 final uninstall

.

==== Event Viewer Messages From Past Week ========

.

8/22/2011 9:23:53 PM, error: System Error [1003] - Error code 1000000a, parameter1 00000016, parameter2 0000001c, parameter3 00000000, parameter4 804fa246.

8/21/2011 8:42:45 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the N360 service.

8/21/2011 8:34:56 PM, error: Dhcp [1002] - The IP address lease 192.168.0.100 for the Network Card with network address 0016CF20913F has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

8/21/2011 10:25:15 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

8/17/2011 7:02:06 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).

8/17/2011 7:02:06 PM, error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s).

8/17/2011 6:43:53 PM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).

8/17/2011 6:43:52 PM, error: Service Control Manager [7034] - The World Wide Web Publishing service terminated unexpectedly. It has done this 1 time(s).

8/17/2011 6:43:52 PM, error: Service Control Manager [7034] - The Simple Mail Transfer Protocol (SMTP) service terminated unexpectedly. It has done this 1 time(s).

8/17/2011 6:43:52 PM, error: Service Control Manager [7034] - The Media Center Scheduler Service service terminated unexpectedly. It has done this 1 time(s).

8/17/2011 6:43:52 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

8/17/2011 6:43:52 PM, error: Service Control Manager [7034] - The Creative Labs Licensing Service service terminated unexpectedly. It has done this 1 time(s).

8/17/2011 6:43:52 PM, error: Service Control Manager [7031] - The Media Center Receiver Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

8/17/2011 6:43:52 PM, error: Service Control Manager [7031] - The IIS Admin service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1 milliseconds: Run the configured recovery program.

8/17/2011 6:43:51 PM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).

8/17/2011 6:43:51 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

8/17/2011 6:43:51 PM, error: Service Control Manager [7031] - The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

8/17/2011 6:43:51 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

8/17/2011 6:43:50 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).

8/16/2011 9:47:49 PM, error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.

8/16/2011 9:30:22 PM, error: Service Control Manager [7034] - The NT LM Security Support Provider service terminated unexpectedly. It has done this 6 time(s).

8/16/2011 7:36:42 PM, error: Service Control Manager [7034] - The NT LM Security Support Provider service terminated unexpectedly. It has done this 5 time(s).

8/16/2011 7:14:46 PM, error: Service Control Manager [7034] - The NT LM Security Support Provider service terminated unexpectedly. It has done this 4 time(s).

8/16/2011 7:03:27 PM, error: Service Control Manager [7034] - The NT LM Security Support Provider service terminated unexpectedly. It has done this 3 time(s).

8/16/2011 7:02:55 PM, error: Service Control Manager [7034] - The NT LM Security Support Provider service terminated unexpectedly. It has done this 2 time(s).

8/16/2011 7:02:46 PM, error: Service Control Manager [7034] - The NT LM Security Support Provider service terminated unexpectedly. It has done this 1 time(s).

8/15/2011 6:52:27 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

8/15/2011 6:48:15 AM, error: Dhcp [1002] - The IP address lease 192.168.1.124 for the Network Card with network address 0016CF20913F has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

.

==== End Of File ===========================

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7573

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

8/25/2011 11:51:37 PM

mbam-log-2011-08-25 (23-51-37).txt

Scan type: Quick scan

Objects scanned: 186536

Time elapsed: 8 minute(s), 29 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

ComboFix 11-08-25.05 - robyn davidson 08/26/2011 1:21.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.531 [GMT -4:00]

Running from: c:\documents and settings\robyn davidson\My Documents\My Downloads\ComboFix.exe

AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

* Created a new restore point

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\anyone else\Application Data\Mozilla\Firefox\Profiles\4islxgnf.default\extensions\{35c422f3-5093-4c02-8a49-d1af6d3b87cc}

c:\documents and settings\anyone else\Application Data\Mozilla\Firefox\Profiles\4islxgnf.default\extensions\{35c422f3-5093-4c02-8a49-d1af6d3b87cc}\chrome.manifest

c:\documents and settings\anyone else\Application Data\Mozilla\Firefox\Profiles\4islxgnf.default\extensions\{35c422f3-5093-4c02-8a49-d1af6d3b87cc}\chrome\xulcache.jar

c:\documents and settings\anyone else\Application Data\Mozilla\Firefox\Profiles\4islxgnf.default\extensions\{35c422f3-5093-4c02-8a49-d1af6d3b87cc}\defaults\preferences\xulcache.js

c:\documents and settings\anyone else\Application Data\Mozilla\Firefox\Profiles\4islxgnf.default\extensions\{35c422f3-5093-4c02-8a49-d1af6d3b87cc}\install.rdf

c:\documents and settings\anyone else\Application Data\Mozilla\Firefox\Profiles\4islxgnf.default\extensions\{4303cc2f-1d80-420e-96df-dfc2a1118d4e}

c:\documents and settings\anyone else\Application Data\Mozilla\Firefox\Profiles\4islxgnf.default\extensions\{4303cc2f-1d80-420e-96df-dfc2a1118d4e}\chrome.manifest

c:\documents and settings\anyone else\Application Data\Mozilla\Firefox\Profiles\4islxgnf.default\extensions\{4303cc2f-1d80-420e-96df-dfc2a1118d4e}\chrome\xulcache.jar

c:\documents and settings\anyone else\Application Data\Mozilla\Firefox\Profiles\4islxgnf.default\extensions\{4303cc2f-1d80-420e-96df-dfc2a1118d4e}\defaults\preferences\xulcache.js

c:\documents and settings\anyone else\Application Data\Mozilla\Firefox\Profiles\4islxgnf.default\extensions\{4303cc2f-1d80-420e-96df-dfc2a1118d4e}\install.rdf

c:\documents and settings\anyone else\Application Data\Mozilla\Firefox\Profiles\4islxgnf.default\extensions\{60ad7f0c-34ac-49cc-b8b9-7cc44d7976f6}

c:\documents and settings\anyone else\Application Data\Mozilla\Firefox\Profiles\4islxgnf.default\extensions\{60ad7f0c-34ac-49cc-b8b9-7cc44d7976f6}\chrome.manifest

c:\documents and settings\anyone else\Application Data\Mozilla\Firefox\Profiles\4islxgnf.default\extensions\{60ad7f0c-34ac-49cc-b8b9-7cc44d7976f6}\chrome\xulcache.jar

c:\documents and settings\anyone else\Application Data\Mozilla\Firefox\Profiles\4islxgnf.default\extensions\{60ad7f0c-34ac-49cc-b8b9-7cc44d7976f6}\defaults\preferences\xulcache.js

c:\documents and settings\anyone else\Application Data\Mozilla\Firefox\Profiles\4islxgnf.default\extensions\{60ad7f0c-34ac-49cc-b8b9-7cc44d7976f6}\install.rdf

c:\documents and settings\anyone else\Application Data\Mozilla\Firefox\Profiles\4islxgnf.default\extensions\{7b996a84-fd25-413c-922c-d47fe6172bba}

c:\documents and settings\anyone else\Application Data\Mozilla\Firefox\Profiles\4islxgnf.default\extensions\{7b996a84-fd25-413c-922c-d47fe6172bba}\chrome.manifest

c:\documents and settings\anyone else\Application Data\Mozilla\Firefox\Profiles\4islxgnf.default\extensions\{7b996a84-fd25-413c-922c-d47fe6172bba}\chrome\xulcache.jar

c:\documents and settings\anyone else\Application Data\Mozilla\Firefox\Profiles\4islxgnf.default\extensions\{7b996a84-fd25-413c-922c-d47fe6172bba}\defaults\preferences\xulcache.js

c:\documents and settings\anyone else\Application Data\Mozilla\Firefox\Profiles\4islxgnf.default\extensions\{7b996a84-fd25-413c-922c-d47fe6172bba}\install.rdf

c:\documents and settings\patrick\Application Data\Mozilla\Firefox\Profiles\9g0g61tc.default\extensions\{35c422f3-5093-4c02-8a49-d1af6d3b87cc}

c:\documents and settings\patrick\Application Data\Mozilla\Firefox\Profiles\9g0g61tc.default\extensions\{35c422f3-5093-4c02-8a49-d1af6d3b87cc}\chrome.manifest

c:\documents and settings\patrick\Application Data\Mozilla\Firefox\Profiles\9g0g61tc.default\extensions\{35c422f3-5093-4c02-8a49-d1af6d3b87cc}\chrome\xulcache.jar

c:\documents and settings\patrick\Application Data\Mozilla\Firefox\Profiles\9g0g61tc.default\extensions\{35c422f3-5093-4c02-8a49-d1af6d3b87cc}\defaults\preferences\xulcache.js

c:\documents and settings\patrick\Application Data\Mozilla\Firefox\Profiles\9g0g61tc.default\extensions\{35c422f3-5093-4c02-8a49-d1af6d3b87cc}\install.rdf

c:\documents and settings\patrick\Application Data\Mozilla\Firefox\Profiles\9g0g61tc.default\extensions\{4303cc2f-1d80-420e-96df-dfc2a1118d4e}

c:\documents and settings\patrick\Application Data\Mozilla\Firefox\Profiles\9g0g61tc.default\extensions\{4303cc2f-1d80-420e-96df-dfc2a1118d4e}\chrome.manifest

c:\documents and settings\patrick\Application Data\Mozilla\Firefox\Profiles\9g0g61tc.default\extensions\{4303cc2f-1d80-420e-96df-dfc2a1118d4e}\chrome\xulcache.jar

c:\documents and settings\patrick\Application Data\Mozilla\Firefox\Profiles\9g0g61tc.default\extensions\{4303cc2f-1d80-420e-96df-dfc2a1118d4e}\defaults\preferences\xulcache.js

c:\documents and settings\patrick\Application Data\Mozilla\Firefox\Profiles\9g0g61tc.default\extensions\{4303cc2f-1d80-420e-96df-dfc2a1118d4e}\install.rdf

c:\documents and settings\patrick\Application Data\Mozilla\Firefox\Profiles\9g0g61tc.default\extensions\{60ad7f0c-34ac-49cc-b8b9-7cc44d7976f6}

c:\documents and settings\patrick\Application Data\Mozilla\Firefox\Profiles\9g0g61tc.default\extensions\{60ad7f0c-34ac-49cc-b8b9-7cc44d7976f6}\chrome.manifest

c:\documents and settings\patrick\Application Data\Mozilla\Firefox\Profiles\9g0g61tc.default\extensions\{60ad7f0c-34ac-49cc-b8b9-7cc44d7976f6}\chrome\xulcache.jar

c:\documents and settings\patrick\Application Data\Mozilla\Firefox\Profiles\9g0g61tc.default\extensions\{60ad7f0c-34ac-49cc-b8b9-7cc44d7976f6}\defaults\preferences\xulcache.js

c:\documents and settings\patrick\Application Data\Mozilla\Firefox\Profiles\9g0g61tc.default\extensions\{60ad7f0c-34ac-49cc-b8b9-7cc44d7976f6}\install.rdf

c:\documents and settings\patrick\Application Data\Mozilla\Firefox\Profiles\9g0g61tc.default\extensions\{7b996a84-fd25-413c-922c-d47fe6172bba}

c:\documents and settings\patrick\Application Data\Mozilla\Firefox\Profiles\9g0g61tc.default\extensions\{7b996a84-fd25-413c-922c-d47fe6172bba}\chrome.manifest

c:\documents and settings\patrick\Application Data\Mozilla\Firefox\Profiles\9g0g61tc.default\extensions\{7b996a84-fd25-413c-922c-d47fe6172bba}\chrome\xulcache.jar

c:\documents and settings\patrick\Application Data\Mozilla\Firefox\Profiles\9g0g61tc.default\extensions\{7b996a84-fd25-413c-922c-d47fe6172bba}\defaults\preferences\xulcache.js

c:\documents and settings\patrick\Application Data\Mozilla\Firefox\Profiles\9g0g61tc.default\extensions\{7b996a84-fd25-413c-922c-d47fe6172bba}\install.rdf

c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\extensions\{35c422f3-5093-4c02-8a49-d1af6d3b87cc}

c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\extensions\{35c422f3-5093-4c02-8a49-d1af6d3b87cc}\chrome.manifest

c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\extensions\{35c422f3-5093-4c02-8a49-d1af6d3b87cc}\chrome\xulcache.jar

c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\extensions\{35c422f3-5093-4c02-8a49-d1af6d3b87cc}\defaults\preferences\xulcache.js

c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\extensions\{35c422f3-5093-4c02-8a49-d1af6d3b87cc}\install.rdf

c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\extensions\{4303cc2f-1d80-420e-96df-dfc2a1118d4e}

c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\extensions\{4303cc2f-1d80-420e-96df-dfc2a1118d4e}\chrome.manifest

c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\extensions\{4303cc2f-1d80-420e-96df-dfc2a1118d4e}\chrome\xulcache.jar

c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\extensions\{4303cc2f-1d80-420e-96df-dfc2a1118d4e}\defaults\preferences\xulcache.js

c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\extensions\{4303cc2f-1d80-420e-96df-dfc2a1118d4e}\install.rdf

c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\extensions\{60ad7f0c-34ac-49cc-b8b9-7cc44d7976f6}

c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\extensions\{60ad7f0c-34ac-49cc-b8b9-7cc44d7976f6}\chrome.manifest

c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\extensions\{60ad7f0c-34ac-49cc-b8b9-7cc44d7976f6}\chrome\xulcache.jar

c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\extensions\{60ad7f0c-34ac-49cc-b8b9-7cc44d7976f6}\defaults\preferences\xulcache.js

c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\extensions\{60ad7f0c-34ac-49cc-b8b9-7cc44d7976f6}\install.rdf

c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\extensions\{7b996a84-fd25-413c-922c-d47fe6172bba}

c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\extensions\{7b996a84-fd25-413c-922c-d47fe6172bba}\chrome.manifest

c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\extensions\{7b996a84-fd25-413c-922c-d47fe6172bba}\chrome\xulcache.jar

c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\extensions\{7b996a84-fd25-413c-922c-d47fe6172bba}\defaults\preferences\xulcache.js

c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\extensions\{7b996a84-fd25-413c-922c-d47fe6172bba}\install.rdf

c:\documents and settings\robyn davidson\qbgnmtbsph.tmp

.

.

((((((((((((((((((((((((( Files Created from 2011-07-26 to 2011-08-26 )))))))))))))))))))))))))))))))

.

.

2011-08-23 01:24 . 2011-08-23 01:24 -------- d-----w- c:\documents and settings\robyn davidson\Application Data\vmntemplate

2011-08-18 00:06 . 2011-08-18 00:06 -------- d-----w- c:\program files\iPod

2011-08-17 23:58 . 2011-08-17 23:58 -------- d-----w- c:\program files\Bonjour

2011-08-17 23:46 . 2011-08-17 23:46 -------- d-----w- c:\program files\Apple Software Update

2011-08-17 22:43 . 2011-08-17 22:43 -------- d-----w- C:\_OTM

2011-08-17 22:38 . 2011-08-17 22:39 -------- d-----w- c:\program files\ERUNT

2011-08-16 23:12 . 2011-08-16 23:12 -------- d-----w- C:\N360_BACKUP

2011-08-16 02:51 . 2011-08-16 02:50 706560 ----a-w- c:\windows\system32\rdpdd32.exe

2011-08-16 02:51 . 2011-08-16 02:50 706560 ----a-w- c:\windows\system32\sxs32.exe

2011-08-16 02:51 . 2011-08-16 02:51 328704 ----a-w- c:\windows\system32\atikvmag32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-11 23:11 . 2011-06-26 17:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 15:20 . 2011-07-12 15:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-06 23:52 . 2010-02-14 02:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 23:52 . 2010-02-14 02:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-05-28 18:22 . 2011-05-28 18:22 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL

2011-05-28 18:22 . 2011-05-28 18:22 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2009-04-01 02:47 . 2008-08-26 01:11 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-08-22_23.34.43 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-08-26 03:37 . 2011-08-26 03:37 16384 c:\windows\Temp\Perflib_Perfdata_d0.dat

+ 2011-08-26 03:37 . 2011-08-26 03:37 16384 c:\windows\Temp\Perflib_Perfdata_284.dat

+ 2011-08-26 03:39 . 2011-08-26 03:39 16384 c:\windows\Temp\Perflib_Perfdata_1a8.dat

+ 2007-06-23 03:38 . 2011-08-26 03:37 214755 c:\windows\system32\inetsrv\MetaBase.bin

+ 2011-08-26 03:39 . 2011-08-26 03:39 262144 c:\windows\ERDNT\AutoBackup\8-25-2011\Users\00000002\UsrClass.dat

+ 2011-08-26 03:39 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\8-25-2011\ERDNT.EXE

+ 2011-08-26 03:39 . 2011-08-26 03:39 9236480 c:\windows\ERDNT\AutoBackup\8-25-2011\Users\00000001\NTUSER.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05E09440-59CD-4A2F-9724-EC650DCA4A81}]

2011-08-16 02:51 328704 ----a-w- c:\windows\system32\atikvmag32.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]

2011-03-16 11:59 81920 ----a-w- c:\program files\freecordertoolbar\vmntemplateX.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}"= "c:\program files\freecordertoolbar\vmntemplateX.dll" [2011-03-16 81920]

.

[HKEY_CLASSES_ROOT\clsid\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-30 2356088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]

.

c:\documents and settings\robyn davidson\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-8-11 113664]

ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SymDS.sys [5/28/2011 2:21 PM 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SymEFA.sys [5/28/2011 2:21 PM 744568]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110812.001\BHDrvx86.sys [8/15/2011 8:17 PM 815736]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.sys [5/28/2011 2:21 PM 136312]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/13/2010 10:42 PM 366640]

R2 N360;Norton 360;c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [5/28/2011 2:21 PM 130008]

R2 NtLmSsp32;NT LM Security Support Provider ;c:\windows\system32\sxs32.exe [8/15/2011 10:51 PM 706560]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/28/2011 6:13 PM 105592]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110819.030\IDSXpx86.sys [8/21/2011 8:57 PM 355256]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/13/2010 10:42 PM 22712]

S3 CSVirtA;Cisco Systems SSL VPN Adapter;c:\windows\system32\DRIVERS\CSVirtA.sys --> c:\windows\system32\DRIVERS\CSVirtA.sys [?]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2/13/2010 10:42 PM 41272]

S4 Tcpsic;Tcpsic;c:\windows\system32\drivers\DRVMCDB.SYS [7/4/2007 1:41 PM 89264]

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-17 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2011-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-813497703-2146900839-1003Core.job

- c:\documents and settings\robyn davidson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-26 16:16]

.

2011-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-813497703-2146900839-1003UA.job

- c:\documents and settings\robyn davidson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-26 16:16]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\documents and settings\robyn davidson\Application Data\Mozilla\Firefox\Profiles\uy4h1i8q.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn

FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_1_3

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-08-26 01:34

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(912)

c:\windows\system32\Ati2evxx.dll

c:\windows\System32\BCMLogon.dll

.

Completion time: 2011-08-26 01:38:12

ComboFix-quarantined-files.txt 2011-08-26 05:37

ComboFix2.txt 2011-08-22 23:49

.

Pre-Run: 2,834,919,424 bytes free

Post-Run: 2,823,225,344 bytes free

.

- - End Of File - - 8C180A29BB2B3A3EF38A5E877B7D9F72

Link to post
Share on other sites

I'm sorry for the delay! I couldn't get DDS to run, for some reason and we had to evacuate for Irene.

My DDS logs are below.

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_15

Run by robyn davidson at 15:22:44 on 2011-08-28

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.190 [GMT -4:00]

.

AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *Enabled*

.

============== Running Processes ===============

.

C:\windows\system32\Ati2evxx.exe

C:\windows\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\windows\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\windows\System32\WLTRYSVC.EXE

C:\windows\System32\bcmwltry.exe

C:\windows\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe

C:\windows\system32\sxs32.exe

C:\windows\System32\snmp.exe

svchost.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\windows\system32\wuauclt.exe

C:\windows\system32\rdpdd32.exe

C:\windows\system32\dllhost.exe

C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe

C:\windows\system32\Ati2evxx.exe

C:\windows\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\windows\system32\msiexec.exe

C:\windows\system32\MsiExec.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP

uInternet Settings,ProxyOverride = <local>;*.local

BHO: {05e09440-59cd-4a2f-9724-ec650dca4a81} - c:\windows\system32\atikvmag32.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll

BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL

BHO: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - c:\program files\freecordertoolbar\vmntemplateX.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"

mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\docume~1\robynd~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\robynd~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184275358437

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{E0412ADD-FCAC-4E0C-98B9-B34B89AA163B} : DhcpNameServer = 192.168.0.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

.

================= FIREFOX ===================

.

FF - ProfilePath -

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys [2011-5-28 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys [2011-5-28 744568]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20110812.001\BHDrvx86.sys [2011-8-15 815736]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys [2011-5-28 136312]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-2-13 366640]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 N360;Norton 360;c:\program files\norton 360\engine\5.1.0.29\ccSvcHst.exe [2011-5-28 130008]

R2 NtLmSsp32;NT LM Security Support Provider ;c:\windows\system32\sxs32.exe [2011-8-15 706560]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-28 105592]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20110824.030\IDSXpx86.sys [2011-8-4 356280]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-2-13 22712]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20110825.032\NAVENG.SYS [2011-8-26 86136]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20110825.032\NAVEX15.SYS [2011-8-26 1576312]

S3 CSVirtA;Cisco Systems SSL VPN Adapter;c:\windows\system32\drivers\csvirta.sys --> c:\windows\system32\drivers\CSVirtA.sys [?]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-2-13 41272]

S4 Tcpsic;Tcpsic;c:\windows\system32\drivers\DRVMCDB.SYS [2007-7-4 89264]

.

=============== Created Last 30 ================

.

2011-08-26 05:43:45 0 ---ha-w- c:\documents and settings\robyn davidson\qbgnmtbsph.tmp

2011-08-23 02:06:05 -------- d-sha-r- C:\cmdcons

2011-08-23 02:05:49 -------- d-----w- c:\windows\setupupd

2011-08-23 02:01:09 -------- d-----w- c:\windows\setup.pss

2011-08-23 01:24:16 -------- d-----w- c:\documents and settings\robyn davidson\application data\vmntemplate

2011-08-22 23:13:57 98816 ----a-w- c:\windows\sed.exe

2011-08-22 23:13:57 518144 ----a-w- c:\windows\SWREG.exe

2011-08-22 23:13:57 256000 ----a-w- c:\windows\PEV.exe

2011-08-22 23:13:57 208896 ----a-w- c:\windows\MBR.exe

2011-08-18 00:06:04 -------- d-----w- c:\program files\iPod

2011-08-17 23:58:29 -------- d-----w- c:\program files\Bonjour

2011-08-17 22:43:49 -------- d-----w- C:\_OTM

2011-08-16 23:12:20 -------- d-----w- C:\N360_BACKUP

2011-08-16 02:51:43 706560 ----a-w- c:\windows\system32\rdpdd32.exe

2011-08-16 02:51:23 706560 ----a-w- c:\windows\system32\sxs32.exe

2011-08-16 02:51:06 328704 ----a-w- c:\windows\system32\atikvmag32.dll

.

==================== Find3M ====================

.

2011-08-11 23:11:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-12 15:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 15:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 15:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 15:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-05 22:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-05 22:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts

.

============= FINISH: 15:26:16.42 ===============

Link to post
Share on other sites

  • Staff

Hi,

Please download this file and save it as it's originally named, next to ComboFix.exe.

RC1-4.gif

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, it will ask you whether or not to continue with the malware scan. Select Yes, and post the resultant log.

-screen317

Link to post
Share on other sites

  • 3 weeks later...
  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.