Jump to content

Recommended Posts

my google chrome was acting up and I was wondering why so I looked on some google forum and they say that a folder called spigot was the problem sure enough in common files there the spigot folder was I tryed to delete it but it wouldn't delete so I deleted everything in the folder but this " searchsettings.exe " did not delete, so I tryed to become the amdin of the folder to delete it but then somehow the folder is now "creator owner" and the searchsettings.exe is gone but my google chrome is still messed up and everytime I try to take control of the folder I got an error. Can someone please help.

Link to post
Share on other sites

Hello brandonc! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

Before beginning, please follow the instructions in this thread: I'm infected - What do I do now? and when you are ready, post the log files.

Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_29

Run by Owner at 22:46:26 on 2011-11-15

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1282 [GMT -5:00]

.

AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Dwm.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\SMINST\BLService.exe

C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\FinePixViewer\QuickDCF2.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WksCal.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\LimeWire\LimeWire.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files\Common Files\Steam\SteamService.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WksCal.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WksCal.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WksCal.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WksCal.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WksCal.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WksCal.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WksCal.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WksCal.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://comcast.net/

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

uInternet Settings,ProxyOverride = searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;cf.netzero.net;qs.netzero.net;*.quicken.com;feed.untd.com;*.pogo.com;*.mail.yahoo.com;*.aolcdn.com;*.yimg.com;<local>;*.local

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\hypercam toolbar\tbhelper.dll

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

mURLSearchHooks: H - No File

BHO: MRI_DISABLED - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.6.0.29\ips\IPSBHO.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Xfinity.com Toolbar: {dcc70a83-e184-40a3-906b-779af5e941c4} - c:\program files\xfinitytb\xfinitydx.dll

BHO: Updater For Xfinity.com Toolbar 3.5: {e6d0b79e-ecac-411b-8bf6-7a574981af30} - c:\program files\xfinitytb\auxi\xfinityAu.dll

BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\hypercam toolbar\tbcore3.dll

TB: ZeroBar: {f0f8ecbe-d460-4b34-b007-56a92e8f84a7} - c:\program files\netzero\toolbar.dll

TB: Search Toolbar: {0c8413c1-fad1-446c-8584-be50576f863e} - c:\program files\search toolbar\tbcore3.dll

TB: HyperCam Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\hypercam toolbar\tbcore3.dll

TB: {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - No File

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll

TB: Xfinity.com Toolbar: {dcc70a83-e184-40a3-906b-779af5e941c4} - c:\program files\xfinitytb\xfinitydx.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [sidebar] "c:\program files\windows sidebar\Sidebar.exe" /autorun

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden

uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide

uRun: [steam] "c:\program files\steam\steam.exe" -silent

uRun: [Wisdom-soft ScreenHunter 5.1 Pro] 0

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [synTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"

mRun: [QlbCtrl.exe] "c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe" /Start

mRun: [TrayServer] "c:\program files\magix\movies on dvd 7\TrayServer.exe"

mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [igfxTray] "c:\windows\system32\igfxtray.exe"

mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"

mRun: [Persistence] "c:\windows\system32\igfxpers.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\owner\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe

StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\pmbmed~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF2.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exe

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Display All Images with Full Quality - c:\program files\netzero\qsacc\appres.dll/228

IE: Display Image with Full Quality - c:\program files\netzero\qsacc\appres.dll/227

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 68.87.64.150 68.87.75.198

TCP: Interfaces\{705F09E2-C31B-4BE5-B8FD-B98333A1B7F2} : DhcpNameServer = 68.87.64.150 68.87.75.198

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\p6imer7w.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2086743&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=382950&p=

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 7900

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\pricegong\2.1.0\ff\components\PriceGongFF.dll

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\ipsffplgn\components\IPSFFPl.dll

FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll

FF - component: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\p6imer7w.default\extensions\{7000b6ca-4388-4d95-893d-6659c2d4d1ce}\components\dtTransparency.dll

FF - component: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\p6imer7w.default\extensions\{7000b6ca-4388-4d95-893d-6659c2d4d1ce}\components\dtTransparency3.5.dll

FF - component: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\p6imer7w.default\extensions\{7000b6ca-4388-4d95-893d-6659c2d4d1ce}\components\dtTransparency3.6.dll

FF - plugin: c:\program files\funwebproducts\installr\4.bin\NPFUNWEB.DLL

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\nos\bin\np_gp.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\p6imer7w.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1206000.01d\symds.sys [2011-5-2 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1206000.01d\symefa.sys [2011-5-2 744568]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\bashdefs\20111114.002\BHDrvx86.sys [2011-11-14 819320]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\ipsdefs\20111115.030\IDSvix86.sys [2011-11-15 368248]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1206000.01d\ironx86.sys [2011-5-2 136312]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nav\1206000.01d\symtdiv.sys [2011-5-2 331384]

R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-12 366152]

R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.6.0.29\ccsvchst.exe [2011-5-2 130008]

R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-23 365952]

R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-23 193840]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-9 106104]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-12 22216]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]

S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe --> c:\program files\magix\common\database\bin\fbserver.exe [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-1-20 21504]

S3 UPnPService;UPnPService;c:\program files\common files\magix shared\upnpservice\UPnPService.exe [2010-2-20 544768]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-11-15 21:31:48 -------- d-----w- c:\users\owner\appdata\local\Apple Computer

2011-11-14 05:57:49 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll

2011-11-14 05:57:39 -------- d-----w- c:\program files\Microsoft XNA

2011-11-13 17:52:42 -------- d-sh--w- C:\AI_RecycleBin

2011-11-12 23:08:01 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes

2011-11-12 23:07:41 -------- d-----w- c:\programdata\Malwarebytes

2011-11-12 23:07:36 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-12 23:07:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-10 05:09:45 77312 ----a-w- c:\windows\system32\ztvunace26.dll

2011-11-10 05:09:45 75264 ----a-w- c:\windows\system32\unacev2.dll

2011-11-10 05:09:45 69632 ----a-w- c:\windows\system32\ztvcabinet.dll

2011-11-10 05:09:45 162304 ----a-w- c:\windows\system32\ztvunrar36.dll

2011-11-10 05:09:45 153088 ----a-w- c:\windows\system32\UNRAR3.dll

2011-11-08 22:01:41 -------- d-----w- c:\program files\Spigot Removal Tool

2011-11-08 21:00:12 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2011-11-08 21:00:08 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-08 21:00:06 707584 ----a-w- c:\program files\common files\system\wab32.dll

2011-11-08 06:59:16 -------- d-----w- c:\users\owner\appdata\local\Adobe

2011-11-07 22:44:29 -------- d-----w- c:\users\owner\appdata\local\Apple

2011-11-07 13:29:44 -------- d-----w- c:\users\owner\appdata\local\NPE

2011-11-03 23:51:24 -------- d-----w- c:\users\owner\appdata\roaming\Registry Mechanic

2011-11-02 11:42:11 -------- d-----w- c:\program files\common files\DivX Shared

2011-11-02 11:41:41 -------- d-----w- c:\program files\DivX

2011-11-02 11:40:53 -------- d-----w- c:\programdata\DivX

2011-11-01 09:12:33 -------- d-----w- c:\program files\common files\Spigot

2011-11-01 07:41:40 -------- d-----w- C:\Ace of Spades

2011-10-23 01:07:24 -------- d-----w- c:\program files\Lame For Audacity

2011-10-18 18:14:52 -------- d-----w- c:\program files\IrfanView

.

==================== Find3M ====================

.

2011-11-13 07:20:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-03 09:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-09-02 13:39:07 1383424 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-25 16:15:04 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2011-08-25 16:14:01 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-08-25 16:14:01 238080 ----a-w- c:\windows\system32\oleacc.dll

2011-08-25 13:31:01 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2009-05-05 01:08:23 2526208 ----a-w- c:\program files\FLV PlayerATBSetup.exe

.

============= FINISH: 22:48:11.25 ===============

Link to post
Share on other sites

sorry about that it

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 3/6/2009 10:17:46 PM

System Uptime: 11/15/2011 7:38:57 PM (3 hours ago)

.

Motherboard: Wistron | | 3612

Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz | CPU | 1200/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 287 GiB total, 71.104 GiB free.

D: is FIXED (NTFS) - 11 GiB total, 1.818 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft 6to4 Adapter

Device ID: ROOT\*6TO4MP\0001

Manufacturer: Microsoft

Name: Microsoft 6to4 Adapter #17

PNP Device ID: ROOT\*6TO4MP\0001

Service: tunnel

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft 6to4 Adapter

Device ID: ROOT\*6TO4MP\0003

Manufacturer: Microsoft

Name: Microsoft 6to4 Adapter #25

PNP Device ID: ROOT\*6TO4MP\0003

Service: tunnel

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft ISATAP Adapter

Device ID: ROOT\*ISATAP\0000

Manufacturer: Microsoft

Name: Microsoft ISATAP Adapter #2

PNP Device ID: ROOT\*ISATAP\0000

Service: tunnel

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft ISATAP Adapter

Device ID: ROOT\*ISATAP\0008

Manufacturer: Microsoft

Name: Microsoft ISATAP Adapter #117

PNP Device ID: ROOT\*ISATAP\0008

Service: tunnel

.

==== System Restore Points ===================

.

RP450: 11/1/2011 3:39:48 AM - Installed Ace of Spades

RP451: 11/7/2011 5:20:18 PM - Removed IObit Toolbar v4.7.

RP452: 11/7/2011 5:22:17 PM - Removed IObit Toolbar v4.7.

RP453: 11/9/2011 7:56:51 AM - Windows Update

RP454: 11/11/2011 2:29:01 PM - Windows Update

RP455: 11/11/2011 5:56:25 PM - Removed InstallIQ Updater

RP456: 11/13/2011 12:46:06 PM - Removed Ask Toolbar.

RP457: 11/13/2011 12:51:20 PM - Removed InstallIQ Updater

RP458: 11/14/2011 12:56:32 AM - Installed Microsoft XNA Framework Redistributable 4.0

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Ace of Spades

Acoustica Effects Pack

Acoustica Mixcraft 5

Activation Assistant for the 2007 Microsoft Office suites

Active@ DVD Eraser v 1.1

ActiveCheck component for HP Active Support Library

Adobe After Effects CS4

Adobe After Effects CS4 Presets

Adobe After Effects CS4 Third Party Content

Adobe AIR

Adobe Anchor Service CS3

Adobe Anchor Service CS4

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge CS4

Adobe Bridge Start Meeting

Adobe Camera Raw 4.0

Adobe CMaps CS4

Adobe Color - Photoshop Specific

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Color Video Profiles AE CS4

Adobe Community Help

Adobe Default Language CS4

Adobe Device Central CS3

Adobe Device Central CS4

Adobe Download Assistant

Adobe Download Manager

Adobe Dynamiclink Support

Adobe ExtendScript Toolkit 2

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Linguistics CS3

Adobe Media Encoder CS4

Adobe Media Encoder CS4 Additional Exporter

Adobe Media Encoder CS4 Exporter

Adobe Media Encoder CS4 Importer

Adobe Media Player

Adobe MotionPicture Color Files CS4

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Photoshop CS3

Adobe Reader X

Adobe Setup

Adobe Shockwave Player

Adobe Shockwave Player 11.6

Adobe Stock Photos CS3

Adobe Type Support CS4

Adobe Update Manager CS3

Adobe Update Manager CS4

Adobe Version Cue CS3 Client

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS3

Adobe XMP Panels CS4

AdobeColorCommonSetRGB

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Applian FLV Player

ASIO4ALL

Atheros Driver Installation Program

Audacity 1.3.13 (Unicode)

AVS Update Manager 1.0

AVS YouTube Uploader version 2.1

AVS4YOU Software Navigator 1.4

BitLord 1.2

Blender

Bonjour

CA Pest Patrol Realtime Protection

Camera Driver

Camtasia Studio 7

CCScore

CineCode

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Comcast Desktop Software (v1.2.0.9)

Compatibility Pack for the 2007 Office system

Conduit Engine

Conexant HD Audio

CyberLink DVD Suite

CyberLink YouCam

D3DX10

DebugMode PluginPac (remove only)

Desktop Doctor

DivX Setup

Dropbox

Drumaxx

DVDVideoSoft Toolbar

EPSON Scan

EPSON WorkForce 500 Series Printer Uninstall

ESSBrwr

ESSCDBK

ESScore

ESSgui

ESSini

ESSPCD

ESSPDock

ESSSONIC

ESSTOOLS

essvatgt

ESU for Microsoft Vista

fflink

FinePix Studio

FinePixViewer Resource

FinePixViewer Ver.5.5

Firebird SQL Server - MAGIX Edition

FL Studio 10

Fraps (remove only)

Free Studio version 4.3

Free Video Dub version 1.5

FrostWire 5.1.5

FXhome EffectsLab Pro (remove only)

Game Cam 2.6.1.0

GIMP 2.6.11

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Hardcore

HDAUDIO Soft Data Fax Modem with SmartCP

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Active Support Library

HP Customer Experience Enhancements

HP Doc Viewer

HP DVD Play 3.7

HP Help and Support

HP Quick Launch Buttons 6.40 H2

HP Update

HP User Guides 0118

HP Wireless Assistant

HPAsset component for HP Active Support Library

HPNetworkAssistant

HPTCSSetup

HyperCam 2

HyperCam Toolbar

HyperSnap 6

IL Download Manager

Intel® Graphics Media Accelerator Driver

iTunes

jahPlayer

Java Auto Updater

Java 6 Update 29

Java 6 Update 7

kgcbaby

kgcbase

kgchday

kgchlwn

kgcinvt

kgckids

kgcmove

kgcvday

Kodak EasyShare software

LabelPrint

LAME v3.98.3 for Audacity

LightScribe System Software 1.14.17.1

LimeWire 4.18.8

Magic DVD Ripper V5.5.0

MAGIX Goya burnR 1.3.1.3 (US)

MAGIX Movies on DVD 7 7.0.3.0 (US)

MAGIX Photo Manager 8 6.0.1.466 (US)

MAGIX Screenshare 4.3.6.1987 (US)

Malwarebytes' Anti-Malware version 1.51.2.1300

McAfee Security Scan Plus

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Live Search Toolbar

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel MUI (English) 2007

Microsoft Office FrontPage 2003

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Microsoft Works 2000

Microsoft Xbox 360 Accessories 1.2

Microsoft XNA Framework Redistributable 4.0

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

Mozilla Firefox (3.6.13)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 and SOAP Toolkit 3.0

msxml4

Mufin MusicFinder Base 1.5.3.247 (UK)

netbrdg

NetZero

NewBlue 3D Transformations for Vegas

Norton AntiVirus

Norton Internet Security

Norton Security Scan

OfotoXMI

OGA Notifier 2.0.0048.0

OpenLibraries

Paint.NET v3.5.10

PDF Settings

Photoshop Camera Raw

Pixel Bender Toolkit

Pixillion Image Converter

PoiZone

Power2Go

PowerDirector

PriceGong 2.1.0

Primo

Project64 1.6

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek 8169 8168 8101E 8102E Ethernet Driver

Realtek USB 2.0 Card Reader

RealUpgrade 1.1

RGSS-RTP Standard

RollerCoaster Tycoon

RPGXP

Runtime

Sakura

SAMSUNG Video Codec 1.2.5009

Sawer

Search Toolbar

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553074)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft Office Excel 2007 (KB2553073)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2535818)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Segoe UI

SFR

SHASTA

skin0001

SKINXSDK

Solace - February 2011

Sony Picture Utility

staticcr

Steam

Suite Shared Configuration CS4

swMSM

Synaptics Pointing Device Driver

tooltips

Toxic Biohazard

Uninstall 1.0.0.1

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VC80CRTRedist - 8.0.50727.6195

Vegas Movie Studio HD 9.0

Vegas Pro 9.0

VideoLAN VLC media player 0.8.6f

VideoPad Video Editor

VPRINTOL

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinRAR archiver

WIRELESS

Xfinity.com Toolbar 3.5

Yahoo! Detect

.

==== Event Viewer Messages From Past Week ========

.

11/9/2011 8:25:55 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.

11/15/2011 4:25:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NAV service.

11/15/2011 4:24:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

11/15/2011 3:17:54 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

11/15/2011 3:15:47 PM, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction Coordinator service hung on starting.

11/15/2011 3:13:15 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.

11/15/2011 3:09:24 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

11/15/2011 3:09:24 PM, Error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: The system cannot find the path specified.

11/14/2011 8:13:10 AM, Error: Service Control Manager [7010] - A timeout (30000 milliseconds) was reached while waiting for ReadFile.

11/14/2011 2:48:42 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.

11/13/2011 3:36:46 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

11/13/2011 3:36:46 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/12/2011 8:54:03 PM, Error: EventLog [6008] - The previous system shutdown at 8:16:30 PM on 11/12/2011 was unexpected.

11/12/2011 3:15:37 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Com4QLBEx service to connect.

11/12/2011 3:15:37 PM, Error: Service Control Manager [7000] - The Com4QLBEx service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/12/2011 3:15:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service Com4QLBEx with arguments "" in order to run the server: {DB536E5D-10F7-4B34-B443-140161048E2E}

11/12/2011 10:07:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

11/11/2011 8:43:04 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.

11/11/2011 8:43:04 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/11/2011 8:42:33 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

11/11/2011 8:42:33 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/11/2011 8:39:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.

11/11/2011 8:39:24 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/11/2011 8:30:18 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

11/11/2011 8:30:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

11/11/2011 8:30:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

11/11/2011 8:29:40 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 DfsC eeCtrl IDSVix86 NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr SRTSP SRTSPX SymIRON SYMTDIv tdx Wanarpv6

11/11/2011 8:29:40 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

11/11/2011 8:29:40 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

11/11/2011 8:29:40 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.

11/11/2011 8:29:40 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

11/11/2011 8:29:40 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

11/11/2011 8:29:40 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

11/11/2011 8:29:40 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

11/11/2011 8:29:40 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.

11/11/2011 8:29:40 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

11/11/2011 8:29:40 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

11/11/2011 8:29:40 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/11/2011 8:29:40 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

11/11/2011 8:29:40 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

11/11/2011 8:29:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

11/11/2011 8:29:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

11/11/2011 8:29:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

11/11/2011 8:28:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

11/11/2011 8:28:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

11/11/2011 8:28:30 PM, Error: EventLog [6008] - The previous system shutdown at 8:25:41 PM on 11/11/2011 was unexpected.

11/10/2011 3:36:18 PM, Error: EventLog [6008] - The previous system shutdown at 3:34:09 PM on 11/10/2011 was unexpected.

11/10/2011 3:07:46 PM, Error: EventLog [6008] - The previous system shutdown at 5:54:42 AM on 11/10/2011 was unexpected.

.

==== End Of File ===========================

Link to post
Share on other sites

That is my point. ;)

Step 1

You have two installed and active antivirus programs on your system.

Two antivirus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. Please remove one of them. I suggest you to uninstall Norton Internet Security and Norton Security Scan.

Step 2

You have p2p software installed on your system, which is very dangerous and illegal. Please check our rules for piracy and uninstall FrostWire 5.1.5

and LimeWire 4.18.8:

http://forums.malwarebytes.org/index.php?showtopic=97700

Step 3

Please uninstall the following applications:

DVDVideoSoft Toolbar

HyperCam Toolbar

Search Toolbar

PriceGong 2.1.0

Search Toolbar

Xfinity.com Toolbar 3.5

Step 4

Please follow the instructions here to download and run the ComboFix tool:

bleepingcomputer.com/combofix/how-to-use-combofix#use

Post the log.txt when you are ready.

Link to post
Share on other sites

ComboFix 11-11-19.04 - Owner 11/19/2011 22:37:54.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1815 [GMT -5:00]

Running from: c:\users\Owner\Desktop\ComboFix.exe

AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_COMSysApp

.

.

((((((((((((((((((((((((( Files Created from 2011-10-20 to 2011-11-20 )))))))))))))))))))))))))))))))

.

.

2011-11-19 16:49 . 2011-11-19 16:49 -------- d-----w- C:\Ace of Spades

2011-11-15 21:31 . 2011-11-17 19:09 -------- d-----w- c:\users\Owner\AppData\Local\Apple Computer

2011-11-14 05:57 . 2007-03-12 21:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll

2011-11-14 05:57 . 2011-11-14 05:57 -------- d-----w- c:\program files\Microsoft XNA

2011-11-13 17:52 . 2011-11-13 17:52 -------- d-----w- C:\AI_RecycleBin

2011-11-12 23:08 . 2011-11-12 23:08 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes

2011-11-12 23:07 . 2011-11-12 23:07 -------- d-----w- c:\programdata\Malwarebytes

2011-11-12 23:07 . 2011-11-12 23:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-12 23:07 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-08 22:01 . 2011-11-13 17:58 -------- d-----w- c:\program files\Spigot Removal Tool

2011-11-08 21:00 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-11-08 21:00 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-08 21:00 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll

2011-11-08 06:59 . 2011-11-08 07:14 -------- d-----w- c:\users\Owner\AppData\Local\Adobe

2011-11-07 22:44 . 2011-11-07 22:44 -------- d-----w- c:\users\Owner\AppData\Local\Apple

2011-11-07 13:29 . 2011-11-07 13:32 -------- d-----w- c:\users\Owner\AppData\Local\NPE

2011-11-03 23:51 . 2011-11-03 23:51 -------- d-----w- c:\users\Owner\AppData\Roaming\Registry Mechanic

2011-11-02 11:43 . 2011-11-02 12:06 -------- d-----w- c:\users\Owner\AppData\Roaming\DivX

2011-11-02 11:42 . 2011-11-03 08:17 -------- d-----w- c:\program files\Common Files\DivX Shared

2011-11-02 11:41 . 2011-11-03 08:17 -------- d-----w- c:\program files\DivX

2011-11-02 11:40 . 2011-11-03 08:18 -------- d-----w- c:\programdata\DivX

2011-11-01 09:12 . 2011-11-07 22:22 -------- d-----w- c:\program files\Common Files\Spigot

2011-10-23 01:07 . 2011-10-23 01:07 -------- d-----w- c:\program files\Lame For Audacity

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-13 07:20 . 2011-06-08 04:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-03 09:06 . 2011-08-22 00:30 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-06 13:30 . 2011-10-12 17:05 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-09-02 13:39 . 2011-10-12 17:02 1383424 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-25 16:15 . 2011-10-12 17:04 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2011-08-25 16:14 . 2011-10-12 17:04 238080 ----a-w- c:\windows\system32\oleacc.dll

2011-08-25 16:14 . 2011-10-12 17:03 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-08-25 13:31 . 2011-10-12 17:03 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2009-05-05 01:08 . 2009-05-05 00:50 2526208 ----a-w- c:\program files\FLV PlayerATBSetup.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2010-09-12 20:02 3863136 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dcc70a83-e184-40a3-906b-779af5e941c4}]

2010-11-11 18:55 87512 ----a-w- c:\program files\xfinitytb\xfinitydx.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e6d0b79e-ecac-411b-8bf6-7a574981af30}]

2010-12-22 14:31 265176 ----a-w- c:\program files\xfinitytb\auxi\xfinityAu.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136]

"{dcc70a83-e184-40a3-906b-779af5e941c4}"= "c:\program files\xfinitytb\xfinitydx.dll" [2010-11-11 87512]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CLASSES_ROOT\clsid\{dcc70a83-e184-40a3-906b-779af5e941c4}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Wisdom-soft ScreenHunter 5.1 Pro"="0" [X]

"Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2009-04-11 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]

"ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]

"Steam"="c:\program files\Steam\steam.exe" [2011-08-02 1242448]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]

"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-03-26 273544]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-05 421160]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]

.

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-12-25 333088]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2010-4-5 303104]

Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-5-10 282624]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [1999-9-4 53317]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2010-08-26 00:45 171032 ----a-w- c:\windows\System32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]

2008-10-09 14:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-05-08 23:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]

2008-04-15 21:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2010-08-26 00:45 136216 ----a-w- c:\windows\System32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2010-08-26 00:45 170520 ----a-w- c:\windows\System32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]

2008-09-24 01:21 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2008-06-10 11:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]

2007-12-24 23:55 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]

2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]

2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]

2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]

2008-10-07 03:42 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664]

R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2008-01-21 21504]

R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1206000.01D\SYMDS.SYS [2011-01-27 340088]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1206000.01D\SYMEFA.SYS [2011-03-15 744568]

S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20111114.002\BHDrvx86.sys [2011-11-14 819320]

S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20111118.030\IDSvix86.sys [2011-08-23 368248]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1206000.01D\Ironx86.SYS [2011-01-27 136312]

S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NAV\1206000.01D\SYMTDIV.SYS [2011-03-22 331384]

S2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]

S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 106104]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 23:13]

.

2011-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 23:13]

.

2011-10-29 c:\windows\Tasks\HPCeeScheduleForOwner.job

- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-23 18:34]

.

2011-11-18 c:\windows\Tasks\Norton Security Scan for Owner.job

- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-11-14 05:23]

.

2010-12-17 c:\windows\Tasks\User_Feed_Synchronization-{D835682B-12B4-47BB-AEBF-3AF9D9D2CD6B}.job

- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://comcast.net/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

uInternet Settings,ProxyOverride = searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;cf.netzero.net;qs.netzero.net;*.quicken.com;feed.untd.com;*.pogo.com;*.mail.yahoo.com;*.aolcdn.com;*.yimg.com;<local>;*.local

IE: Display All Images with Full Quality - c:\program files\NetZero\qsacc\appres.dll/228

IE: Display Image with Full Quality - c:\program files\NetZero\qsacc\appres.dll/227

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

TCP: DhcpNameServer = 68.87.64.150 68.87.75.198

FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\p6imer7w.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2086743&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=382950&p=

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 7900

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - (no file)

URLSearchHooks-{dd02a4eb-4afd-4d60-99d8-e67f964ca813} - (no file)

Toolbar-{dd02a4eb-4afd-4d60-99d8-e67f964ca813} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{DD02A4EB-4AFD-4D60-99D8-E67F964CA813} - (no file)

HKLM-Run-TrayServer - c:\program files\MAGIX\Movies on DVD 7\TrayServer.exe

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe

AddRemove-Firebird SQL Server US - c:\program files\MAGIX\Common\Database\unwise.exe

AddRemove-MAGIX Goya burnR US - c:\program files\MAGIX\Goya_burnR\unwise.exe

AddRemove-MAGIX Movies on DVD 7 US - c:\program files\MAGIX\Movies on DVD 7\unwise.exe

AddRemove-MAGIX Photo Manager 8 US - c:\program files\MAGIX\Photo_Manager_8\unwise.exe

AddRemove-MAGIX Screenshare US - c:\program files\MAGIX\PCVisit\unwise.exe

AddRemove-Mufin MusicFinder Base UK - c:\program files\MAGIX\Mufin MusicFinder\unwise.exe

.

.

.

**************************************************************************

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files:

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NAV]

"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(660)

c:\program files\CA\PPRT\bin\CACheck.dll

c:\program files\CA\PPRT\bin\CAHook.dll

c:\program files\CA\PPRT\bin\CAServer.dll

.

- - - - - - - > 'Explorer.exe'(2420)

c:\program files\CA\PPRT\bin\CACheck.dll

c:\program files\CA\PPRT\bin\CAHook.dll

c:\program files\CA\PPRT\bin\CAServer.dll

c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\WLANExt.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\CA\PPRT\bin\ITMRTSVC.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\CyberLink\Shared files\RichVideo.exe

c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\system32\DllHost.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe

c:\windows\system32\RacAgent.exe

.

**************************************************************************

.

Completion time: 2011-11-19 23:32:21 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-20 04:29

.

Pre-Run: 91,060,277,248 bytes free

Post-Run: 92,045,037,568 bytes free

.

- - End Of File - - 04F1FC709AD99DFE9FE44DEAAAC056C2

Link to post
Share on other sites

Update for Microsoft Office 2007 (KB2508958)

Ace of Spades

Acoustica Effects Pack

Acoustica Mixcraft 5

Activation Assistant for the 2007 Microsoft Office suites

Active@ DVD Eraser v 1.1

ActiveCheck component for HP Active Support Library

Adobe After Effects CS4

Adobe After Effects CS4 Presets

Adobe After Effects CS4 Third Party Content

Adobe AIR

Adobe Anchor Service CS3

Adobe Anchor Service CS4

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge CS4

Adobe Bridge Start Meeting

Adobe Camera Raw 4.0

Adobe CMaps CS4

Adobe Color - Photoshop Specific

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Color Video Profiles AE CS4

Adobe Community Help

Adobe Default Language CS4

Adobe Device Central CS3

Adobe Device Central CS4

Adobe Download Assistant

Adobe Download Manager

Adobe Dynamiclink Support

Adobe ExtendScript Toolkit 2

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Linguistics CS3

Adobe Media Encoder CS4

Adobe Media Encoder CS4 Additional Exporter

Adobe Media Encoder CS4 Exporter

Adobe Media Encoder CS4 Importer

Adobe Media Player

Adobe MotionPicture Color Files CS4

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Photoshop CS3

Adobe Reader X

Adobe Setup

Adobe Shockwave Player

Adobe Shockwave Player 11.6

Adobe Stock Photos CS3

Adobe Type Support CS4

Adobe Update Manager CS3

Adobe Update Manager CS4

Adobe Version Cue CS3 Client

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS3

Adobe XMP Panels CS4

AdobeColorCommonSetRGB

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Applian FLV Player

ASIO4ALL

Atheros Driver Installation Program

Audacity 1.3.13 (Unicode)

AVS Update Manager 1.0

AVS YouTube Uploader version 2.1

AVS4YOU Software Navigator 1.4

BitLord 1.2

Blender

Bonjour

CA Pest Patrol Realtime Protection

Camera Driver

Camtasia Studio 7

CCScore

CineCode

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Comcast Desktop Software (v1.2.0.9)

Compatibility Pack for the 2007 Office system

Conduit Engine

Conexant HD Audio

CyberLink DVD Suite

CyberLink YouCam

D3DX10

DebugMode PluginPac (remove only)

Desktop Doctor

DivX Setup

Dropbox

Drumaxx

DVDVideoSoft Toolbar

EPSON Scan

EPSON WorkForce 500 Series Printer Uninstall

ESSBrwr

ESSCDBK

ESScore

ESSgui

ESSini

ESSPCD

ESSPDock

ESSSONIC

ESSTOOLS

essvatgt

ESU for Microsoft Vista

fflink

FinePix Studio

FinePixViewer Resource

FinePixViewer Ver.5.5

Firebird SQL Server - MAGIX Edition

FL Studio 10

Fraps (remove only)

Free Studio version 4.3

Free Video Dub version 1.5

FXhome EffectsLab Pro (remove only)

Game Cam 2.6.1.0

GIMP 2.6.11

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Hardcore

HDAUDIO Soft Data Fax Modem with SmartCP

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Active Support Library

HP Customer Experience Enhancements

HP Doc Viewer

HP DVD Play 3.7

HP Help and Support

HP Quick Launch Buttons 6.40 H2

HP Update

HP User Guides 0118

HP Wireless Assistant

HPAsset component for HP Active Support Library

HPNetworkAssistant

HPTCSSetup

HyperCam 2

HyperSnap 6

IL Download Manager

Intel® Graphics Media Accelerator Driver

iTunes

jahPlayer

Java Auto Updater

Java 6 Update 29

Java 6 Update 7

kgcbaby

kgcbase

kgchday

kgchlwn

kgcinvt

kgckids

kgcmove

kgcvday

Kodak EasyShare software

LabelPrint

LAME v3.98.3 for Audacity

LightScribe System Software 1.14.17.1

Magic DVD Ripper V5.5.0

MAGIX Goya burnR 1.3.1.3 (US)

MAGIX Movies on DVD 7 7.0.3.0 (US)

MAGIX Photo Manager 8 6.0.1.466 (US)

MAGIX Screenshare 4.3.6.1987 (US)

Malwarebytes' Anti-Malware version 1.51.2.1300

McAfee Security Scan Plus

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Live Search Toolbar

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel MUI (English) 2007

Microsoft Office FrontPage 2003

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Microsoft Works 2000

Microsoft Xbox 360 Accessories 1.2

Microsoft XNA Framework Redistributable 4.0

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

Mozilla Firefox (3.6.13)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 and SOAP Toolkit 3.0

msxml4

Mufin MusicFinder Base 1.5.3.247 (UK)

netbrdg

NetZero

NewBlue 3D Transformations for Vegas

Norton AntiVirus

Norton Internet Security

Norton Security Scan

OfotoXMI

OGA Notifier 2.0.0048.0

OpenLibraries

Paint.NET v3.5.10

PDF Settings

Photoshop Camera Raw

Pixel Bender Toolkit

Pixillion Image Converter

PoiZone

Power2Go

PowerDirector

Primo

Project64 1.6

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek 8169 8168 8101E 8102E Ethernet Driver

Realtek USB 2.0 Card Reader

RealUpgrade 1.1

RGSS-RTP Standard

RollerCoaster Tycoon

RPGXP

Runtime

Sakura

SAMSUNG Video Codec 1.2.5009

Sawer

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553074)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft Office Excel 2007 (KB2553073)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2535818)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Segoe UI

SFR

SHASTA

skin0001

SKINXSDK

Solace - February 2011

Sony Picture Utility

staticcr

Steam

Suite Shared Configuration CS4

swMSM

Synaptics Pointing Device Driver

tooltips

Toxic Biohazard

Uninstall 1.0.0.1

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VC80CRTRedist - 8.0.50727.6195

Vegas Movie Studio HD 9.0

Vegas Pro 9.0

VideoLAN VLC media player 0.8.6f

VideoPad Video Editor

VPRINTOL

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinRAR archiver

WIRELESS

Xfinity.com Toolbar 3.5

Yahoo! Detect

Link to post
Share on other sites

Open Notepad and copy and paste the text in the code box below into it:

Folder::
c:\program files\Common Files\Spigot
c:\program files\ConduitEngine

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

FireFox::
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\p6imer7w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2086743&SearchSource=3&q={searchTerms}
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 7900
FF - prefs.js: network.proxy.type - 0

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

In your next post here, please include ComboFix.txt and let me know how are things there.

Link to post
Share on other sites

ComboFix 11-11-26.04 - Owner 11/27/2011 2:52.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1752 [GMT -5:00]

Running from: c:\users\Owner\Desktop\ComboFix.exe

Command switches used :: c:\users\Owner\Desktop\CFScript.txt

AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Common Files\Spigot

c:\program files\ConduitEngine

c:\program files\ConduitEngine\appContextMenu.xml

c:\program files\ConduitEngine\ConduitEngine.dll

c:\program files\ConduitEngine\ConduitEngineHelper.exe

c:\program files\ConduitEngine\ConduitEngineUninstall.exe

c:\program files\ConduitEngine\engineContextMenu.xml

c:\program files\ConduitEngine\EngineSettings.json

c:\program files\ConduitEngine\INSTALL.LOG

c:\program files\ConduitEngine\toolbar.cfg

.

.

((((((((((((((((((((((((( Files Created from 2011-10-27 to 2011-11-27 )))))))))))))))))))))))))))))))

.

.

2011-11-27 08:15 . 2011-11-27 08:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-24 05:01 . 2011-11-24 05:59 -------- d-----w- c:\program files\raidcall

2011-11-22 04:28 . 2011-11-22 04:28 -------- d-----w- c:\program files\Apple Software Update

2011-11-20 04:32 . 2011-11-27 08:15 -------- d-----w- c:\users\Owner\AppData\Local\temp

2011-11-19 16:49 . 2011-11-19 16:49 -------- d-----w- C:\Ace of Spades

2011-11-15 21:31 . 2011-11-17 19:09 -------- d-----w- c:\users\Owner\AppData\Local\Apple Computer

2011-11-14 05:57 . 2007-03-12 21:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll

2011-11-14 05:57 . 2011-11-14 05:57 -------- d-----w- c:\program files\Microsoft XNA

2011-11-13 17:52 . 2011-11-13 17:52 -------- d-----w- C:\AI_RecycleBin

2011-11-12 23:08 . 2011-11-12 23:08 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes

2011-11-12 23:07 . 2011-11-12 23:07 -------- d-----w- c:\programdata\Malwarebytes

2011-11-12 23:07 . 2011-11-12 23:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-12 23:07 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-10 05:09 . 2006-06-19 18:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll

2011-11-10 05:09 . 2006-05-25 20:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll

2011-11-10 05:09 . 2005-08-26 06:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll

2011-11-10 05:09 . 2003-02-03 01:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll

2011-11-10 05:09 . 2002-03-06 06:00 75264 ----a-w- c:\windows\system32\unacev2.dll

2011-11-08 22:01 . 2011-11-13 17:58 -------- d-----w- c:\program files\Spigot Removal Tool

2011-11-08 21:00 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-11-08 21:00 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-08 21:00 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll

2011-11-08 06:59 . 2011-11-08 07:14 -------- d-----w- c:\users\Owner\AppData\Local\Adobe

2011-11-07 22:44 . 2011-11-07 22:44 -------- d-----w- c:\users\Owner\AppData\Local\Apple

2011-11-07 13:29 . 2011-11-07 13:32 -------- d-----w- c:\users\Owner\AppData\Local\NPE

2011-11-03 23:51 . 2011-11-03 23:51 -------- d-----w- c:\users\Owner\AppData\Roaming\Registry Mechanic

2011-11-02 11:43 . 2011-11-02 12:06 -------- d-----w- c:\users\Owner\AppData\Roaming\DivX

2011-11-02 11:42 . 2011-11-03 08:17 -------- d-----w- c:\program files\Common Files\DivX Shared

2011-11-02 11:41 . 2011-11-03 08:17 -------- d-----w- c:\program files\DivX

2011-11-02 11:40 . 2011-11-03 08:18 -------- d-----w- c:\programdata\DivX

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-22 22:08 . 2011-06-08 04:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-10-03 09:06 . 2011-08-22 00:30 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-06 13:30 . 2011-10-12 17:05 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-09-02 13:39 . 2011-10-12 17:02 1383424 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-31 04:05 . 2011-08-31 04:05 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-31 04:05 . 2011-08-31 04:05 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-08-31 04:05 . 2011-08-31 04:05 178536 ----a-w- c:\windows\system32\dnssdX.dll

2009-05-05 01:08 . 2009-05-05 00:50 2526208 ----a-w- c:\program files\FLV PlayerATBSetup.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dcc70a83-e184-40a3-906b-779af5e941c4}]

2010-11-11 18:55 87512 ----a-w- c:\program files\xfinitytb\xfinitydx.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e6d0b79e-ecac-411b-8bf6-7a574981af30}]

2010-12-22 14:31 265176 ----a-w- c:\program files\xfinitytb\auxi\xfinityAu.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{dcc70a83-e184-40a3-906b-779af5e941c4}"= "c:\program files\xfinitytb\xfinitydx.dll" [2010-11-11 87512]

.

[HKEY_CLASSES_ROOT\clsid\{dcc70a83-e184-40a3-906b-779af5e941c4}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Wisdom-soft ScreenHunter 5.1 Pro"="0" [X]

"Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2009-04-11 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]

"ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]

"Steam"="c:\program files\Steam\steam.exe" [2011-08-02 1242448]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]

"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

.

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-10-31 24241928]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-12-25 333088]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [1999-9-4 53317]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ExifLauncher2.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ExifLauncher2.lnk

backup=c:\windows\pss\ExifLauncher2.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2010-08-26 00:45 171032 ----a-w- c:\windows\System32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]

2008-10-09 14:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-05-08 23:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]

2008-04-15 21:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2010-08-26 00:45 136216 ----a-w- c:\windows\System32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2010-08-26 00:45 170520 ----a-w- c:\windows\System32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]

2008-09-24 01:21 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2008-06-10 11:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2011-03-26 01:06 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]

2007-12-24 23:55 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]

2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]

2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]

2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]

2008-10-07 03:42 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664]

R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2008-01-21 21504]

R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1206000.01D\SYMDS.SYS [2011-01-27 340088]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1206000.01D\SYMEFA.SYS [2011-03-15 744568]

S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20111114.002\BHDrvx86.sys [2011-11-14 819320]

S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20111124.030\IDSvix86.sys [2011-08-23 368248]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1206000.01D\Ironx86.SYS [2011-01-27 136312]

S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NAV\1206000.01D\SYMTDIV.SYS [2011-03-22 331384]

S2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]

S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]

S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 106104]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 23:13]

.

2011-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 23:13]

.

2011-10-29 c:\windows\Tasks\HPCeeScheduleForOwner.job

- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-23 18:34]

.

2011-11-23 c:\windows\Tasks\Norton Security Scan for Owner.job

- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-11-14 05:23]

.

2010-12-17 c:\windows\Tasks\User_Feed_Synchronization-{D835682B-12B4-47BB-AEBF-3AF9D9D2CD6B}.job

- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://comcast.net/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

uInternet Settings,ProxyOverride = searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;cf.netzero.net;qs.netzero.net;*.quicken.com;feed.untd.com;*.pogo.com;*.mail.yahoo.com;*.aolcdn.com;*.yimg.com;<local>;*.local

IE: Display All Images with Full Quality - c:\program files\NetZero\qsacc\appres.dll/228

IE: Display Image with Full Quality - c:\program files\NetZero\qsacc\appres.dll/227

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

TCP: DhcpNameServer = 68.87.64.150 68.87.75.198

FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\p6imer7w.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=382950&p=

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-conduitEngine - c:\progra~1\CONDUI~1\ConduitEngineUninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-27 03:15

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NAV]

"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(644)

c:\program files\CA\PPRT\bin\CACheck.dll

c:\program files\CA\PPRT\bin\CAHook.dll

c:\program files\CA\PPRT\bin\CAServer.dll

.

Completion time: 2011-11-27 03:22:40

ComboFix-quarantined-files.txt 2011-11-27 08:22

ComboFix2.txt 2011-11-20 04:32

.

Pre-Run: 78,336,356,352 bytes free

Post-Run: 81,075,834,880 bytes free

.

- - End Of File - - 3E3270E130FE1B09580010AEDEB7D3C0

well the spigot folder is gone thank you so much for that but my local disk space keep going up and down like sometimes it will be 80.0 or 75.5 to 75.4 and so on but nothing gets deleted I checked and all my files are still there

Link to post
Share on other sites

However, we remove malware, it is normal to have a little difference in disk space.

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

  1. Please run a free online scan with the ESET Online Scanner
    Note: You will need to use Internet Explorer for this scan
  2. Tick the box next to YES, I accept the Terms of Use
  3. Click Start
  4. When asked, allow the ActiveX control to install
  5. Click Start
  6. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  7. Click Scan (This scan can take several hours, so please be patient)
  8. Once the scan is completed, you may close the window
  9. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  10. Copy and paste that log as a reply to this topic

In your next reply, please post the following log files:

  • Malwarebytes' Anti-Malware log
  • ESET Online Scanner log

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8286

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

12/1/2011 1:14:55 PM

mbam-log-2011-12-01 (13-14-55).txt

Scan type: Quick scan

Objects scanned: 184602

Time elapsed: 9 minute(s), 32 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Owner\downloads\mightymagoo.exe (PUP.MightyMagoo) -> Quarantined and deleted successfully.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.