TechSpot

Google redirect virus

By meanddee96
Jul 7, 2011
  1. New to the thread, I apologize in advance if the directions have not been followed to the "T". Noticed some issues with the computer over the last couple of days, and finally installed and ran malwarebytes. Found 12 instances of trojan.tracur.wow. It says all were cleaned and removed, rebooted computer. Still have google redirect issues. I stumbled across the forum and the 7 step thread. I downloaded and ran gmer. it says it found no modification, and to the best of my knowledge did not generate a log file. i just ran DDS. Those logs are posted below. Further advice is greatly appreciated!
     
  2. meanddee96

    meanddee96 TS Rookie Topic Starter Posts: 16

    DDS (Ver_2011-06-23.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22
    Run by Billie Watspm at 6:48:30 on 2011-07-07
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4090.2174 [GMT -4:00]
    .
    AV: Norton 360 *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Windows\system32\lxdqcoms.exe
    C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio64.exe
    C:\Windows\system32\RUNDLL32.EXE
    c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\Lexmark Z2400 Series\ezprint.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\wuauclt.exe
    C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com
    uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0309&m=p-7805u&c=BB
    uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    mStart Page = hxxp://www.yahoo.com/
    mDefault_Page_URL = hxxp://www.yahoo.com/
    mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: {013ee055-89ef-4dc1-ae98-f4884abdebbf} - C:\Windows\SysWow64\atl32.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    BHO: NitroPDFBHO Class: {cf070cb8-f02f-4af4-a7b7-8d45cad4bb54} - C:\Program Files (x86)\Nitro PDF\PDF Download\NitroPDF.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    uRun: [MyWGU Messenger] C:\Program Files (x86)\MyWGU Messenger\MyWGU-Messenger.exe
    uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
    uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
    uRun: [conhost] C:\Users\Billie Watspm\AppData\Roaming\Microsoft\conhost.exe
    mRun: [ccApp] "c:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    mRun: [osCheck] "c:\Program Files (x86)\Norton 360\osCheck.exe"
    mRun: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe"
    mRun: [eRecoveryService]
    mRun: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
    mRun: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
    mRun: [Turbine Download Manager Tray Icon] "C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe"
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    TCP: DhcpNameServer = 68.87.74.166 68.87.68.166
    TCP: Interfaces\{03613130-5511-45D5-958D-134619A707E4} : DhcpNameServer = 10.61.32.1 1.1.1.1
    TCP: Interfaces\{8745BDB8-A57B-4B6C-BFC5-8115FF6B82FD} : DhcpNameServer = 68.87.74.166 68.87.68.166
    AppInit_DLLs: C:\ProgramData\atl32.dll
    C:\Windows\SysWow64\atl32.dll
    BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO-X64: 0x1 - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
    BHO-X64: NCO 2.0 IE BHO - No File
    BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    BHO-X64: Symantec Intrusion Prevention - No File
    BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
    BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    BHO-X64: Google Dictionary Compression sdch - No File
    BHO-X64: NitroPDFBHO Class: {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - C:\Program Files (x86)\Nitro PDF\PDF Download\NitroPDF.dll
    BHO-X64: NitroPDFBHO Class - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    TB-X64: Show Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
    TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    mRun-x64: [ccApp] "c:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    mRun-x64: [osCheck] "c:\Program Files (x86)\Norton 360\osCheck.exe"
    mRun-x64: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe"
    mRun-x64: [eRecoveryService]
    mRun-x64: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
    mRun-x64: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
    mRun-x64: [Turbine Download Manager Tray Icon] "C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe"
    mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    AppInit_DLLs-X64: C:\ProgramData\atl32.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Billie Watspm\AppData\Roaming\Mozilla\Firefox\Profiles\4n2vsu55.default\
    FF - prefs.js: browser.startup.homepage - hxxp://startskins.com/5124071740/
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 53475
    FF - prefs.js: network.proxy.type - 0
    FF - component: C:\Users\Billie Watspm\AppData\Roaming\Mozilla\Firefox\Profiles\4n2vsu55.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko19.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npWebSentinelHelper.dll
    FF - plugin: C:\Program Files (x86)\Musicnotes\npmusicn.dll
    FF - plugin: C:\Program Files (x86)\Musicnotes\npmusicn64.dll
    FF - plugin: C:\Program Files (x86)\Musicnotes\NPSibelius.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll
    FF - plugin: C:\Users\Billie Watspm\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: C:\Users\Billie Watspm\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll
    FF - plugin: C:\Users\Billie Watspm\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - C:\Users\Billie Watspm\AppData\Roaming\Move Networks
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: printpdf: printpdf@pavlov.net - %profile%\extensions\printpdf@pavlov.net
    FF - Ext: Zynga Community Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    FF - Ext: XUL Cache: {a8e0229b-c08e-41cc-9240-c53e5ce1a5e8} - %profile%\extensions\{a8e0229b-c08e-41cc-9240-c53e5ce1a5e8}
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    ============= SERVICES / DRIVERS ===============
    .
    R1 IDSvia64;Symantec Intrusion Prevention Driver;C:\PROGRA~3\Symantec\DEFINI~1\SymcData\ipsdefs\20110629.002\IDSvia64.sys [2011-7-1 392752]
    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 21504]
    R2 ETService;Empowering Technology Service;C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2009-3-16 24576]
    R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE [2008-2-17 149352]
    R2 lxdq_device;lxdq_device;C:\Windows\system32\lxdqcoms.exe -service --> C:\Windows\system32\lxdqcoms.exe -service [?]
    R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc --> RUNDLL32.EXE ykx64coinst,serviceStartProc [?]
    R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-5-13 136824]
    R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2mdx64.sys --> C:\Windows\system32\DRIVERS\o2mdx64.sys [?]
    R3 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sdx64.sys --> C:\Windows\system32\DRIVERS\o2sdx64.sys [?]
    R3 Symantec Core LC;Symantec Core LC;C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2009-1-13 1245064]
    R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS --> C:\Windows\system32\Drivers\SYMNDISV.SYS [?]
    R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
    R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 lxdqCATSCustConnectService;lxdqCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxdqserv.exe [2008-2-27 29184]
    S3 COH_Mon;COH_Mon;\??\C:\Windows\system32\Drivers\COH_Mon.sys --> C:\Windows\system32\Drivers\COH_Mon.sys [?]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-23 89920]
    .
    =============== File Associations ===============
    .
    JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2011-07-07 03:02:54 -------- d-----w- C:\Users\Billie Watspm\AppData\Roaming\Malwarebytes
    2011-07-07 03:02:25 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-07-07 03:02:25 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-07-07 03:02:22 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-07-07 03:02:22 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-07-06 22:17:37 174592 --sha-w- C:\ProgramData\atl32.dll
    2011-07-02 17:33:04 342528 ----a-w- C:\Windows\SysWow64\atl32.dll
    2011-06-28 22:13:11 344576 ----a-w- C:\Windows\System32\schannel.dll
    2011-06-28 22:13:11 276992 ----a-w- C:\Windows\SysWow64\schannel.dll
    .
    ==================== Find3M ====================
    .
    2011-06-04 18:51:59 85504 ----a-w- C:\Windows\System32\iesetup.dll
    2011-06-04 18:51:59 30720 ----a-w- C:\Windows\System32\licmgr10.dll
    2011-06-04 18:51:59 1492992 ----a-w- C:\Windows\System32\inetcpl.cpl
    2011-06-04 18:51:58 603648 ----a-w- C:\Windows\System32\vbscript.dll
    2011-06-04 18:51:58 165888 ----a-w- C:\Windows\System32\iexpress.exe
    2011-06-04 18:51:58 160256 ----a-w- C:\Windows\System32\wextract.exe
    2011-06-04 18:51:57 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2011-05-21 20:59:36 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-05-18 13:56:59 2762752 ----a-w- C:\Windows\System32\win32k.sys
    2011-05-02 17:16:14 739328 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2011-05-02 17:13:21 975360 ----a-w- C:\Windows\System32\inetcomm.dll
    2011-04-29 13:41:02 176128 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2011-04-29 13:40:56 145920 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2011-04-29 13:39:34 275456 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2011-04-29 13:39:34 135680 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
    2011-04-29 13:39:31 107008 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
    2011-04-23 01:29:25 2303488 ----a-w- C:\Windows\System32\jscript9.dll
    2011-04-23 01:19:19 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-04-22 23:35:56 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-04-22 23:25:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-04-21 14:20:24 405504 ----a-w- C:\Windows\System32\drivers\afd.sys
    2011-04-14 15:14:19 97792 ----a-w- C:\Windows\System32\drivers\dfsc.sys
    .
    ============= FINISH: 6:49:06.56 ===============
     
  3. meanddee96

    meanddee96 TS Rookie Topic Starter Posts: 16

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 3/16/2009 8:02:29 PM
    System Uptime: 7/7/2011 1:14:07 AM (5 hours ago)
    .
    Motherboard: Gateway | | IMV
    Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz | U2E1 | 2267/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 286 GiB total, 65.116 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP444: 6/17/2011 3:00:14 AM - Windows Update
    RP445: 6/18/2011 12:15:06 AM - Scheduled Checkpoint
    RP446: 6/19/2011 12:47:28 AM - Scheduled Checkpoint
    RP447: 6/20/2011 12:31:55 AM - Scheduled Checkpoint
    RP448: 6/21/2011 12:00:01 AM - Scheduled Checkpoint
    RP449: 6/21/2011 6:35:13 PM - Installed Microsoft PowerPoint Viewer
    RP450: 6/23/2011 7:15:00 AM - Windows Update
    RP451: 6/24/2011 12:19:02 AM - Scheduled Checkpoint
    RP452: 6/25/2011 12:53:23 PM - Scheduled Checkpoint
    RP453: 6/26/2011 1:09:29 AM - Scheduled Checkpoint
    RP454: 6/28/2011 3:45:36 PM - Scheduled Checkpoint
    RP455: 6/29/2011 3:00:16 AM - Windows Update
    RP456: 7/1/2011 2:24:07 AM - Scheduled Checkpoint
    RP457: 7/2/2011 12:00:01 AM - Scheduled Checkpoint
    RP458: 7/2/2011 3:20:03 AM - Windows Update
    RP459: 7/2/2011 9:32:09 AM - Windows Update
    RP460: 7/3/2011 12:35:18 AM - Scheduled Checkpoint
    RP461: 7/4/2011 1:20:07 AM - Scheduled Checkpoint
    RP462: 7/5/2011 1:14:53 AM - Scheduled Checkpoint
    RP463: 7/6/2011 12:22:10 AM - Windows Update
    RP464: 7/7/2011 1:18:56 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    ABC Amber LIT Converter
    ABC Amber Palm Converter
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.2
    AIM 7
    Akamai NetSession Interface
    Amazon Kindle
    AppCore
    Apple Application Support
    Apple Software Update
    Backup
    calibre
    Camera Assistant Software for Gateway
    ccCommon
    Choice Guard
    Compatibility Pack for the 2007 Office system
    Curse Client
    CyberLink LabelPrint
    CyberLink Power2Go
    Download Updater (AOL LLC)
    Facebook Plug-In
    Gateway Games
    Gateway Recovery Management
    GearDrvs
    Google Toolbar for Internet Explorer
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Java(TM) 6 Update 22
    Java(TM) 6 Update 5
    Junk Mail filter update
    LiveUpdate (Symantec Corporation)
    Malwarebytes' Anti-Malware version 1.51.0.1200
    McAfee Security Scan Plus
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft Money Essentials
    Microsoft Money Shared Libraries
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft PowerPoint Viewer
    Microsoft Reader
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    mIRC
    Mobipocket Creator 4.2
    Mobipocket Reader 6.2
    Move Media Player
    Mozilla Firefox (3.6.18)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Musicnotes Software Suite 1.1
    MyWGU Messenger 2.5.8
    Norton 360
    Norton 360 (Symantec Corporation)
    Norton 360 HTMLHelp
    Norton Confidential Core
    NVIDIA PhysX v8.10.13
    OpenOffice.org 3.3
    PDF Download for Internet Explorer
    PowerDVD
    QuickTime
    Rawr
    Revo Uninstaller 1.85
    Safari
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft Office 2007 System (KB2541012)
    Security Update for Microsoft Office Excel 2007 (KB2541007)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Spelling Dictionaries Support For Adobe Reader 9
    Stanza
    Station Launcher
    Symantec Technical Support Controls
    The Lord of the Rings Online™
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VLC media player 1.0.0
    Windows Installer Clean Up
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    WinRAR archiver
    World of Logs Client
    World of Warcraft
    World of Warcraft Public Test
    WorldWinner Games
    Yahoo! Messenger
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/7/2011 12:57:28 AM, Error: Service Control Manager [7034] - The Marvell Yukon Service service terminated unexpectedly. It has done this 1 time(s).
    7/7/2011 12:56:46 AM, Error: Service Control Manager [7034] - The Windows Backup service terminated unexpectedly. It has done this 1 time(s).
    7/7/2011 1:16:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxdqCATSCustConnectService service to connect.
    7/7/2011 1:16:08 AM, Error: Service Control Manager [7000] - The lxdqCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/7/2011 1:16:08 AM, Error: Service Control Manager [7000] - The Intel(R) PRO/1000 NDIS 6 Adapter Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    7/7/2011 1:13:30 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC eeCtrl NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr SRTSPX SymIM SYMTDI tdx Wanarpv6
    7/7/2011 1:13:30 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    7/7/2011 1:13:30 AM, Error: Service Control Manager [7001] - The Windows Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    7/7/2011 1:13:30 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    7/7/2011 1:13:30 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    7/7/2011 1:13:30 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    7/7/2011 1:13:30 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    7/7/2011 1:13:30 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    7/7/2011 1:13:30 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    7/7/2011 1:13:30 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    7/7/2011 1:13:30 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    7/7/2011 1:13:30 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    7/7/2011 1:13:30 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    7/7/2011 1:13:30 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    7/7/2011 1:13:30 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    7/7/2011 1:13:30 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    7/7/2011 1:13:30 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    7/7/2011 1:13:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    7/7/2011 1:13:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    7/7/2011 1:12:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    7/7/2011 1:12:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    7/7/2011 1:12:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    7/7/2011 1:12:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    7/7/2011 1:12:45 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    7/7/2011 1:12:24 AM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
    7/7/2011 1:12:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
    7/7/2011 1:09:59 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
    7/7/2011 1:09:29 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service.
    7/7/2011 1:08:59 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UxSms service.
    7/7/2011 1:08:29 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TabletInputService service.
    7/7/2011 1:07:59 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
    7/7/2011 1:06:59 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hidserv service.
    7/7/2011 1:06:36 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
    7/7/2011 1:06:36 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
    7/6/2011 6:19:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WdiSystemHost service.
    7/6/2011 6:19:24 PM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/6/2011 6:18:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
    7/6/2011 6:18:56 PM, Error: Service Control Manager [7000] - The Portable Device Enumerator Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/6/2011 6:18:56 PM, Error: Service Control Manager [7000] - The Distributed Link Tracking Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/6/2011 6:04:34 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 00216B492022 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/4/2011 10:49:55 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 00216B492022 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/2/2011 1:32:55 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    .
    ==== End Of File ===========================
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! I'll help guide you through finding and removing malware.

    You are still running the McAfee Security Suite as well as Norton Security Please remove one of them. You should only have 1 AV and 1 FW> Here are Uninstall tools to help:
    McAfee Removal
    Norton Removal Tool
    Please reboot the Computer when finished.
    ============================================
    I am reviewing the current logs now and will be back with instructions.
    ============================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
     
  5. meanddee96

    meanddee96 TS Rookie Topic Starter Posts: 16

    McAfee has been removed and the computer rebooted.
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I've found several malware entries in the DDS logs. Why don't I have a log from Malwarebytes?

    Note: If you have this recently installed, please update and rescan. Give me the log.
    If it won't update or if you get any message that it won't run, uninstall what you now have and follow the link below:

    [​IMG]
    Malwarebytes' Anti-Malware
    • Please download Malwarebytes' Anti-Malware from from HERE
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to
      [o] Update Malwarebytes' Anti-Malware
      [o] and Launch Malwarebytes' Anti-Malware
    • then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform Quick scan, then click Scan.
      * When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please attach this log with your reply
      [o] If you accidentally close it, the log file is saved here and will be named like this:
      [o] C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    ========================
    I'd like to see the contents of that log before we go on.
     
  7. meanddee96

    meanddee96 TS Rookie Topic Starter Posts: 16

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 7038

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 9.0.8112.16421

    7/9/2011 9:20:22 PM
    mbam-log-2011-07-09 (21-20-22).txt

    Scan type: Quick scan
    Objects scanned: 181025
    Time elapsed: 8 minute(s), 1 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay- let's dig a bit deeper:

    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ================================================
    Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ============================================
    Questions:
    1. Did you set this homepage in FirefoxFF - prefs.js: browser.startup.homepage - hxxp://startskins.com/5124071740/? This is a skin to customize the Google start page. Is redirect connected to timing of setting that?
    2. Does your ISP require this proxy: FF - prefs.js: network.proxy.http_port - 53475?
     
  9. meanddee96

    meanddee96 TS Rookie Topic Starter Posts: 16

    esets

    C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\AIM6\uninst.exe probably a variant of Win32/StartPage.KFUXYDC trojan
    C:\Users\Billie Watspm\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\532f4a01-55ceb571 Java/Agent.CK trojan
    C:\Users\Billie Watspm\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\1f3f8202-7270b691 multiple threats
    C:\Users\Billie Watspm\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\1fd53268-2f7c1df1 probably a variant of Win32/Agent.DYXWUMY trojan
    C:\Users\Billie Watspm\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\316f34ee-7f6d6c41 probably a variant of Java/Agent.BR trojan
    C:\Users\Billie Watspm\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\759fac34-79d669c9 Java/Agent.BV trojan
    C:\Users\Billie Watspm\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\5380c53a-39b7617f Java/Agent.BV trojan
    C:\Users\Billie Watspm\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\f6aebc6-17885483 a variant of Java/Agent.BR trojan
    C:\Users\Billie Watspm\AppData\Roaming\Mozilla\Firefox\Profiles\4n2vsu55.default\extensions\{a8e0229b-c08e-41cc-9240-c53e5ce1a5e8}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan
    C:\Windows\System32\atl32.dll probably a variant of Win32/TrojanDownloader.Agent.CQQKFCN trojan
    C:\Windows\SysWOW64\atl32.dll probably a variant of Win32/TrojanDownloader.Agent.CQQKFCN trojan
     
  10. meanddee96

    meanddee96 TS Rookie Topic Starter Posts: 16

    questions

    I believe this homepage was set by us. However, I don't believe our ISP requires any specific proxy.
     
  11. meanddee96

    meanddee96 TS Rookie Topic Starter Posts: 16

    combofix

    ComboFix 11-07-12.09 - Billie Watspm 07/13/2011 1:05.1.2 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4090.1807 [GMT -4:00]
    Running from: c:\users\Billie Watspm\Downloads\ComboFix.exe
    AV: Norton 360 *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    SP: Norton 360 *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    c:\programdata\atl32.dll
    c:\users\Billie Watspm\AppData\Roaming\Mozilla\Firefox\Profiles\4n2vsu55.default\extensions\{a8e0229b-c08e-41cc-9240-c53e5ce1a5e8}
    c:\users\Billie Watspm\AppData\Roaming\Mozilla\Firefox\Profiles\4n2vsu55.default\extensions\{a8e0229b-c08e-41cc-9240-c53e5ce1a5e8}\chrome.manifest
    c:\users\Billie Watspm\AppData\Roaming\Mozilla\Firefox\Profiles\4n2vsu55.default\extensions\{a8e0229b-c08e-41cc-9240-c53e5ce1a5e8}\chrome\xulcache.jar
    c:\users\Billie Watspm\AppData\Roaming\Mozilla\Firefox\Profiles\4n2vsu55.default\extensions\{a8e0229b-c08e-41cc-9240-c53e5ce1a5e8}\defaults\preferences\xulcache.js
    c:\users\Billie Watspm\AppData\Roaming\Mozilla\Firefox\Profiles\4n2vsu55.default\extensions\{a8e0229b-c08e-41cc-9240-c53e5ce1a5e8}\install.rdf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-06-13 to 2011-07-13 )))))))))))))))))))))))))))))))
    .
    .
    2011-07-13 05:17 . 2011-07-13 05:17 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
    2011-07-13 05:17 . 2011-07-13 05:17 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-07-13 05:02 . 2011-07-13 05:03 -------- d-----w- C:\32788R22FWJFW
    2011-07-13 02:58 . 2011-07-13 02:58 -------- d-----w- c:\program files (x86)\ESET
    2011-07-07 03:02 . 2011-07-07 03:02 -------- d-----w- c:\users\Billie Watspm\AppData\Roaming\Malwarebytes
    2011-07-07 03:02 . 2011-07-07 03:02 -------- d-----w- c:\programdata\Malwarebytes
    2011-07-07 03:02 . 2011-05-29 13:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-07-07 03:02 . 2011-07-07 03:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-07-07 03:02 . 2011-05-29 13:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-07-02 17:33 . 2011-07-02 17:33 342528 ----a-w- c:\windows\SysWow64\atl32.dll
    2011-06-28 22:13 . 2011-04-29 16:15 344576 ----a-w- c:\windows\system32\schannel.dll
    2011-06-28 22:13 . 2011-04-29 15:59 276992 ----a-w- c:\windows\SysWow64\schannel.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-06-04 18:52 . 2011-06-04 18:52 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2011-06-04 18:52 . 2011-06-04 18:52 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
    2011-06-04 18:52 . 2011-06-04 18:52 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2011-06-04 18:52 . 2011-06-04 18:52 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2011-06-04 18:52 . 2011-06-04 18:52 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2011-06-04 18:52 . 2011-06-04 18:52 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2011-06-04 18:52 . 2011-06-04 18:52 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2011-06-04 18:52 . 2011-06-04 18:52 367104 ----a-w- c:\windows\SysWow64\html.iec
    2011-06-04 18:52 . 2011-06-04 18:52 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2011-06-04 18:52 . 2011-06-04 18:52 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2011-06-04 18:52 . 2011-06-04 18:52 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2011-06-04 18:52 . 2011-06-04 18:52 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2011-06-04 18:52 . 2011-06-04 18:52 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2011-06-04 18:52 . 2011-06-04 18:52 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2011-06-04 18:52 . 2011-06-04 18:52 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2011-06-04 18:52 . 2011-06-04 18:52 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2011-06-04 18:52 . 2011-06-04 18:52 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2011-06-04 18:52 . 2011-06-04 18:52 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2011-06-04 18:52 . 2011-06-04 18:52 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2011-06-04 18:52 . 2011-06-04 18:52 222208 ----a-w- c:\windows\system32\msls31.dll
    2011-06-04 18:52 . 2011-06-04 18:52 1389056 ----a-w- c:\windows\system32\wininet.dll
    2011-06-04 18:52 . 2011-06-04 18:52 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-06-04 18:52 . 2011-06-04 18:52 12288 ----a-w- c:\windows\system32\mshta.exe
    2011-06-04 18:52 . 2011-06-04 18:52 114176 ----a-w- c:\windows\system32\admparse.dll
    2011-06-04 18:52 . 2011-06-04 18:52 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-06-04 18:52 . 2011-06-04 18:52 49664 ----a-w- c:\windows\system32\imgutil.dll
    2011-06-04 18:52 . 2011-06-04 18:52 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-06-04 18:52 . 2011-06-04 18:52 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-06-04 18:52 . 2011-06-04 18:52 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2011-06-04 18:52 . 2011-06-04 18:52 76800 ----a-w- c:\windows\system32\tdc.ocx
    2011-06-04 18:52 . 2011-06-04 18:52 448512 ----a-w- c:\windows\system32\html.iec
    2011-06-04 18:51 . 2011-06-04 18:51 85504 ----a-w- c:\windows\system32\iesetup.dll
    2011-06-04 18:51 . 2011-06-04 18:51 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2011-06-04 18:51 . 2011-06-04 18:51 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-06-04 18:51 . 2011-06-04 18:51 603648 ----a-w- c:\windows\system32\vbscript.dll
    2011-06-04 18:51 . 2011-06-04 18:51 165888 ----a-w- c:\windows\system32\iexpress.exe
    2011-06-04 18:51 . 2011-06-04 18:51 160256 ----a-w- c:\windows\system32\wextract.exe
    2011-06-04 18:51 . 2011-06-04 18:51 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-05-21 20:59 . 2011-05-21 20:10 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{013EE055-89EF-4DC1-AE98-F4884ABDEBBf}]
    2011-07-02 17:33 342528 ----a-w- c:\windows\SysWOW64\atl32.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-07 68856]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
    "ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
    "MyWGU Messenger"="c:\program files (x86)\MyWGU Messenger\MyWGU-Messenger.exe" [2007-11-30 172544]
    "Aim"="c:\program files (x86)\AIM\aim.exe" [2011-01-05 4321112]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
    "osCheck"="c:\program files (x86)\Norton 360\osCheck.exe" [2008-02-25 988512]
    "Camera Assistant Software"="c:\program files\Camera Assistant Software for Gateway\traybar.exe" [2008-03-29 638976]
    "RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2008-07-22 87336]
    "LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe" [2008-05-14 62760]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 lxdqCATSCustConnectService;lxdqCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdqserv.exe [2009-04-28 29184]
    R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WisINT15;WisINT15;c:\windows\System32\OEM\factory\WisINT15.SYS [x]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
    S1 IDSvia64;Symantec Intrusion Prevention Driver;c:\progra~3\Symantec\DEFINI~1\SymcData\ipsdefs\20110712.001\IDSvia64.sys [2010-09-15 392752]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 27648]
    S2 ETService;Empowering Technology Service;c:\program files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-07-16 24576]
    S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
    S2 lxdq_device;lxdq_device;c:\windows\system32\lxdqcoms.exe [2008-02-27 1044648]
    S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc [x]
    S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-09 136824]
    S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys [x]
    S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys [x]
    S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [x]
    S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - COMHOST
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1220392]
    "lxdqmon.exe"="c:\program files (x86)\Lexmark Z2400 Series\lxdqmon.exe" [2008-03-27 656040]
    "EzPrint"="c:\program files (x86)\Lexmark Z2400 Series\ezprint.exe" [2008-03-27 107176]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-03 16330272]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://www.yahoo.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 68.87.74.166 68.87.68.166
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
    FF - ProfilePath - c:\users\Billie Watspm\AppData\Roaming\Mozilla\Firefox\Profiles\4n2vsu55.default\
    FF - prefs.js: browser.startup.homepage - hxxp://startskins.com/5124071740/
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 53475
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Billie Watspm\AppData\Roaming\Move Networks
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: printpdf: printpdf@pavlov.net - %profile%\extensions\printpdf@pavlov.net
    FF - Ext: Zynga Community Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
    Wow6432Node-HKCU-Run-conhost - c:\users\Billie Watspm\AppData\Roaming\Microsoft\conhost.exe
    Wow6432Node-HKLM-Run-eRecoveryService - (no file)
    Wow6432Node-HKLM-Run-Turbine Download Manager Tray Icon - c:\program files (x86)\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe
    HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
    AddRemove-258773241.elitistjerks.com - c:\program files (x86)\Microsoft Silverlight\4.0.51204.0\Silverlight.Configuration.exe
    AddRemove-World of Logs Client - c:\windows\system32\javaws.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker2"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @SACL=
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @SACL=
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @SACL=
    @=""
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @SACL=
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\program files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
    c:\program files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
    c:\program files\Camera Assistant Software for Gateway\CEC_MAIN.exe
    .
    **************************************************************************
    .
    Completion time: 2011-07-13 01:27:32 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-07-13 05:27
    .
    Pre-Run: 69,207,339,008 bytes free
    Post-Run: 69,490,114,560 bytes free
    .
    - - End Of File - - F29B1A7FF47A3E2F95D291E2C14597FB
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Many of the Eset entries show infection in the Java cache.
    To clear the Java Plug-in cache:

    • [1]. Click Start > Control Panel.
      [2]. Double-click the Java icon in the control panel. [​IMG] The Java Control Panel appears.
      [​IMG]
      [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
      [​IMG]
      [4] Click Delete Files.The Delete Temporary Files dialog box appears.
      [​IMG]
      [5]. Click OK on Delete Temporary Files window.
      Note: This deletes all the Downloaded Applications and Applets from the cache.
      [6]. Click Apply> OK on Temporary Files Settings window.
    Images courtesy java.com
    ================================================
    For the other entries: Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files  
      C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\AIM6\uninst.exe
      C:\Users\Billie Watspm\AppData\Roaming\Mozilla\Firefox\Profiles\4n2vsu55.default\extensions \{a8e0229b-c08e-41cc-9240-c53e5ce1a5e8}\chrome.manifest 
      C:\Windows\System32\atl32.dll 
      C:\Windows\SysWOW64\atl32.dll 
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ===========================================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\windows\SysWow64\atl32.dll
    c:\windows\system32\ieUnatt.exe
    FileLook::
    c:\windows\system32\iesetup.dll
    Folder::
    DSS::
    BHO: {013ee055-89ef-4dc1-ae98-f4884abdebbf} - C:\Windows\SysWow64\atl32.dll
    AppInit_DLLs: C:\ProgramData\atl32.dll
    C:\Windows\SysWow64\atl32.dll
    BHO-X64: 0x1 - No File
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: NCO 2.0 IE BHO - No File
    Registry::
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{013EE055-89EF-4DC1-AE98-F4884ABDEBBf}]
    RegLockDel::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    RegLock::
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    I am seeing so much malware in the Java caches. And every user has outdated versions of Java. You have 2: Java(TM) 6 Update 22, Java(TM) 6 Update 5. The current version is v6u26. The updates are done for security and having any outdated versions is a vulnerability to the system.
    Please update ASAP: Java Updates Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.

    Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.
    ===========================================
    Please leave logs from OTM and Combofix script in next reply.
    Give me an udate on how the system is doing.
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please do this when previous directions have been completed:
    * Reset your browser proxies

    o For Firefox:
    o Open Firefox, click on "Tools" then "Options" and then on "Advanced".
    o Click on the "Network" tab, and then on the "Settings" button.
    o Please make sure that the "No Proxy" option is selected.

    o For Internet Explorer:
    o Open Internet Explorer.
    o Click on "Tools" and then select "Internet Options".
    o Click on the "Connections" tab and click the "Lan Settings" button at the bottom.
    o Uncheck "Use a Proxy server for your LAN".
    o Click Ok to close the Local Area Network (LAN) Settings window.
    o Click Ok to close the Internet Options window.

    =========================================================
     
  14. meanddee96

    meanddee96 TS Rookie Topic Starter Posts: 16

    Moveit

    Move it crashed both times I ran it, but on the 2nd run through it showed no files to move when running the script before the crash. I didn't generate any logs.
     
  15. meanddee96

    meanddee96 TS Rookie Topic Starter Posts: 16

    combofix

    ComboFix 11-07-12.09 - Billie Watspm 07/15/2011 21:14:58.2.2 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4090.2008 [GMT -4:00]
    Running from: c:\users\Billie Watspm\Downloads\ComboFix.exe
    Command switches used :: c:\users\Billie Watspm\Desktop\cfscript.txt
    AV: Norton 360 *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    SP: Norton 360 *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-06-16 to 2011-07-16 )))))))))))))))))))))))))))))))
    .
    .
    2011-07-16 01:26 . 2011-07-16 01:29 -------- d-----w- c:\users\Billie Watspm\AppData\Local\temp
    2011-07-16 01:26 . 2011-07-16 01:26 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
    2011-07-16 01:26 . 2011-07-16 01:26 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-07-16 01:02 . 2011-07-16 01:02 -------- d-----w- C:\_OTM
    2011-07-13 22:06 . 2011-04-20 16:03 451072 ----a-w- c:\windows\system32\winsrv.dll
    2011-07-13 22:06 . 2011-04-20 15:58 85504 ----a-w- c:\windows\system32\csrsrv.dll
    2011-07-13 22:06 . 2011-06-02 13:50 2764288 ----a-w- c:\windows\system32\win32k.sys
    2011-07-13 02:58 . 2011-07-13 02:58 -------- d-----w- c:\program files (x86)\ESET
    2011-07-07 03:02 . 2011-07-07 03:02 -------- d-----w- c:\users\Billie Watspm\AppData\Roaming\Malwarebytes
    2011-07-07 03:02 . 2011-07-07 03:02 -------- d-----w- c:\programdata\Malwarebytes
    2011-07-07 03:02 . 2011-05-29 13:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-07-07 03:02 . 2011-07-07 03:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-07-07 03:02 . 2011-05-29 13:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-28 22:13 . 2011-04-29 16:15 344576 ----a-w- c:\windows\system32\schannel.dll
    2011-06-28 22:13 . 2011-04-29 15:59 276992 ----a-w- c:\windows\SysWow64\schannel.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-06-04 18:52 . 2011-06-04 18:52 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2011-06-04 18:52 . 2011-06-04 18:52 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
    2011-06-04 18:52 . 2011-06-04 18:52 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2011-06-04 18:52 . 2011-06-04 18:52 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2011-06-04 18:52 . 2011-06-04 18:52 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2011-06-04 18:52 . 2011-06-04 18:52 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2011-06-04 18:52 . 2011-06-04 18:52 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2011-06-04 18:52 . 2011-06-04 18:52 367104 ----a-w- c:\windows\SysWow64\html.iec
    2011-06-04 18:52 . 2011-06-04 18:52 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2011-06-04 18:52 . 2011-06-04 18:52 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2011-06-04 18:52 . 2011-06-04 18:52 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2011-06-04 18:52 . 2011-06-04 18:52 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2011-06-04 18:52 . 2011-06-04 18:52 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2011-06-04 18:52 . 2011-06-04 18:52 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2011-06-04 18:52 . 2011-06-04 18:52 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2011-06-04 18:52 . 2011-06-04 18:52 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2011-06-04 18:52 . 2011-06-04 18:52 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2011-06-04 18:52 . 2011-06-04 18:52 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2011-06-04 18:52 . 2011-06-04 18:52 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2011-06-04 18:52 . 2011-06-04 18:52 222208 ----a-w- c:\windows\system32\msls31.dll
    2011-06-04 18:52 . 2011-06-04 18:52 1389056 ----a-w- c:\windows\system32\wininet.dll
    2011-06-04 18:52 . 2011-06-04 18:52 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-06-04 18:52 . 2011-06-04 18:52 12288 ----a-w- c:\windows\system32\mshta.exe
    2011-06-04 18:52 . 2011-06-04 18:52 114176 ----a-w- c:\windows\system32\admparse.dll
    2011-06-04 18:52 . 2011-06-04 18:52 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-06-04 18:52 . 2011-06-04 18:52 49664 ----a-w- c:\windows\system32\imgutil.dll
    2011-06-04 18:52 . 2011-06-04 18:52 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-06-04 18:52 . 2011-06-04 18:52 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-06-04 18:52 . 2011-06-04 18:52 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2011-06-04 18:52 . 2011-06-04 18:52 76800 ----a-w- c:\windows\system32\tdc.ocx
    2011-06-04 18:52 . 2011-06-04 18:52 448512 ----a-w- c:\windows\system32\html.iec
    2011-06-04 18:51 . 2011-06-04 18:51 85504 ----a-w- c:\windows\system32\iesetup.dll
    2011-06-04 18:51 . 2011-06-04 18:51 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2011-06-04 18:51 . 2011-06-04 18:51 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-06-04 18:51 . 2011-06-04 18:51 603648 ----a-w- c:\windows\system32\vbscript.dll
    2011-06-04 18:51 . 2011-06-04 18:51 165888 ----a-w- c:\windows\system32\iexpress.exe
    2011-06-04 18:51 . 2011-06-04 18:51 160256 ----a-w- c:\windows\system32\wextract.exe
    2011-06-04 18:51 . 2011-06-04 18:51 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-05-21 20:59 . 2011-05-21 20:10 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    .
    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    --- c:\windows\system32\iesetup.dll ---
    Company: Microsoft Corporation
    File Description: IOD Version Map
    File Version: 9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
    Product Name: Windows® Internet Explorer
    Copyright: © Microsoft Corporation. All rights reserved.
    Original Filename: iesetup.dll.mui
    File size: 85504
    Created time: 2011-06-04 18:51
    Modified time: 2011-06-04 18:51
    MD5: 93202ED0B473A8FEDFD9F5E668BE72ED
    SHA1: B176086CE516E177DE3C2DDAC8E67D7DF79B9F7C
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-07-13_05.21.14 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-21 03:20 . 2011-07-13 05:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-01-21 03:20 . 2011-07-16 00:51 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-01-21 03:20 . 2011-07-16 00:51 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-01-21 03:20 . 2011-07-13 05:01 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-01-21 03:20 . 2011-07-16 00:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-01-21 03:20 . 2011-07-13 05:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-01-21 02:23 . 2011-07-16 01:31 59848 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 15:45 . 2011-07-16 01:31 83710 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2009-05-07 10:29 . 2011-07-16 01:31 14514 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3158143292-209350120-1254742864-1000_UserData.bin
    + 2011-07-13 22:06 . 2009-06-17 10:37 35328 c:\windows\system32\DriverStore\FileRepository\bth.inf_204106c4\BTHUSB.SYS
    + 2009-09-23 23:11 . 2009-04-11 05:39 26112 c:\windows\system32\DriverStore\FileRepository\bth.inf_204106c4\bthenum.sys
    - 2006-11-02 12:40 . 2011-07-02 13:36 86016 c:\windows\inf\infstor.dat
    + 2006-11-02 12:40 . 2011-07-14 07:19 86016 c:\windows\inf\infstor.dat
    + 2006-11-02 12:40 . 2011-07-14 07:19 51200 c:\windows\inf\infpub.dat
    - 2006-11-02 12:40 . 2011-07-02 13:36 51200 c:\windows\inf\infpub.dat
    + 2009-07-30 07:06 . 2011-07-14 07:19 3440 c:\windows\system32\WDI\ERCQueuedResolutions.dat
    - 2009-07-30 07:06 . 2011-06-28 01:39 3440 c:\windows\system32\WDI\ERCQueuedResolutions.dat
    + 2011-07-16 01:27 . 2011-07-16 01:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-07-13 05:19 . 2011-07-13 05:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-07-16 01:27 . 2011-07-16 01:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-07-13 05:19 . 2011-07-13 05:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-07-13 22:06 . 2011-04-12 16:11 859648 c:\windows\SysWOW64\kernel32.dll
    + 2006-11-02 15:21 . 2011-07-14 07:22 363776 c:\windows\system32\FNTCACHE.DAT
    - 2006-11-02 15:21 . 2011-06-29 07:38 363776 c:\windows\system32\FNTCACHE.DAT
    + 2009-09-23 23:12 . 2009-04-11 07:10 204288 c:\windows\system32\DriverStore\FileRepository\bth.inf_204106c4\fsquirt.exe
    + 2011-07-13 22:06 . 2011-04-21 14:17 695296 c:\windows\system32\DriverStore\FileRepository\bth.inf_204106c4\bthport.sys
    - 2011-02-20 07:41 . 2011-07-13 05:18 371436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-02-20 07:41 . 2011-07-16 01:26 371436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2006-11-02 12:40 . 2011-07-02 13:36 143360 c:\windows\inf\infstrng.dat
    + 2006-11-02 12:40 . 2011-07-14 07:19 143360 c:\windows\inf\infstrng.dat
    + 2006-11-02 12:40 . 2011-07-14 07:19 665600 c:\windows\inf\drvindex.dat
    - 2006-11-02 12:40 . 2009-12-25 06:39 665600 c:\windows\inf\drvindex.dat
    + 2011-07-13 22:06 . 2011-04-12 16:15 1210880 c:\windows\system32\kernel32.dll
    - 2011-06-17 07:29 . 2011-07-13 05:18 6729356 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3158143292-209350120-1254742864-1000-8192.dat
    + 2011-06-17 07:29 . 2011-07-16 01:26 6729356 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3158143292-209350120-1254742864-1000-8192.dat
    - 2011-06-17 07:29 . 2011-07-08 02:08 1744656 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3158143292-209350120-1254742864-1000-4096.dat
    + 2011-06-17 07:29 . 2011-07-14 07:19 1744656 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3158143292-209350120-1254742864-1000-4096.dat
    + 2006-11-02 12:33 . 2011-07-16 01:26 11272192 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    - 2006-11-02 12:33 . 2011-06-29 07:36 11272192 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2006-11-02 12:35 . 2011-07-14 07:01 50867144 c:\windows\system32\mrt.exe
    + 2011-07-16 01:14 . 2011-07-16 01:14 11026432 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-07 68856]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
    "ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
    "MyWGU Messenger"="c:\program files (x86)\MyWGU Messenger\MyWGU-Messenger.exe" [2007-11-30 172544]
    "Aim"="c:\program files (x86)\AIM\aim.exe" [2011-01-05 4321112]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
    "osCheck"="c:\program files (x86)\Norton 360\osCheck.exe" [2008-02-25 988512]
    "Camera Assistant Software"="c:\program files\Camera Assistant Software for Gateway\traybar.exe" [2008-03-29 638976]
    "RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2008-07-22 87336]
    "LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe" [2008-05-14 62760]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 lxdqCATSCustConnectService;lxdqCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdqserv.exe [2009-04-28 29184]
    R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WisINT15;WisINT15;c:\windows\System32\OEM\factory\WisINT15.SYS [x]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
    S1 IDSvia64;Symantec Intrusion Prevention Driver;c:\progra~3\Symantec\DEFINI~1\SymcData\ipsdefs\20110714.001\IDSvia64.sys [2010-09-15 392752]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 27648]
    S2 ETService;Empowering Technology Service;c:\program files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-07-16 24576]
    S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
    S2 lxdq_device;lxdq_device;c:\windows\system32\lxdqcoms.exe [2008-02-27 1044648]
    S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc [x]
    S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-09 136824]
    S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys [x]
    S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys [x]
    S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [x]
    S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
    S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - COMHOST
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1220392]
    "lxdqmon.exe"="c:\program files (x86)\Lexmark Z2400 Series\lxdqmon.exe" [2008-03-27 656040]
    "EzPrint"="c:\program files (x86)\Lexmark Z2400 Series\ezprint.exe" [2008-03-27 107176]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-03 16330272]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://www.yahoo.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 68.87.74.166 68.87.68.166
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
    FF - ProfilePath - c:\users\Billie Watspm\AppData\Roaming\Mozilla\Firefox\Profiles\4n2vsu55.default\
    FF - prefs.js: browser.startup.homepage - hxxp://startskins.com/5124071740/
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 53475
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Billie Watspm\AppData\Roaming\Move Networks
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: printpdf: printpdf@pavlov.net - %profile%\extensions\printpdf@pavlov.net
    FF - Ext: Zynga Community Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{013EE055-89EF-4DC1-AE98-F4884ABDEBBf} - c:\windows\SysWow64\atl32.dll
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker2"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @SACL=
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @SACL=
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @SACL=
    @=""
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @SACL=
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\program files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
    c:\program files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
    c:\program files\Camera Assistant Software for Gateway\CEC_MAIN.exe
    .
    **************************************************************************
    .
    Completion time: 2011-07-15 21:35:08 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-07-16 01:35
    ComboFix2.txt 2011-07-13 05:27
    .
    Pre-Run: 69,558,116,352 bytes free
    Post-Run: 69,328,359,424 bytes free
    .
    - - End Of File - - 14DA8791588392328A31F0A3568DE969
     
  16. meanddee96

    meanddee96 TS Rookie Topic Starter Posts: 16

    java

    v26 installed, and v 5 removed. looked in firefox and ie and the proxy was not set in either.
     
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I'd like you to repeat the Eset scan and leave a new log.

    I recommend that you remove the following in Firefox:
    FF - Ext: Zynga Community Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}

    The Zynga Toolbar is a Conduit "Community Toolbar" - modifies the default IE URL search hook. Conduit toolbars are reputed to have a certain trackware functionality.
    =========================================
    Did you remove the 2 outdated Java versions in Firefox> They were v6u16 and v6u22. You don't need to add an extension to Firefox when you update Java.
    ==========================================
    Please give me update whether redirects have been resolved.
     
  18. meanddee96

    meanddee96 TS Rookie Topic Starter Posts: 16

    esets

    C:\Qoobox\Quarantine\C\ProgramData\atl32.dll.vir a variant of Win32/Kryptik.QJY trojan
    C:\Qoobox\Quarantine\C\Users\Billie Watspm\AppData\Roaming\Mozilla\Firefox\Profiles\4n2vsu55.default\extensions\{a8e0229b-c08e-41cc-9240-c53e5ce1a5e8}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\_OTM\MovedFiles\07152011_210202\C_Program Files (x86)\Audacity 1.3 Beta (Unicode)\AIM6\uninst.exe probably a variant of Win32/StartPage.KFUXYDC trojan
    C:\_OTM\MovedFiles\07152011_210202\C_Windows\System32\atl32.dll probably a variant of Win32/TrojanDownloader.Agent.CQQKFCN trojan
     
  19. meanddee96

    meanddee96 TS Rookie Topic Starter Posts: 16

    Update

    Both older versions of java have been removed.

    Google no longer appears to be redirecting.

    With the zynga toolbar, I'm not sure I fully understood. I went into firefox addons and uninstalled that as an add on. was that sufficient? If there are other steps I need to take, please let me know.
     
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Check in Add/Remove Programs and remove the Conduit Engine.That is usually seen when the user has one of the Conduit Toolbars like Zyanga. Also check for Zyanga and uninstall of present. Quite a lot of the Facebook users have complained about Zynga and some say the program has stolen passwords.

    Check the information about who runs Zynga HERE.
    =======================================
    When you have finished with the uninstalls, run this scan to make sure we've stopped all the bad entries. There is no active entries in Eset.
    Download HijackThis and save to your desktop.
    • Extract it to a directory on your hard drive called c:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
     
  21. meanddee96

    meanddee96 TS Rookie Topic Starter Posts: 16

    hijack this

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:00:23 AM, on 7/22/2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files (x86)\Lexmark Z2400 Series\ezprint.exe
    C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
    c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\WinRAR\WinRAR.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0309&m=p-7805u&c=BB
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {013EE055-89EF-4DC1-AE98-F4884ABDEBBf} - C:\Windows\SysWow64\atl32.dll (file missing)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    O2 - BHO: NitroPDFBHO Class - {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - C:\Program Files (x86)\Nitro PDF\PDF Download\NitroPDF.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "c:\Program Files (x86)\Norton 360\osCheck.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: PDF Download - {F1C0FD6C-A6A0-49a7-A932-71A56461867F} - C:\Program Files (x86)\Nitro PDF\PDF Download\NitroPDF.dll (HKCU)
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: lxdqCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxdqserv.exe
    O23 - Service: lxdq_device - - C:\Windows\system32\lxdqcoms.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)
    O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

    --
    End of file - 11051 bytes
     
  22. meanddee96

    meanddee96 TS Rookie Topic Starter Posts: 16

    Conduit Engine

    I could not find anything with the names "conduit engine" or "zynga" in the add/remove program screen.
     
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay on Zynga. I checked back to your installed programs and didn't see the Conduit Engine. My mistake- so far everyone I've seen who has a Conduit toolbar has shown the Conduit Engine installed.

    Please let me know if you're going to finish. Thread will be closed in 1 more day if no reply.
     
  24. meanddee96

    meanddee96 TS Rookie Topic Starter Posts: 16

    follow up

    Thanks so much for all of your help. What a tremendous service! Was there a step I was missing, or do you think things look good to go?
     
  25. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Looking good! Remove all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
      [o] Click START> then RUN
      [o] Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Download OTCleanIt by OldTimer and save it to your Desktop.
      [o] Double click OTCleanIt.exe.
      [o] Click the CleanUp! button.
      [o] If you are prompted to Reboot during the cleanup, select Yes.
      [o]The tool will delete itself once it finishes.
      Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
      Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    • Set a new, clean Restore Point
      [o] Click on Start> right click on Computer> Properties
      [o] Select System Protection
      [o] Click on the Create button (near bottom)
      [o] Type a name for the Restore Point
      [o] Click on Create again to save the restore point.
    • Deleting all but the most recent System Protection point in Windows 7
      [o] Click Start> Computer> right click the C Drive and choose Properties> enter.
      [o] Click Disk Cleanup from there.
      [​IMG]
      [o] Click Clean up system files
      This restarts Disk Cleanup to run in elevated mode.
      [o] Click the More Options tab
      [​IMG]
      [o] Click the Clean up under System Restore and Shadow Copies.
      [o] Click OK.
      [o] You will get a confirmation screen> Just click Delete.
      [o] Click OK on the Disk Cleanup Screen.
      [o] Click Delete Files on the Confirmation screen.
    [​IMG]
    This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
    Images courtesy lytebyte.

    Empty the Recycle Bin

    Let me know if you have any more questions.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...