TechSpot

Ran 8 Step Virus Removal Now Need Help With Next Step

Inactive
By sstookey
Mar 27, 2011
Topic Status:
Not open for further replies.
  1. Hello,

    I recently obtained a malware virus (at least that's what I think it is)through a link on facebook. I tried cleaning it out the but I was still having problems connecting to Firefox, each time it said the proxy server refused connection.
    I followed the 8 step removal process found on a thread in the forum. Below are my results. The GMER log was blank, not sure if I did something wrong.

    Any help is greatly appreciated!

    MBAM
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6181

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.19019

    3/27/2011 1:00:09 AM
    mbam-log-2011-03-27 (01-00-09).txt

    Scan type: Quick scan
    Objects scanned: 158036
    Time elapsed: 14 minute(s), 29 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    DDS
    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Susie at 14:39:19.71 on Sun 03/27/2011
    Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_23
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.958.158 [GMT -7:00]
    .
    AV: Norton Security Suite *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Security Suite *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Norton Security Suite *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Norton Security Suite\Engine\4.0.0.127\ccSvcHst.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\Vongo\VongoService.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Norton Security Suite\Engine\4.0.0.127\ccSvcHst.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEDA.EXE
    C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
    C:\Program Files\Vongo\Tray.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Users\Susie\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.comcast.net/
    uWindow Title = Windows Internet Explorer provided by Comcast
    mStart Page = hxxp://www.comcast.net/
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
    mWindow Title = Windows Internet Explorer provided by Comcast
    uInternet Settings,ProxyOverride = <local>
    mURLSearchHooks: H - No File
    BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.0.0.127\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.0.0.127\IPSBHO.DLL
    BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
    TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.0.0.127\coIEPlg.dll
    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [EPSON NX100 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatieda.exe /fu "c:\windows\temp\E_S2DFD.tmp" /EF "HKCU"
    uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
    uRun: [conhost] c:\users\susie\appdata\roaming\microsoft\conhost.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
    mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
    mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
    mRun: [<NO NAME>]
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vongot~1.lnk - c:\windows\installer\{8c3ae2d1-854d-4650-a73d-c7cc7ee36b80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab
    DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\susie\appdata\roaming\mozilla\firefox\profiles\5r97sh6l.default\
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 53657
    FF - prefs.js: network.proxy.type - 1
    FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0400000.07f\SymDS.sys [2011-3-26 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0400000.07f\SymEFA.sys [2011-3-26 172592]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20091205.001\BHDrvx86.sys [2011-3-26 529456]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0400000.07f\cchpx86.sys [2011-3-26 501888]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20091105.001\IDSVix86.sys [2011-3-26 343088]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0400000.07f\Ironx86.sys [2011-3-26 116272]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0400000.07f\symtdiv.sys [2011-3-26 340016]
    R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-5-5 616408]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-11-23 21504]
    R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.0.0.127\ccSvcHst.exe [2011-3-26 126392]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-3-26 102448]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
    .
    =============== Created Last 30 ================
    .
    2011-03-27 18:50:07 100480 ----a-w- C:\ugloypod.sys
    2011-03-27 08:06:42 -------- d-----w- c:\users\susie\appdata\local\CrashDumps
    2011-03-27 07:44:24 -------- d-----w- c:\users\susie\appdata\roaming\Malwarebytes
    2011-03-27 07:43:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-03-27 07:43:44 -------- d-----w- c:\progra~2\Malwarebytes
    2011-03-27 07:43:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-27 07:43:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-03-27 05:18:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
    2011-03-27 05:18:17 107368 ----a-r- c:\windows\system32\GEARAspi.dll
    2011-03-27 05:18:09 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2011-03-27 05:17:27 -------- d-----w- c:\program files\Symantec
    2011-03-27 05:16:37 43696 ----a-r- c:\windows\system32\drivers\n360\0400000.07f\srtspx.sys
    2011-03-27 05:16:37 340016 ----a-r- c:\windows\system32\drivers\n360\0400000.07f\symtdiv.sys
    2011-03-27 05:16:37 328752 ----a-r- c:\windows\system32\drivers\n360\0400000.07f\SymDS.sys
    2011-03-27 05:16:37 325168 ----a-r- c:\windows\system32\drivers\n360\0400000.07f\srtsp.sys
    2011-03-27 05:16:37 172592 ----a-r- c:\windows\system32\drivers\n360\0400000.07f\SymEFA.sys
    2011-03-27 05:16:37 116272 ----a-r- c:\windows\system32\drivers\n360\0400000.07f\Ironx86.sys
    2011-03-27 05:16:36 501888 ----a-r- c:\windows\system32\drivers\n360\0400000.07f\cchpx86.sys
    2011-03-27 05:15:43 -------- d-----w- c:\windows\system32\drivers\n360\0400000.07F
    2011-03-27 05:15:43 -------- d-----w- c:\windows\system32\drivers\N360
    2011-03-27 05:15:41 -------- d-----w- c:\program files\Norton Security Suite
    2011-03-27 05:14:38 -------- d-----w- c:\program files\NortonInstaller
    2011-03-27 04:54:58 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{32676a7a-a7a8-4774-87a9-357bb6c7e949}\mpengine.dll
    2011-03-26 22:24:02 2048 ----a-w- c:\windows\system32\winrsmgr.dll
    2011-03-26 22:21:49 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
    2011-03-26 22:21:48 40448 ----a-w- c:\windows\system32\winrs.exe
    2011-03-26 22:21:48 20480 ----a-w- c:\windows\system32\winrshost.exe
    2011-03-26 22:21:33 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
    2011-03-26 22:21:32 10240 ----a-w- c:\windows\system32\winrssrv.dll
    2011-03-26 22:21:23 81408 ----a-w- c:\windows\system32\wevtfwd.dll
    2011-03-26 22:21:23 79872 ----a-w- c:\windows\system32\wecutil.exe
    2011-03-26 22:21:23 56320 ----a-w- c:\windows\system32\wecapi.dll
    2011-03-26 22:21:23 146944 ----a-w- c:\windows\system32\wecsvc.dll
    2011-03-26 22:21:22 54272 ----a-w- c:\windows\system32\WsmRes.dll
    2011-03-26 22:21:20 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
    2011-03-26 22:20:32 201184 ----a-w- c:\windows\system32\winrm.vbs
    2011-03-26 22:20:23 145408 ----a-w- c:\windows\system32\WsmAuto.dll
    2011-03-26 22:20:22 241152 ----a-w- c:\windows\system32\winrscmd.dll
    2011-03-26 22:20:22 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
    2011-03-26 22:20:21 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
    2011-03-26 22:20:21 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
    2011-03-26 22:20:19 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
    2011-03-24 03:20:59 1169408 ----a-w- c:\windows\system32\sdclt.exe
    2011-03-24 03:20:57 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2011-03-24 03:20:54 429056 ----a-w- c:\windows\system32\EncDec.dll
    2011-03-24 03:20:54 322560 ----a-w- c:\windows\system32\sbe.dll
    2011-03-24 03:20:53 177664 ----a-w- c:\windows\system32\mpg2splt.ax
    2011-03-24 03:20:53 153088 ----a-w- c:\windows\system32\sbeio.dll
    2011-03-24 03:17:54 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-03-24 03:17:54 2067968 ----a-w- c:\windows\system32\mstscax.dll
    .
    ==================== Find3M ====================
    .
    2011-02-22 14:13:01 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-02-22 13:33:12 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-02-22 13:33:09 797696 ----a-w- c:\windows\system32\FntCache.dll
    2011-02-03 01:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
    2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
    2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
    2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
    2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
    2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
    2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
    2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
    2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
    2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
    2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
    .
    ============= FINISH: 14:42:02.35 ===============
    Attach.text
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/22/2007 7:24:15 PM
    System Uptime: 3/27/2011 2:27:32 PM (0 hours ago)
    .
    Motherboard: Quanta | | 30CF
    Processor: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-55 | Socket S1 | 1600/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 141 GiB total, 58.87 GiB free.
    D: is FIXED (NTFS) - 8 GiB total, 1.804 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    AcademicOnline Interactive Mathematics
    Activation Assistant for the 2007 Microsoft Office suites
    ActiveCheck component for HP Active Support Library
    Activstudio Flipchart Viewer v3.0.2436
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 9 ActiveX
    Adobe Reader 8.1.3
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bing Bar
    Bonjour
    CA Pest Patrol Realtime Protection
    Choice Guard
    Comcast High-Speed Internet Install Wizard
    Comcast Toolbar 3.0
    Conexant HD Audio
    Desktop Doctor
    Epson Easy Photo Print 2
    EPSON NX100 Series Printer Uninstall
    EPSON Scan
    ESU for Microsoft Vista
    HDAUDIO Soft Data Fax Modem with SmartCP
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Active Support Library 32 bit components
    HP Customer Experience Enhancements
    HP Doc Viewer
    HP Easy Setup - Frontend
    HP Help and Support
    HP Photosmart Essential 2.0
    HP Photosmart Essential2.5
    HP Quick Launch Buttons 6.20 B1
    HP QuickPlay 3.2
    HP Total Care Advisor
    HP Update
    HP User Guides 0057
    HP Wireless Assistant
    HPAsset component for HP Active Support Library
    HPNetworkAssistant
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 23
    Java(TM) 6 Update 3
    Java(TM) SE Runtime Environment 6
    LightScribe 1.6.43.1
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office XP Professional with FrontPage
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    Mozilla Firefox 4.0 (x86 en-US)
    MSCU for Microsoft Vista
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee autoProducer 6.0
    My HP Games
    Norton Security Suite
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    PSSWCORE
    QuickTime
    Rhapsody
    Rhapsody Player Engine
    Roxio Activation Module
    Roxio Creator Audio
    Roxio Creator Basic v9
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator EasyArchive
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio MyDVD Basic v9
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Skype™ 4.0
    SmartAudio
    Spelling Dictionaries Support For Adobe Reader 8
    Synaptics Pointing Device Driver
    TomTom HOME 2.7.5.2014
    TomTom HOME Visual Studio Merge Modules
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Vongo
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Yahoo! Toolbar
    Yahoo! Toolbar for Internet Explorer
    .
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot!

    Have a look at this while I check these logs: http://www.techspot.com/vb/topic162959.html

    Reset your browser proxies
    • Open Firefox, click on "Tools" then "Options" and then on "Advanced".
    • Click on the "Network" tab, and then on the "Settings" button.
    • Please make sure that the "No Proxy" option is selected.
    ====================================================
    Then Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
    10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    11. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the clipboard you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
  3. sstookey

    sstookey TS Rookie Topic Starter

    I did as you suggested for Firefox and it is now working. Below are the results from the virus scan. Thank you VERY much for your help!

    C:\as3_ins\im_web_client\iss2.tar.gz probably a variant of Win32/TrojanDownloader.Banload.DZKPMDV trojan
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    YES!! I needed that! My internet went down-again-and it's nice to have something go right. Glad you got FF back! I'm trying to catch up so go ahead with this:

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files 
      C:\as3_ins\im_web_client\iss2.tar.gz 
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    =====================================
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
  5. sstookey

    sstookey TS Rookie Topic Starter

    Here are the logs from both scans.
    All processes killed
    ========== FILES ==========
    C:\as3_ins\im_web_client\iss2.tar.gz moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    User: Susie
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 50837030 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 31405409 bytes
    ->Flash cache emptied: 1119 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2411958 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33301 bytes
    %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
    RecycleBin emptied: 87241 bytes

    Total Files Cleaned = 81.00 mb


    OTM by OldTimer - Version 3.1.17.2 log created on 03292011_210450

    Files moved on Reboot...
    C:\Windows\temp\sqlite_ct1erCdbrMgAVtn moved successfully.

    Registry entries deleted on Reboot...

    Combofix
    ComboFix 11-03-29.03 - Susie 03/29/2011 21:43:44.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.958.356 [GMT -7:00]
    Running from: c:\users\Susie\Desktop\ComboFix.exe
    AV: Norton Security Suite *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    FW: Norton Security Suite *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    SP: Norton Security Suite *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system\CW3215.DLL
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-30 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-30 04:58 . 2011-03-30 04:58 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-03-30 04:34 . 2011-03-30 04:34 -------- d-----w- c:\users\Susie\AppData\Roaming\Tific
    2011-03-30 04:04 . 2011-03-30 04:04 -------- d-----w- C:\_OTM
    2011-03-28 00:17 . 2011-03-28 00:17 -------- d-----w- c:\program files\ESET
    2011-03-27 22:18 . 2011-03-27 22:18 -------- d-----w- c:\users\Susie\Office Genuine Advantage
    2011-03-27 18:50 . 2011-03-27 18:50 100480 ----a-w- C:\ugloypod.sys
    2011-03-27 08:06 . 2011-03-27 19:41 -------- d-----w- c:\users\Susie\AppData\Local\CrashDumps
    2011-03-27 07:44 . 2011-03-27 07:44 -------- d-----w- c:\users\Susie\AppData\Roaming\Malwarebytes
    2011-03-27 07:43 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-03-27 07:43 . 2011-03-27 07:43 -------- d-----w- c:\programdata\Malwarebytes
    2011-03-27 07:43 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-27 07:43 . 2011-03-27 07:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-03-27 05:18 . 2009-05-18 22:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
    2011-03-27 05:18 . 2008-04-17 21:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll
    2011-03-27 05:18 . 2011-03-27 05:17 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2011-03-27 05:17 . 2011-03-27 05:18 -------- d-----w- c:\program files\Symantec
    2011-03-27 05:15 . 2011-03-30 01:54 -------- d-----w- c:\windows\system32\drivers\N360
    2011-03-27 05:15 . 2011-03-27 05:15 -------- d-----w- c:\program files\Norton Security Suite
    2011-03-27 05:14 . 2011-03-27 05:14 -------- d-----w- c:\program files\NortonInstaller
    2011-03-27 04:54 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32676A7A-A7A8-4774-87A9-357BB6C7E949}\mpengine.dll
    2011-03-26 22:24 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
    2011-03-26 22:21 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
    2011-03-26 22:21 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
    2011-03-26 22:21 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
    2011-03-26 22:21 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
    2011-03-26 22:21 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\winrssrv.dll
    2011-03-26 22:21 . 2009-10-09 21:55 79872 ----a-w- c:\windows\system32\wecutil.exe
    2011-03-26 22:21 . 2009-10-09 21:55 146944 ----a-w- c:\windows\system32\wecsvc.dll
    2011-03-26 22:21 . 2009-10-09 21:55 81408 ----a-w- c:\windows\system32\wevtfwd.dll
    2011-03-26 22:21 . 2009-10-09 21:55 56320 ----a-w- c:\windows\system32\wecapi.dll
    2011-03-26 22:21 . 2009-10-09 21:55 54272 ----a-w- c:\windows\system32\WsmRes.dll
    2011-03-26 22:21 . 2009-10-09 21:56 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
    2011-03-26 22:20 . 2009-08-01 06:27 201184 ----a-w- c:\windows\system32\winrm.vbs
    2011-03-26 22:20 . 2009-10-09 21:56 145408 ----a-w- c:\windows\system32\WsmAuto.dll
    2011-03-26 22:20 . 2009-10-09 21:56 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
    2011-03-26 22:20 . 2009-10-09 21:56 241152 ----a-w- c:\windows\system32\winrscmd.dll
    2011-03-26 22:20 . 2009-10-09 21:56 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
    2011-03-26 22:20 . 2009-10-09 21:55 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
    2011-03-26 22:20 . 2009-10-09 21:56 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
    2011-03-24 03:20 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
    2011-03-24 03:20 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-03-24 03:20 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
    2011-03-24 03:20 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
    2011-03-24 03:20 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
    2011-03-24 03:20 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
    2011-03-24 03:17 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
    2011-03-24 03:17 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-03 01:11 . 2010-08-29 21:59 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-03-18 17:53 . 2011-03-27 06:49 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-06-24 247144]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-28 24103720]
    "ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-05-05 1622488]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1021224]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    Vongo Tray.lnk - c:\windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-8-4 53248]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0402000.00C\SYMDS.SYS [2009-10-15 328752]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0402000.00C\SYMEFA.SYS [2010-04-22 173104]
    S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110309.001\BHDrvx86.sys [2011-03-10 800376]
    S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0402000.00C\ccHPx86.sys [2010-02-26 501888]
    S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110325.002\IDSvix86.sys [2011-03-14 353912]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0402000.00C\Ironx86.SYS [2010-04-29 116784]
    S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0402000.00C\SYMTDIV.SYS [2010-05-06 339504]
    S2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-05-05 616408]
    S2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe [2010-02-26 126392]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-06-24 92008]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-03-27 102448]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-30 c:\windows\Tasks\User_Feed_Synchronization-{561C2A8C-0849-49F7-9DCD-52AE82D74E53}.job
    - c:\windows\system32\msfeedssync.exe [2011-03-24 04:47]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.comcast.net/
    mStart Page = hxxp://www.comcast.net/
    mWindow Title = Windows Internet Explorer provided by Comcast
    uInternet Settings,ProxyOverride = <local>
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Susie\AppData\Roaming\Mozilla\Firefox\Profiles\5r97sh6l.default\
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 53657
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    HKCU-Run-conhost - c:\users\Susie\AppData\Roaming\Microsoft\conhost.exe
    HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    HKLM-Run-hpWirelessAssistant - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    HKLM-Run-WAWifiMessage - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-29 21:58
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.2.0.12\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(704)
    c:\program files\CA\PPRT\bin\CACheck.dll
    c:\program files\CA\PPRT\bin\CAHook.dll
    c:\program files\CA\PPRT\bin\CAServer.dll
    .
    Completion time: 2011-03-29 22:05:20
    ComboFix-quarantined-files.txt 2011-03-30 05:05
    .
    Pre-Run: 67,638,665,216 bytes free
    Post-Run: 67,755,507,712 bytes free
    .
    - - End Of File - - 104699687EBD91ED79B96D3FF03BF71A
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Note: When you first signed up with Comcast in 2008, it's standard procedure for Comcast technicians to install software on your computer when they set up your Internet connection. However, you don't need to run any Comcast software to connect to the Internet. You have good security running and don't need these processes. Frequently, users don't even realize they are on the system and add their own security. This redundancy is a possible cause for conflict as well as an unneeded process for malware to hide behind.

    I'd also like to make you aware that you are loading the processes for CA Pest Patrol on boot and it is running in Real Time. I would be concerned about possible conflict with your Norton security and recommend that this too be uninstalled

    With your permission, I'd like to guide you into an uninstall of the entries and remove the processes I see in the log. Many times, malware isn't always the answer to a system not running well, so this is not meant to take the place of the cleaning, but rather to improve the system performance and avoid possible conflicts.


    Are you in agreement with that?
  7. sstookey

    sstookey TS Rookie Topic Starter

    Thank you again for all of you help! I would be fine with uninstalling what you mentioned to help my computer run more efficiently. Thank you for your input.

    Susie
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    You're welcome Susie- I'm shutting down due to a storm. Will set up tomorrow AM.
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Well Susie, if you live in the US, you might have read that the 'storm' I closed dow for was a massive front, with high winds, pelting rain and tornadoes. Have you heard the old saying "The hurrier I go, the behinder I get?!" So Please forgive me for the delay.

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\users\Susie\AppData\Local\CrashDumps
    c:\windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe 
    c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe 
    c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.ex
    FileLook::
    C:\ugloypod.sys
    
    DDS::
    mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
    mRun: [<NO NAME>] 
    uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
    uInternet Settings,ProxyOverride = <local>
    mURLSearchHooks: H - No File
    
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ComcastAntispyClient"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ddoctorv2"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=-
    Driver::
    AntiSpywareService
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe
    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    How to Remove Comcast Spamware
    1. Click "Start"> "Settings"> "Control Panel."
    2. Double-click "Add/Remove Programs"
    3. Select Desktop Doctor> click "Remove"> If confirmation prompt> click "Yes."
    4. Scroll down to Service Agent> Click Remove - do the same for any other programs installed by Comcast, including redundant anti-virus software.
    5. Bring up the "Run" command from the Windows Start menu. In the box labeled "Open," type Rundll32 iedkcs32.dll,Clear(note space ater the 2 before ie)
    6. Click Tools in IE> Go to Internet Options> Programs tab > Manage Add-ons
    7. Look for Comcast-branded browser add-ons called "ComcastHSI" and "Support." Click to hilight> click Disable for each.
    SourceL eHow.
    ==================================
    Please let me know how the system is doing.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.