TechSpot

Think Point and other issues

By BrianB
Nov 8, 2010
  1. Hi all,

    A few months ago I uninstalled Norton AV and Internet security in favor of MS Security Essentials. Last week I was hit with the THink Point trojan horse. Not sure anyone here has heard of that one yet. I followed instructions I found online and it looks like I got rid of it. But I put Norton back on and it keeps telling me it is blocking attacks from IKATURL11.com and 96b6b96b.com. PC is running slow and locks up a lot. I'm wondering if Think Point is not gone or if I've had something for a while and now that I put Norton back on it's detecting it. I can say I've gone in the basement in the middle of the night and heard this PC running loud and hard like NASA is using it to launch space shuttles. Something isn't right. I need help and I hope someone here can lend a hand.

    Thanks
     
  2. BrianB

    BrianB TS Rookie Topic Starter Posts: 39

    Oops sorry I see I should have pasted a log here. I am in a rush as I'm at work so I didn't see that till now. Sorry. I will work on that.
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Slow down please and do it right:


    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
     
  4. BrianB

    BrianB TS Rookie Topic Starter Posts: 39

    Will do. When I get home tonight I'll post logs. Reading through the 8 step process right now. Sorry
     
  5. BrianB

    BrianB TS Rookie Topic Starter Posts: 39

    I ran Norton AV and removed 26 low threat tracking cookies.
    I ran TFC and it removed countless Temp Files.
    (I am now getting Error Loading C:/windows/WIFCIA.DLL when I reboot. I press OK to get past it. That's a new one though.)

    Updated and ran Malwarebytes and here is log:
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5085

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    11/9/2010 7:33:44 PM
    mbam-log-2010-11-09 (19-33-44).txt

    Scan type: Quick scan
    Objects scanned: 154191
    Time elapsed: 9 minute(s), 19 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    Now I shall run GMER.
     
  6. BrianB

    BrianB TS Rookie Topic Starter Posts: 39

    I forgot to mention that I found hotfix.exe in C:/windows/microsoft.net framework/v1.1.4322/updates and deleted it also.

    Here is the Gmer log:

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-11-09 20:06:41
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort1 WDC_WD800JD-75JNC0 rev.06.01C06
    Running: nnm4slrz.exe; Driver: C:\DOCUME~1\Brian\LOCALS~1\Temp\pxtdipow.sys


    ---- System - GMER 1.0.15 ----

    SSDT 8AAB60B0 ZwAlertResumeThread
    SSDT 8AAB6B28 ZwAlertThread
    SSDT 8AAB7A70 ZwAllocateVirtualMemory
    SSDT 8A8BB108 ZwAssignProcessToJobObject
    SSDT 8AB0FF38 ZwConnectPort
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0x9BB7C210]
    SSDT 8A8FD008 ZwCreateMutant
    SSDT 8A95AC18 ZwCreateSymbolicLinkObject
    SSDT 8AC3DCF0 ZwCreateThread
    SSDT 8AE024F8 ZwDebugActiveProcess
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0x9BB7C490]
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0x9BB7C9F0]
    SSDT 8AAE92A8 ZwDuplicateObject
    SSDT 8AAA8800 ZwFreeVirtualMemory
    SSDT 8AAB4BA0 ZwImpersonateAnonymousToken
    SSDT 8AAB5810 ZwImpersonateThread
    SSDT 8AC54768 ZwLoadDriver
    SSDT 8AC89008 ZwMapViewOfSection
    SSDT 8AAB4988 ZwOpenEvent
    SSDT 8A8EB1D0 ZwOpenProcess
    SSDT 8AAB90F8 ZwOpenProcessToken
    SSDT 8AAB40E0 ZwOpenSection
    SSDT 8AAF6188 ZwOpenThread
    SSDT 8A9665C8 ZwProtectVirtualMemory
    SSDT 8AAB6DB8 ZwResumeThread
    SSDT 8AAB7298 ZwSetContextThread
    SSDT 8AA93798 ZwSetInformationProcess
    SSDT 8AAB3E98 ZwSetSystemInformation
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0x9BB7CC40]
    SSDT 8AAB4468 ZwSuspendProcess
    SSDT 8AAB6FD0 ZwSuspendThread
    SSDT 8AAB9130 ZwTerminateProcess
    SSDT 8AAB7120 ZwTerminateThread
    SSDT 8AAB8358 ZwUnmapViewOfSection
    SSDT 8AAB39D8 ZwWriteVirtualMemory

    ---- Kernel code sections - GMER 1.0.15 ----

    ? SYMDS.SYS The system cannot find the file specified. !
    ? SYMEFA.SYS The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\System32\svchost.exe[1056] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CB000A
    .text C:\WINDOWS\System32\svchost.exe[1056] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00CC000A
    .text C:\WINDOWS\System32\svchost.exe[1056] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00CA000C
    .text C:\WINDOWS\System32\svchost.exe[1056] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 018E000A
    .text C:\WINDOWS\System32\svchost.exe[1056] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00D8000A
    .text C:\WINDOWS\Explorer.EXE[1604] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C6000A
    .text C:\WINDOWS\Explorer.EXE[1604] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C7000A
    .text C:\WINDOWS\Explorer.EXE[1604] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C2000C

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe[244] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe[244] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe[244] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe[244] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe[244] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe[244] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe[244] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe[244] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe[244] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe[244] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe[244] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe[244] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe[244] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe[244] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe[244] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe[244] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe[244] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe[244] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe[244] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe[244] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe[244] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe[244] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe[244] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe[244] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe[244] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe[244] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe[244] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe[244] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe[244] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe[244] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe[244] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe[244] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe[244] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe[244] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe[244] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe[244] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe[244] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe[244] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe[244] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[520] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [012C3880] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[520] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [012C3930] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[520] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [012C3A60] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[520] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [012C39D0] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\Vid\Vid.exe[1016] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [05423880] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\Vid\Vid.exe[1016] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [05423930] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\Vid\Vid.exe[1016] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [05423A60] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\Vid\Vid.exe[1016] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [054239D0] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

    ---- Devices - GMER 1.0.15 ----

    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8AE9E292
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8AE9E292
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8AE9E292

    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskWDC_WD800JD-75JNC0______________________06.01C06#5&2a36c317&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Classes\CLSID\{7D123B2E-0C5F-D919-194C2B3C78E1FEC1}\{313463E6-9B37-5C56-F570B6CAA31EBA6B}\{14D54DC1-EDC1-0F67-65A1433CC409F39D}
    Reg HKLM\SOFTWARE\Classes\CLSID\{7D123B2E-0C5F-D919-194C2B3C78E1FEC1}\{313463E6-9B37-5C56-F570B6CAA31EBA6B}\{14D54DC1-EDC1-0F67-65A1433CC409F39D}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{DA5FD177-5ED9-D129-A0BCADEF3ACDBDBC}\{79EAF540-0E74-317B-4A6E156139C845D3}\{99F2609B-7483-5DDB-3E9DF7E4B6714B5D}
    Reg HKLM\SOFTWARE\Classes\CLSID\{DA5FD177-5ED9-D129-A0BCADEF3ACDBDBC}\{79EAF540-0E74-317B-4A6E156139C845D3}\{99F2609B-7483-5DDB-3E9DF7E4B6714B5D}@WHRUBFTNUT3JMXQXKMKSXOBADA1 0x01 0x00 0x01 0x00 ...

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior; TDL4 <-- ROOTKIT !!!
    Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sectors 156249744 (+255): rootkit-like behavior;

    ---- EOF - GMER 1.0.15 ----
     
  7. BrianB

    BrianB TS Rookie Topic Starter Posts: 39

    Here is the "Attach" Log:

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-09.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 7/14/2006 4:13:44 PM
    System Uptime: 11/9/2010 7:39:17 PM (1 hours ago)

    Motherboard: Dell Inc. | | 0G8310
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 74 GiB total, 9.707 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    G: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1272: 8/25/2010 9:19:22 PM - Software Distribution Service 3.0
    RP1273: 8/26/2010 9:19:10 PM - Software Distribution Service 3.0
    RP1274: 8/27/2010 10:15:42 PM - System Checkpoint
    RP1275: 8/28/2010 11:12:58 PM - System Checkpoint
    RP1276: 8/29/2010 1:56:11 AM - Software Distribution Service 3.0
    RP1277: 8/30/2010 2:32:10 AM - System Checkpoint
    RP1278: 8/30/2010 6:34:46 AM - Software Distribution Service 3.0
    RP1279: 8/31/2010 6:34:44 AM - Software Distribution Service 3.0
    RP1280: 9/1/2010 7:32:10 AM - System Checkpoint
    RP1281: 9/2/2010 6:34:48 AM - Software Distribution Service 3.0
    RP1282: 9/3/2010 6:34:44 AM - Software Distribution Service 3.0
    RP1283: 9/4/2010 7:32:10 AM - System Checkpoint
    RP1284: 9/5/2010 2:06:31 AM - Software Distribution Service 3.0
    RP1285: 9/5/2010 3:00:21 AM - Software Distribution Service 3.0
    RP1286: 9/6/2010 3:32:21 AM - System Checkpoint
    RP1287: 9/6/2010 6:34:33 AM - Software Distribution Service 3.0
    RP1288: 9/7/2010 6:35:02 AM - Software Distribution Service 3.0
    RP1289: 9/8/2010 6:35:01 AM - Software Distribution Service 3.0
    RP1290: 9/9/2010 6:34:52 AM - Software Distribution Service 3.0
    RP1291: 9/10/2010 6:34:49 AM - Software Distribution Service 3.0
    RP1292: 9/11/2010 6:34:31 AM - Software Distribution Service 3.0
    RP1293: 9/12/2010 2:05:49 AM - Software Distribution Service 3.0
    RP1294: 9/13/2010 2:32:20 AM - System Checkpoint
    RP1295: 9/13/2010 6:34:32 AM - Software Distribution Service 3.0
    RP1296: 9/14/2010 6:35:00 AM - Software Distribution Service 3.0
    RP1297: 9/15/2010 6:34:32 AM - Software Distribution Service 3.0
    RP1298: 9/16/2010 6:35:01 AM - Software Distribution Service 3.0
    RP1299: 9/16/2010 8:50:41 AM - Software Distribution Service 3.0
    RP1300: 9/17/2010 9:21:59 AM - System Checkpoint
    RP1301: 9/17/2010 10:10:17 AM - Software Distribution Service 3.0
    RP1302: 9/18/2010 10:10:10 AM - Software Distribution Service 3.0
    RP1303: 9/19/2010 2:28:46 AM - Software Distribution Service 3.0
    RP1304: 9/20/2010 2:30:55 AM - System Checkpoint
    RP1305: 9/20/2010 6:34:02 AM - Software Distribution Service 3.0
    RP1306: 9/21/2010 6:34:03 AM - Software Distribution Service 3.0
    RP1307: 9/22/2010 6:34:20 AM - Software Distribution Service 3.0
    RP1308: 9/23/2010 7:30:54 AM - System Checkpoint
    RP1309: 9/24/2010 7:41:29 AM - System Checkpoint
    RP1310: 9/24/2010 8:44:50 PM - Software Distribution Service 3.0
    RP1311: 9/25/2010 9:15:53 PM - System Checkpoint
    RP1312: 9/26/2010 2:14:05 AM - Software Distribution Service 3.0
    RP1313: 9/26/2010 2:19:35 PM - Software Distribution Service 3.0
    RP1314: 9/27/2010 2:18:48 PM - Software Distribution Service 3.0
    RP1315: 9/28/2010 2:19:05 PM - Software Distribution Service 3.0
    RP1316: 9/29/2010 2:19:06 PM - Software Distribution Service 3.0
    RP1317: 9/30/2010 2:19:09 PM - Software Distribution Service 3.0
    RP1318: 9/30/2010 7:10:24 PM - Software Distribution Service 3.0
    RP1319: 10/1/2010 8:04:03 PM - System Checkpoint
    RP1320: 10/2/2010 5:06:53 AM - Software Distribution Service 3.0
    RP1321: 10/3/2010 1:52:24 AM - Software Distribution Service 3.0
    RP1322: 10/4/2010 2:07:28 AM - System Checkpoint
    RP1323: 10/4/2010 9:09:56 AM - Software Distribution Service 3.0
    RP1324: 10/5/2010 9:10:00 AM - Software Distribution Service 3.0
    RP1325: 10/6/2010 9:10:00 AM - Software Distribution Service 3.0
    RP1326: 10/7/2010 9:10:21 AM - Software Distribution Service 3.0
    RP1327: 10/7/2010 9:14:05 PM - Software Distribution Service 3.0
    RP1328: 10/8/2010 7:30:47 PM - Software Distribution Service 3.0
    RP1329: 10/9/2010 8:09:24 PM - System Checkpoint
    RP1330: 10/10/2010 2:17:27 AM - Software Distribution Service 3.0
    RP1331: 10/11/2010 3:10:51 AM - System Checkpoint
    RP1332: 10/11/2010 7:12:39 AM - Software Distribution Service 3.0
    RP1333: 10/12/2010 7:13:17 AM - Software Distribution Service 3.0
    RP1334: 10/13/2010 7:13:34 AM - Software Distribution Service 3.0
    RP1335: 10/14/2010 7:13:32 AM - Software Distribution Service 3.0
    RP1336: 10/15/2010 7:12:40 AM - Software Distribution Service 3.0
    RP1337: 10/16/2010 7:12:56 AM - Software Distribution Service 3.0
    RP1338: 10/17/2010 1:47:57 AM - Software Distribution Service 3.0
    RP1339: 10/17/2010 3:00:33 AM - Software Distribution Service 3.0
    RP1340: 10/18/2010 3:33:50 AM - System Checkpoint
    RP1341: 10/18/2010 2:36:02 PM - Software Distribution Service 3.0
    RP1342: 10/19/2010 3:02:50 PM - System Checkpoint
    RP1343: 10/19/2010 11:05:12 PM - Software Distribution Service 3.0
    RP1344: 10/20/2010 11:05:01 PM - Software Distribution Service 3.0
    RP1345: 10/21/2010 11:04:26 PM - Software Distribution Service 3.0
    RP1346: 10/22/2010 11:04:44 PM - Software Distribution Service 3.0
    RP1347: 10/23/2010 11:05:14 PM - Software Distribution Service 3.0
    RP1348: 10/24/2010 2:18:26 AM - Software Distribution Service 3.0
    RP1349: 10/24/2010 11:05:12 PM - Software Distribution Service 3.0
    RP1350: 10/25/2010 11:05:16 PM - Software Distribution Service 3.0
    RP1351: 10/26/2010 11:05:02 PM - Software Distribution Service 3.0
    RP1352: 10/27/2010 11:04:58 PM - Software Distribution Service 3.0
    RP1353: 10/28/2010 11:05:25 PM - Software Distribution Service 3.0
    RP1354: 10/29/2010 11:05:21 PM - Software Distribution Service 3.0
    RP1355: 10/30/2010 11:05:10 PM - Software Distribution Service 3.0
    RP1356: 10/31/2010 2:18:35 AM - Software Distribution Service 3.0
    RP1357: 10/31/2010 11:05:27 PM - Software Distribution Service 3.0
    RP1358: 11/1/2010 11:05:30 PM - Software Distribution Service 3.0
    RP1359: 11/2/2010 9:46:23 AM - Installed Java(TM) 6 Update 22
    RP1360: 11/2/2010 3:14:03 PM - Installed iTunes
    RP1361: 11/3/2010 2:53:08 PM - Software Distribution Service 3.0
    RP1362: 11/4/2010 2:53:08 PM - Software Distribution Service 3.0
    RP1363: 11/4/2010 7:56:26 PM - Removed Xtranormal State - Showpak-Playgoz-Preview
    RP1364: 11/4/2010 7:56:57 PM - Removed Xtranormal State - SoundPack-Starter Kit
    RP1365: 11/4/2010 7:57:13 PM - Removed Xtranormal State - Voicepack-English-UK-Daniel
    RP1366: 11/4/2010 7:57:26 PM - Removed Xtranormal State - Voicepack-English-UK-Serena
    RP1367: 11/4/2010 7:57:42 PM - Removed Xtranormal State - Voicepack-English-US-Samantha
    RP1368: 11/4/2010 7:57:56 PM - Removed Xtranormal State - Voicepack-English-US-Tom
    RP1369: 11/4/2010 7:58:32 PM - Removed Xtranormal State
    RP1370: 11/5/2010 9:21:29 PM - System Checkpoint
    RP1371: 11/5/2010 10:34:54 PM - Spyware Doctor: Cleaning Threats
    RP1372: 11/7/2010 5:54:14 PM - System Checkpoint

    ==== Installed Programs ======================


    3ivx MPEG-4 5.0.3 (remove only)
    Adobe Acrobat 4.0
    Adobe ActiveShare 1.2
    Adobe Flash Player 10 ActiveX
    Adobe PhotoDeluxe Home Edition 4.0
    Adobe Reader 7.0.5 Language Support
    Adobe Reader 7.0.8
    Adobe Shockwave Player 11.5
    Ahead InCD EasyWrite Reader
    AOL Coach Version 1.0(Build:20030807.3)
    AOL Toolbar 5.0
    AOL Uninstaller (Choose which Products to Remove)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bing Bar
    Bing Bar Platform
    BlackBerry Desktop Software 5.0.1
    BlackBerry® Media Sync
    Bonjour
    Broadcom Advanced Control Suite 2
    CameraHelperMsi
    Canon MF Drivers
    Canon MF Toolbox 4.7.0.0.mf04
    CoffeeCup HTML Editor 2008
    Conexant D850 56K V.9x DFVc Modem
    Confidence Online(tm) for Web Applications
    Creative Broadband Blaster DSL Ethernet/USB 8012U
    Critical Update for Windows Media Player 11 (KB959772)
    Destiny Media Player
    Digital Line Detect
    Drivers Install For Linksys Easylink Advisor
    erLT
    FlipShare
    GearDrvs
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    Highlight Viewer (Windows Live Toolbar)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    hp photosmart 7900 series
    Intel(R) Graphics Media Accelerator Driver
    iPod for Windows 2006-03-23
    iTunes
    J2SE Runtime Environment 5.0 Update 9
    Java Auto Updater
    Java(TM) 6 Update 22
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Juniper Networks Host Checker
    Juniper Networks Setup Client
    Juniper Networks Setup Client Activex Control
    Juniper Terminal Services Client
    Kazoo Player
    Learn2 Player (Uninstall Only)
    Linksys EasyLink Advisor 1.6 (0032)
    LiveUpdate Notice (Symantec Corporation)
    Logitech Vid
    Logitech Webcam Software
    Logitech Webcam Software Driver Package
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Motion Detection
    LWS Pictures And Video
    LWS Video Mask Maker
    LWS VideoEffects
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    MAGIX Media Manager 2004 silver
    MAGIX music maker 10 deLuxe
    Malwarebytes' Anti-Malware
    Map Button (Windows Live Toolbar)
    MetaFrame Presentation Server Web Client for Win32
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Default Manager
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft XML Parser
    Modem Helper
    Move Networks Media Player for Internet Explorer
    MSN
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero Media Player
    Nero OEM
    NeroVision Express 2
    NetWaiting
    Norton 360
    OGA Notifier 2.0.0048.0
    Palm
    Photosmart 140,240,7200,7600,7700,7900 Series
    PowerDVD 5.1
    QuickTime
    RealPlayer Basic
    Rosetta Stone V3
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Skype™ 4.2
    Smart Menus (Windows Live Toolbar)
    Sony Picture Utility
    Sony USB Driver
    Stardust Screen Saver Control 2.1.60
    Stardust Screen Saver QuickStart 2.1
    StuffIt 11
    Text-To-Speech-Runtime
    The Adirondacks - Wild Island of Hope Screen Saver
    Uninstall AOL Emergency Connect Utility 1.0
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB971930)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Verizon High Speed Internet
    Viewpoint Media Player
    Vuze
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Favorites for Windows Live Toolbar
    Windows Live ID Sign-in Assistant
    Windows Live installer
    Windows Live Photo Gallery
    Windows Live Toolbar
    Windows Live Toolbar Extension (Windows Live Toolbar)
    Windows Live Writer
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WMV Converter 2.5

    ==== Event Viewer Messages From Past Week ========

    11/9/2010 6:40:14 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccHP eeCtrl Fips intelppm SRTSPX SymIRON SYMTDI
    11/8/2010 7:09:14 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    11/8/2010 6:01:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    11/7/2010 7:27:01 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
    11/7/2010 7:27:01 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Norton 360\Engine\4.2.0.12\coIEPlg.dll. Reference error message: The operation completed successfully. .
    11/7/2010 7:27:01 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
    11/7/2010 4:53:18 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 00123F3E0BCE has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    11/6/2010 9:12:13 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
    11/6/2010 9:07:11 AM, error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.
    11/6/2010 9:07:11 AM, error: Service Control Manager [7000] - The Symantec Real Time Storage Protection service failed to start due to the following error: Cannot create a file when that file already exists.
    11/6/2010 9:07:01 AM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
    11/6/2010 9:06:30 AM, error: Service Control Manager [7022] - The PC Tools Security Service service hung on starting.
    11/6/2010 8:28:29 AM, error: Service Control Manager [7031] - The Google Software Updater service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 900000 milliseconds: Restart the service.
    11/6/2010 6:30:15 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    11/6/2010 6:00:15 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    11/6/2010 5:45:15 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    11/6/2010 12:38:27 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
    11/6/2010 12:38:27 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/5/2010 6:52:01 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AOL Connectivity Service service to connect.
    11/5/2010 6:52:01 PM, error: Service Control Manager [7000] - The AOL Connectivity Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/5/2010 6:45:53 PM, error: Service Control Manager [7023] - The 6to4 service terminated with the following error: Access is denied.
    11/5/2010 6:43:58 PM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    11/5/2010 6:19:59 PM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
    11/5/2010 5:14:20 AM, error: Service Control Manager [7034] - The Google Update Service (gupdate1c9f44852430e5e) service terminated unexpectedly. It has done this 1 time(s).
    11/5/2010 5:10:56 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/5/2010 5:10:42 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
    11/5/2010 5:08:46 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    11/5/2010 4:51:08 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}
    11/4/2010 8:21:42 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    11/4/2010 7:43:16 PM, error: Microsoft Antimalware [2001] -
    11/4/2010 6:53:04 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
    11/4/2010 6:53:04 PM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/4/2010 6:32:11 PM, error: Service Control Manager [7034] - The FlipShare Service service terminated unexpectedly. It has done this 1 time(s).
    11/4/2010 11:50:53 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    11/4/2010 11:37:54 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
    11/4/2010 11:29:17 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm MpFilter
    11/4/2010 10:16:21 PM, error: Print [19] - Sharing printer failed + 1722, Printer hp photosmart 7900 series share name Printer2.
    11/4/2010 10:11:44 PM, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).
    11/2/2010 2:56:53 PM, error: SideBySide [61] - Syntax error in manifest or policy file "C:\Program Files\Apple Software Update\Plugins\MSIInstallPlugin.dll.Manifest" on line 2. The required attribute version is missing from element assemblyIdentity.
    11/2/2010 2:56:53 PM, error: SideBySide [61] - Syntax error in manifest or policy file "C:\Program Files\Apple Software Update\Plugins\EXEInstallPlugin.dll.Manifest" on line 2. The required attribute version is missing from element assemblyIdentity.
    11/2/2010 2:56:53 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Apple Software Update\Plugins\MSIInstallPlugin.dll.Manifest. Reference error message: The operation completed successfully. .
    11/2/2010 2:56:53 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Apple Software Update\Plugins\EXEInstallPlugin.dll.Manifest. Reference error message: The operation completed successfully. .
    11/2/2010 2:56:53 PM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Program Files\Apple Software Update\Plugins\MSIInstallPlugin.dll.Manifest" on line 2.
    11/2/2010 2:56:53 PM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Program Files\Apple Software Update\Plugins\EXEInstallPlugin.dll.Manifest" on line 2.
    11/2/2010 2:47:27 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

    ==== End Of File ===========================
     
  8. BrianB

    BrianB TS Rookie Topic Starter Posts: 39

    Here is the "DDS" Log:

    DDS (Ver_10-11-09.01) - NTFSx86
    Run by Brian at 20:15:01.03 on Tue 11/09/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2336 [GMT -5:00]

    AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Creative\8xxx\bbui.exe
    C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\MSN Toolbar\Platform\5.0.1363.0\mswinext.exe
    C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Logitech\Vid\Vid.exe
    svchost.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\WINDOWS\FSScrCtl.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Documents and Settings\Brian\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.optimum.net/Home
    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.3.0.5\IPSBHO.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
    BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
    BHO: 1 (0x1) - No File
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1363.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
    TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
    TB: @c:\program files\msn toolbar\platform\5.0.1363.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1363.0\npwinext.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
    TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
    uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Logitech Vid] "c:\program files\logitech\vid\Vid.exe" -bootmode
    uRun: [Logitech Vid HD] "c:\program files\logitech\vid\vid.exe" -bootmode
    uRun: [Dsepaxeyuvasaxo] rundll32.exe "c:\windows\WIFCIA.dll",Startup
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
    mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    mRun: [bbui] c:\program files\creative\8xxx\bbui.exe
    mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
    mRun: [HostManager] c:\program files\common files\aol\1187566823\ee\AOLSoftware.exe
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1363.0\mswinext.exe"
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
    mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Ccuwixiwuhuqe] rundll32.exe "c:\windows\ucicuraqilaquvac.dll",Startup
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\brian\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\screen~1.lnk - c:\windows\FSScrCtl.exe
    IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
    IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    Trusted Zone: db.com
    Trusted Zone: line6.net
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} - hxxps://dbrasweb-ny1.us.db.com/llclient/dbrasweb/winxp/,DanaInfo=rctoolbox2.us.db.com,CT=java+AXXPEE.dll
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
    DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
    DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://dbrasweb-ny1.us.db.com/dana-cached/setup/JuniperSetupSP1.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxsrvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ============= SERVICES / DRIVERS ===============

    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-11-6 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-11-6 173104]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\bashdefs\20101029.001\BHDrvx86.sys [2010-10-29 692272]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-11-6 501888]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-11-6 116784]
    R2 N360;Norton 360;c:\program files\norton 360\engine\4.3.0.5\ccsvchst.exe [2010-11-6 126392]
    R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-7-15 1245064]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-11-6 102448]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\ipsdefs\20101104.004\IDSXpx86.sys [2010-10-19 341880]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20101108.002\NAVENG.SYS [2010-11-8 86064]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20101108.002\NAVEX15.SYS [2010-11-8 1371184]
    S2 gupdate1c9f44852430e5e;Google Update Service (gupdate1c9f44852430e5e);c:\program files\google\update\GoogleUpdate.exe [2009-6-23 133104]
    S3 L6DP;L6DP;c:\windows\system32\drivers\l6dp.sys --> c:\windows\system32\drivers\l6dp.sys [?]
    S3 L6TPortA;Service - Line 6 TonePort UX1;c:\windows\system32\drivers\l6tporta.sys --> c:\windows\system32\drivers\L6TPortA.sys [?]
    S3 VVBETHERNET;Broadband Blaster 8012U Ethernet Driver;c:\windows\system32\drivers\vvbeth.sys [2006-7-15 15878]
    S3 vvbususb;Broadband Blaster 8012U USB;c:\windows\system32\drivers\vvbususb.sys [2006-7-15 51448]

    =============== Created Last 30 ================

    2010-11-06 16:58:12 361904 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symtdi.sys
    2010-11-06 16:58:12 339504 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symtdiv.sys
    2010-11-06 16:58:12 328752 ----a-r- c:\windows\system32\drivers\n360\0403000.005\symds.sys
    2010-11-06 16:58:12 173104 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symefa.sys
    2010-11-06 16:58:11 501888 ----a-w- c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys
    2010-11-06 16:58:11 43696 ----a-w- c:\windows\system32\drivers\n360\0403000.005\srtspx.sys
    2010-11-06 16:58:11 325680 ----a-w- c:\windows\system32\drivers\n360\0403000.005\srtsp.sys
    2010-11-06 16:58:11 116784 ----a-w- c:\windows\system32\drivers\n360\0403000.005\ironx86.sys
    2010-11-06 16:57:39 -------- d-----w- c:\windows\system32\drivers\n360\0403000.005
    2010-11-06 13:10:47 -------- d-----w- c:\docume~1\brian\applic~1\Tific
    2010-11-06 13:10:44 -------- d-----w- c:\docume~1\brian\locals~1\applic~1\Symantec
    2010-11-06 12:50:30 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-11-06 12:50:29 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-11-06 12:50:29 -------- d-----w- c:\program files\Symantec
    2010-11-06 12:49:36 -------- d-----w- c:\windows\system32\drivers\N360
    2010-11-06 12:49:34 -------- d-----w- c:\program files\Norton 360
    2010-11-06 12:49:20 -------- d-----w- c:\program files\NortonInstaller
    2010-11-06 12:49:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
    2010-11-05 09:10:17 -------- d-----w- c:\docume~1\brian\applic~1\Malwarebytes
    2010-11-05 03:51:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-05 03:51:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-05 03:51:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-05 03:51:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-11-05 02:06:21 0 ----a-w- c:\windows\Fnapaqabezaxeqe.bin
    2010-11-05 02:06:08 -------- d-----w- c:\docume~1\brian\locals~1\applic~1\{47DD742D-9082-404F-A2C0-3FC337893A22}
    2010-11-02 19:14:32 -------- d-----w- c:\program files\iTunes
    2010-11-02 19:14:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-11-02 19:13:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin8.dll
    2010-11-02 19:13:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
    2010-11-02 19:13:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
    2010-11-02 19:13:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2010-11-02 19:13:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2010-11-02 19:13:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2010-11-02 19:13:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2010-11-02 19:13:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
    2010-11-02 19:11:16 -------- d-----w- c:\docume~1\brian\locals~1\applic~1\Apple
    2010-11-02 19:10:22 -------- d-----w- c:\program files\Bonjour
    2010-11-02 13:47:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-11-02 13:40:39 -------- d-----w- c:\windows\system32\Adobe
    2010-11-02 11:39:23 -------- d-----w- c:\docume~1\brian\applic~1\Acapela Group
    2010-11-02 11:38:52 -------- d-----w- c:\docume~1\brian\locals~1\applic~1\Xtranormal
    2010-11-02 11:35:12 -------- d-----w- c:\program files\Xtranormal
    2010-11-02 11:34:13 -------- d-----w- c:\docume~1\brian\applic~1\Xtranormal
    2010-10-29 23:03:56 -------- d-----w- c:\program files\PS3 Media Server
    2010-10-12 23:44:36 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
    2010-10-12 23:44:35 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
    2010-10-12 23:44:35 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
    2010-10-12 23:44:27 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

    ==================== Find3M ====================

    2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-15 06:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-09-08 15:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 15:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2007-05-09 21:31:12 15788024 ----a-w- c:\program files\StuffIt11.0.0.34.exe
    2006-11-30 15:03:31 16508560 ----a-w- c:\program files\jre-1_5_0_09-windows-i586-p-s.exe
    2006-11-28 15:56:27 14879120 ----a-w- c:\program files\GoogleEarthWin.exe

    =================== ROOTKIT ====================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: WDC_WD800JD-75JNC0 rev.06.01C06 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-e

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8AE9E446]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8aea4504]; MOV EAX, [0x8aea4580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x8AEE9AB8]
    3 CLASSPNP[0xBA168FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x8AED5520]
    \Driver\atapi[0x8AED78C8] -> IRP_MJ_CREATE -> 0x8AE9E446
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
    detected disk devices:
    \Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskWDC_WD800JD-75JNC0______________________06.01C06#5&2a36c317&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x8AE9E292
    user != kernel MBR !!!
    sectors 156249998 (+255): user != kernel
    Warning: possible TDL4 rootkit infection !
    TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

    ============= FINISH: 20:16:23.00 ===============
     
  9. BrianB

    BrianB TS Rookie Topic Starter Posts: 39

    Ok so I believe I've run all the logs required. Any help is greatly appreciated. I can say my system is very slow and I frequently need to do hard boots as I get frozen often now.
     
  10. BrianB

    BrianB TS Rookie Topic Starter Posts: 39

    Soon after I posted the above logs my PC froze once again. I powered off and on as I was trying to see if anyone replied with answers.

    I believe my hard drive is completely gone now.

    I get a blue screen with the following:

    Stop: C000021a {Fatal System Error}
    The windows logon process system process terminated unexpectedly with a status
    of 0xc0000005 (0x00000000 0x00000000)
    The system has been shut down

    I get this when I try booting in safe mode and last best config mode.

    HELP!! I've got some real precious stuff on this drive.
     
  11. BrianB

    BrianB TS Rookie Topic Starter Posts: 39

    Am I supposed to start a new thread or something? Hate to have to repaste everything.
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I'm really sorry you're so impatient after just a few hours. And I'm really sorry you didn't back up all that 'precious stuff' before you started to have problems! Because if your hard drive is gone, so is that 'precious stuff.'!

    IF you care to go on, please take into consideration that many other members have problems also. The day is only 24 hours long- except for last Sunday which was 25- and extra hour to volunteer services here to help members!

    Let me know what you want to do.
     
  13. BrianB

    BrianB TS Rookie Topic Starter Posts: 39

    It might have looked like I was impatient but It was simply a serious question as to if I need to start a new thread to be considered for help. I was seeing many other people get replied to and though my thread might have been written off as I started out wrong by not including logs and broke protocol. When you get to it you get to it. I do appreciate the help and await my turn.
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You may see a reply to another member while you are still waiting. Sometimes we stop by to get them started on the scans, sometimes it's a thread in progress that needs another scan. We are all volunteers here and considering some of the malware infections we deal with, I think we do a magnificent job! We don't 'punish' people for 'breaking protocol'- whatever that is. We try to get to everyone as quickly as possible. If you compare us to other forums, you will see how fast we really are.
    ============================================
    Here is my protocol for Think Point:
    ThinkPoint is a rogue anti-spyware program that comes bundled with the fake Microsoft Security Essentials Alert. It will block task manager, registry editor and other tools too claiming that these tools were block due the security reasons and might be infected with malicious code.

    The malware authors try to mimic legitimate programs in looks and what the action will be> that's why so many users get drawn into these programs. The main entry we see is hotfix.exe so we will stop it:
    1. Boot into Safe Mode
      • Restart your computer and start pressing the F8 key on your keyboard.
      • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
    2. End Task
      Click on Start> Run> type in taskmgr> OK.
      Double click on the frame at the top of the Processes column to sort
      Find hotfix.exe and click to Highlight
      Click on End Task
    3. Unhide
      Click on Start> Search> All Files and Folders
      Go up to Tools> Folder Options
      Click on the View tab
      Check 'Show hidden files and folders'
      Uncheck 'Hide protected operating system files (Recommended)'
      Click on OK> Apply> OK
    4. Search
      Go to Search> 'all or part of the name'
      Type in hotfix.exe
      (It should be found in this folder: C:\Documents and Settings\User\Application Data\hotfix.exe
      Do a right click> Delete on the file
    5. Rehide the files and folders.
    Close
    ===============================================
    Reboot the computer back into Normal Mode
    ==============================================
    I also have to remove a registry entry:

    Please download ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..
     
  15. BrianB

    BrianB TS Rookie Topic Starter Posts: 39

    Thanks.

    I've deleted hotfix.exe already the other night.

    The second part regarding combofix I would like to try but I am stuck due to the problem I described in post #10 of this thread. I would need to get beyond that to contine.
     
  16. BrianB

    BrianB TS Rookie Topic Starter Posts: 39

    Ok got my PC back using repair disk. So I ran Combofix and here is the report:



    ComboFix 10-11-11.01 - Brian 11/11/2010 21:36:41.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2379 [GMT -5:00]
    Running from: c:\documents and settings\Brian\Desktop\ComboFix.exe
    AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Brian\Application Data\completescan
    c:\documents and settings\Brian\Application Data\install
    c:\documents and settings\Brian\IDHWTSS1.dll
    c:\documents and settings\Brian\Local Settings\Application Data\{47DD742D-9082-404F-A2C0-3FC337893A22}
    c:\documents and settings\Brian\Local Settings\Application Data\{47DD742D-9082-404F-A2C0-3FC337893A22}\chrome.manifest
    c:\documents and settings\Brian\Local Settings\Application Data\{47DD742D-9082-404F-A2C0-3FC337893A22}\chrome\content\_cfg.js
    c:\documents and settings\Brian\Local Settings\Application Data\{47DD742D-9082-404F-A2C0-3FC337893A22}\chrome\content\overlay.xul
    c:\documents and settings\Brian\Local Settings\Application Data\{47DD742D-9082-404F-A2C0-3FC337893A22}\install.rdf
    c:\documents and settings\Brian\PrtDLL.dll
    c:\windows\Tasks\At1.job
    c:\windows\Tasks\At10.job
    c:\windows\Tasks\At11.job
    c:\windows\Tasks\At12.job
    c:\windows\Tasks\At13.job
    c:\windows\Tasks\At14.job
    c:\windows\Tasks\At15.job
    c:\windows\Tasks\At16.job
    c:\windows\Tasks\At17.job
    c:\windows\Tasks\At18.job
    c:\windows\Tasks\At19.job
    c:\windows\Tasks\At2.job
    c:\windows\Tasks\At20.job
    c:\windows\Tasks\At21.job
    c:\windows\Tasks\At22.job
    c:\windows\Tasks\At23.job
    c:\windows\Tasks\At24.job
    c:\windows\Tasks\At3.job
    c:\windows\Tasks\At4.job
    c:\windows\Tasks\At5.job
    c:\windows\Tasks\At6.job
    c:\windows\Tasks\At7.job
    c:\windows\Tasks\At8.job
    c:\windows\Tasks\At9.job
    c:\windows\ucicuraqilaquvac.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_6TO4


    ((((((((((((((((((((((((( Files Created from 2010-10-12 to 2010-11-12 )))))))))))))))))))))))))))))))
    .

    2010-11-09 23:42 . 2010-11-09 23:42 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
    2010-11-07 02:45 . 2010-11-07 02:45 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
    2010-11-06 21:00 . 2010-11-06 21:00 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2010-11-06 13:10 . 2010-11-06 13:10 -------- d-----w- c:\documents and settings\Brian\Application Data\Tific
    2010-11-06 13:10 . 2010-11-06 13:10 -------- d-----w- c:\documents and settings\Brian\Local Settings\Application Data\Symantec
    2010-11-06 12:50 . 2010-11-06 12:50 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-11-06 12:50 . 2010-11-06 12:50 -------- d-----w- c:\program files\Symantec
    2010-11-06 12:50 . 2010-11-06 12:50 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-11-06 12:49 . 2010-11-07 12:25 -------- d-----w- c:\windows\system32\drivers\N360
    2010-11-06 12:49 . 2010-11-06 12:49 -------- d-----w- c:\program files\Norton 360
    2010-11-06 12:49 . 2010-11-06 12:49 -------- d-----w- c:\program files\Windows Sidebar
    2010-11-06 12:49 . 2010-11-06 12:49 -------- d-----w- c:\program files\NortonInstaller
    2010-11-06 12:49 . 2010-11-06 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
    2010-11-06 01:49 . 2010-11-09 23:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-11-05 23:12 . 2010-11-05 23:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-11-05 09:10 . 2010-11-05 09:10 -------- d-----w- c:\documents and settings\Brian\Application Data\Malwarebytes
    2010-11-05 06:09 . 2010-11-05 06:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
    2010-11-05 03:52 . 2010-11-05 03:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2010-11-05 03:51 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-05 03:51 . 2010-11-05 03:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-05 03:51 . 2010-11-05 03:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-11-05 03:51 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-05 03:47 . 2010-11-05 03:47 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
    2010-11-05 03:43 . 2010-11-06 01:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
    2010-11-05 03:23 . 2010-11-05 03:23 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2010-11-05 02:06 . 2010-11-12 02:11 0 ----a-w- c:\windows\Fnapaqabezaxeqe.bin
    2010-11-02 19:14 . 2010-11-02 19:15 -------- d-----w- c:\program files\iTunes
    2010-11-02 19:10 . 2010-11-02 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
    2010-11-02 13:47 . 2010-09-15 08:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-11-02 13:40 . 2010-11-02 13:40 -------- d-----w- c:\windows\system32\Adobe
    2010-11-02 11:39 . 2010-11-02 11:39 -------- d-----w- c:\documents and settings\Brian\Application Data\Acapela Group
    2010-11-02 11:38 . 2010-11-02 11:38 -------- d-----w- c:\documents and settings\Brian\Local Settings\Application Data\Xtranormal
    2010-11-02 11:35 . 2010-11-04 23:58 -------- d-----w- c:\program files\Xtranormal
    2010-11-02 11:34 . 2010-11-02 13:12 -------- d-----w- c:\documents and settings\Brian\Application Data\Xtranormal
    2010-10-29 23:03 . 2010-10-29 23:07 -------- d-----w- c:\program files\PS3 Media Server

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-19 20:51 . 2010-08-11 23:29 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-09-18 16:23 . 2004-08-04 10:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2004-08-04 10:00 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2004-08-04 10:00 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2004-08-04 10:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-16 17:46 . 2010-09-16 17:46 28672 ----a-w- c:\windows\system32\drivers\CO_Mon.sys
    2010-09-16 15:22 . 2010-09-16 15:22 53248 ----a-r- c:\documents and settings\Brian\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2010-09-15 06:29 . 2008-03-30 02:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-09-10 05:58 . 2004-08-04 10:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-09-01 11:51 . 2004-08-04 10:00 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42 . 2004-08-04 10:00 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57 . 2004-08-04 10:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 13:39 . 2004-08-04 10:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-08-26 12:52 . 2009-04-16 00:37 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12 . 2004-08-04 10:00 617472 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45 . 2004-08-04 10:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2007-05-09 21:31 . 2007-05-09 21:29 15788024 ----a-w- c:\program files\StuffIt11.0.0.34.exe
    2006-11-30 15:03 . 2006-11-30 15:03 16508560 ----a-w- c:\program files\jre-1_5_0_09-windows-i586-p-s.exe
    2006-11-28 15:56 . 2006-11-28 15:56 14879120 ----a-w- c:\program files\GoogleEarthWin.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-23 68856]
    "Logitech Vid"="c:\program files\Logitech\Vid\Vid.exe" [2010-05-11 6061400]
    "Logitech Vid HD"="c:\program files\Logitech\Vid\vid.exe" [2010-05-11 6061400]
    "AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2007-10-31 50528]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
    "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-07-14 26112]
    "bbui"="c:\program files\Creative\8xxx\bbui.exe" [2002-03-08 258048]
    "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-05-07 188416]
    "HostManager"="c:\program files\Common Files\AOL\1187566823\ee\AOLSoftware.exe" [2008-06-24 41824]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1363.0\mswinext.exe" [2010-01-26 243032]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
    "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
    "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

    c:\documents and settings\Brian\Start Menu\Programs\Startup\
    Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-2-19 344064]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-6-10 24576]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Creative\\8xxx\\bbui.exe"=
    "c:\\Program Files\\America Online 9.0\\waol.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1187566823\\ee\\aolsoftware.exe"=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
    "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
    "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=
    "c:\\Program Files\\AOL 9.1\\waol.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Documents and Settings\\Brian\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Logitech\\Vid\\Vid.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "<NO NAME>"=

    R0 SymDS;Symantec Data Store;c:\windows\SYSTEM32\DRIVERS\N360\0403000.005\symds.sys [11/6/2010 11:58 AM 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\N360\0403000.005\symefa.sys [11/6/2010 11:58 AM 173104]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101029.001\BHDrvx86.sys [10/29/2010 4:37 PM 692272]
    R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\N360\0403000.005\cchpx86.sys [11/6/2010 11:58 AM 501888]
    R1 SymIRON;Symantec Iron Driver;c:\windows\SYSTEM32\DRIVERS\N360\0403000.005\ironx86.sys [11/6/2010 11:58 AM 116784]
    R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccsvchst.exe [11/6/2010 11:57 AM 126392]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/6/2010 7:54 AM 102448]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101104.004\IDSXpx86.sys [10/19/2010 3:36 PM 341880]
    S2 gupdate1c9f44852430e5e;Google Update Service (gupdate1c9f44852430e5e);c:\program files\Google\Update\GoogleUpdate.exe [6/23/2009 4:19 PM 133104]
    S3 L6DP;L6DP;c:\windows\system32\Drivers\l6dp.sys --> c:\windows\system32\Drivers\l6dp.sys [?]
    S3 L6TPortA;Service - Line 6 TonePort UX1;c:\windows\system32\Drivers\L6TPortA.sys --> c:\windows\system32\Drivers\L6TPortA.sys [?]
    S3 VVBETHERNET;Broadband Blaster 8012U Ethernet Driver;c:\windows\SYSTEM32\DRIVERS\vvbeth.sys [7/15/2006 5:12 PM 15878]
    S3 vvbususb;Broadband Blaster 8012U USB;c:\windows\SYSTEM32\DRIVERS\vvbususb.sys [7/15/2006 5:12 PM 51448]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-11-02 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

    2010-11-12 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-30 03:42]

    2010-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-23 21:19]

    2010-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-23 21:19]

    2010-11-09 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Brian.job
    - c:\program files\Norton 360\Engine\4.3.0.5\navw32.exe [2010-11-06 19:24]

    2010-11-12 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]

    2010-11-12 c:\windows\Tasks\User_Feed_Synchronization-{35D46A12-E3B1-49FD-A798-D1C86D2B3D55}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.optimum.net/Home
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    Trusted Zone: db.com
    Trusted Zone: line6.net
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} - hxxps://dbrasweb-ny1.us.db.com/llclient/dbrasweb/winxp/,DanaInfo=rctoolbox2.us.db.com,CT=java+AXXPEE.dll
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
    HKCU-Run-Dsepaxeyuvasaxo - c:\windows\WIFCIA.dll
    HKLM-Run-Ccuwixiwuhuqe - c:\windows\ucicuraqilaquvac.dll
    AddRemove-M2416447 - c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
    AddRemove-M979906 - c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-11 21:46
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3465306497-152574272-1382073938-1005\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7D123B2E-0C5F-D919-194C2B3C78E1FEC1}\{313463E6-9B37-5C56-F570B6CAA31EBA6B}\{14D54DC1-EDC1-0F67-65A1433CC409F39D}*]
    "{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,09,e0,16,
    63,95,c9,d4,4f,d1,7d,a7,4c,82,51,c9,37,b6,ca,f8,54,4b,1f,39,51,08,f1,0c,03,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DA5FD177-5ED9-D129-A0BCADEF3ACDBDBC}\{79EAF540-0E74-317B-4A6E156139C845D3}\{99F2609B-7483-5DDB-3E9DF7E4B6714B5D}*]
    "WHRUBFTNUT3JMXQXKMKSXOBADA1"=hex:01,00,01,00,00,00,00,00,7d,86,67,30,10,5d,1c,
    b8,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(1848)
    c:\windows\system32\WININET.dll
    c:\windows\system32\logishrd\LVPrcInj01.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\System32\SCardSvr.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Flip Video\FlipShare\FlipShareService.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Smith Micro\StuffIt11\ArcNameService.exe
    c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    c:\windows\wanmpsvc.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    c:\program files\AOL 9.1\waol.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\FSScrCtl.exe
    c:\program files\Common Files\AOL\ACS\AOLacsd.exe
    c:\program files\AOL 9.1\shellmon.exe
    .
    **************************************************************************
    .
    Completion time: 2010-11-11 21:53:33 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-11-12 02:53

    Pre-Run: 11,689,316,352 bytes free
    Post-Run: 11,703,037,952 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - 03250224F2EFBDF50B0A1ADD7EA70484
     
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please run this Custom CFScript

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad and copy/paste the text in the code below into it:
    Code:
    File::
    c:\windows\Fnapaqabezaxeqe.bin
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
    "<NO NAME>"=- 
    
    Driver::
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ===========================================
    Questions and comments:
    1. I notice the following have been removed:
    AddRemove-M2416447 - c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
    AddRemove-M979906 - c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe

    Did you intentionally remove these thinking they were part of Think Point because of the hotfix.exe ending?
    They are for the Microsoft .NET Framework 1.1 Hotfix (KB886903). This security update for .NET Framework 1.1 addresses a vulnerability in ASP.NET that could allow elevation of privilege and information disclosure.
    2. Do you still use this?
    L6TPortA;Service>> - GuitarPort WDM Audio Device Driver - GuitarPort - Line 6
    3. Do you require this applet when logging into your office network?
    DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} (Confidence Online Enterprise Edition) - https://dbrasweb-hh1.uk.db.com/llclient/dbr...db.com,CT=java+
    ============================================
    Download the HijackThis Installer and save to the desktop:
    1. Double-click on HJTInstall.exe to run the program.
    2. By default it will install to C:\Program Files\Trend Micro\HijackThis.
    3. Accept the license agreement by clicking the "I Accept" button.
    4. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
    5. Click "Save log" to save the log file and then the log will open in notepad.
    6. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    7. Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
     
  18. BrianB

    BrianB TS Rookie Topic Starter Posts: 39

    Thanks. Here are the answers to your questions:

    Questions and comments:
    1. I notice the following have been removed:
    AddRemove-M2416447 - c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
    AddRemove-M979906 - c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
    Did you intentionally remove these thinking they were part of Think Point because of the hotfix.exe ending?
    They are for the Microsoft .NET Framework 1.1 Hotfix (KB886903). This security update for .NET Framework 1.1 addresses a vulnerability in ASP.NET that could allow elevation of privilege and information disclosure.

    Yes I did. I quess we'll have to fix that no? I mentioned in post #6 that that is where I found hotfix.exe when I did the search and deleted it.

    2) Do you still use this?
    L6TPortA;Service>> - GuitarPort WDM Audio Device Driver - GuitarPort - Line 6

    No

    3. Do you require this applet when logging into your office network?
    DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} (Confidence Online Enterprise Edition) - https://dbrasweb-hh1.uk.db.com/llcli...b.com,CT=java+

    Yes

    I'll do the other two report logs when I get home and paste them. Let me know if my answers above have changed anything I need to do in the meantime.
    Thanks
     
  19. BrianB

    BrianB TS Rookie Topic Starter Posts: 39

    Here is the latest combofix log:

    ComboFix 10-11-11.01 - Brian 11/12/2010 18:04:01.2.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2452 [GMT -5:00]
    Running from: c:\documents and settings\Brian\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Brian\Desktop\CFScript.txt
    AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

    FILE ::
    "c:\windows\Fnapaqabezaxeqe.bin"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\Fnapaqabezaxeqe.bin

    .
    ((((((((((((((((((((((((( Files Created from 2010-10-12 to 2010-11-12 )))))))))))))))))))))))))))))))
    .

    2010-11-09 23:42 . 2010-11-09 23:42 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
    2010-11-07 02:45 . 2010-11-07 02:45 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
    2010-11-06 21:00 . 2010-11-06 21:00 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2010-11-06 13:10 . 2010-11-06 13:10 -------- d-----w- c:\documents and settings\Brian\Application Data\Tific
    2010-11-06 13:10 . 2010-11-06 13:10 -------- d-----w- c:\documents and settings\Brian\Local Settings\Application Data\Symantec
    2010-11-06 12:50 . 2010-11-06 12:50 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-11-06 12:50 . 2010-11-06 12:50 -------- d-----w- c:\program files\Symantec
    2010-11-06 12:50 . 2010-11-06 12:50 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-11-06 12:49 . 2010-11-07 12:25 -------- d-----w- c:\windows\system32\drivers\N360
    2010-11-06 12:49 . 2010-11-06 12:49 -------- d-----w- c:\program files\Norton 360
    2010-11-06 12:49 . 2010-11-06 12:49 -------- d-----w- c:\program files\Windows Sidebar
    2010-11-06 12:49 . 2010-11-06 12:49 -------- d-----w- c:\program files\NortonInstaller
    2010-11-06 12:49 . 2010-11-06 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
    2010-11-06 01:49 . 2010-11-09 23:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-11-05 23:12 . 2010-11-05 23:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-11-05 09:10 . 2010-11-05 09:10 -------- d-----w- c:\documents and settings\Brian\Application Data\Malwarebytes
    2010-11-05 06:09 . 2010-11-05 06:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
    2010-11-05 03:52 . 2010-11-05 03:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2010-11-05 03:51 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-05 03:51 . 2010-11-05 03:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-05 03:51 . 2010-11-05 03:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-11-05 03:51 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-05 03:47 . 2010-11-05 03:47 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
    2010-11-05 03:43 . 2010-11-06 01:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
    2010-11-05 03:23 . 2010-11-05 03:23 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2010-11-02 19:14 . 2010-11-02 19:15 -------- d-----w- c:\program files\iTunes
    2010-11-02 19:10 . 2010-11-02 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
    2010-11-02 13:47 . 2010-09-15 08:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-11-02 13:40 . 2010-11-02 13:40 -------- d-----w- c:\windows\system32\Adobe
    2010-11-02 11:39 . 2010-11-02 11:39 -------- d-----w- c:\documents and settings\Brian\Application Data\Acapela Group
    2010-11-02 11:38 . 2010-11-02 11:38 -------- d-----w- c:\documents and settings\Brian\Local Settings\Application Data\Xtranormal
    2010-11-02 11:35 . 2010-11-04 23:58 -------- d-----w- c:\program files\Xtranormal
    2010-11-02 11:34 . 2010-11-02 13:12 -------- d-----w- c:\documents and settings\Brian\Application Data\Xtranormal
    2010-10-29 23:03 . 2010-10-29 23:07 -------- d-----w- c:\program files\PS3 Media Server

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-19 20:51 . 2010-08-11 23:29 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-09-18 16:23 . 2004-08-04 10:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2004-08-04 10:00 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2004-08-04 10:00 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2004-08-04 10:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-16 17:46 . 2010-09-16 17:46 28672 ----a-w- c:\windows\system32\drivers\CO_Mon.sys
    2010-09-16 15:22 . 2010-09-16 15:22 53248 ----a-r- c:\documents and settings\Brian\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2010-09-15 06:29 . 2008-03-30 02:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-09-10 05:58 . 2004-08-04 10:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-09-01 11:51 . 2004-08-04 10:00 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42 . 2004-08-04 10:00 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57 . 2004-08-04 10:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 13:39 . 2004-08-04 10:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-08-26 12:52 . 2009-04-16 00:37 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12 . 2004-08-04 10:00 617472 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45 . 2004-08-04 10:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2007-05-09 21:31 . 2007-05-09 21:29 15788024 ----a-w- c:\program files\StuffIt11.0.0.34.exe
    2006-11-30 15:03 . 2006-11-30 15:03 16508560 ----a-w- c:\program files\jre-1_5_0_09-windows-i586-p-s.exe
    2006-11-28 15:56 . 2006-11-28 15:56 14879120 ----a-w- c:\program files\GoogleEarthWin.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-23 68856]
    "Logitech Vid"="c:\program files\Logitech\Vid\Vid.exe" [2010-05-11 6061400]
    "Logitech Vid HD"="c:\program files\Logitech\Vid\vid.exe" [2010-05-11 6061400]
    "AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2007-10-31 50528]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
    "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-07-14 26112]
    "bbui"="c:\program files\Creative\8xxx\bbui.exe" [2002-03-08 258048]
    "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-05-07 188416]
    "HostManager"="c:\program files\Common Files\AOL\1187566823\ee\AOLSoftware.exe" [2008-06-24 41824]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1363.0\mswinext.exe" [2010-01-26 243032]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
    "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
    "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

    c:\documents and settings\Brian\Start Menu\Programs\Startup\
    Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-2-19 344064]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-6-10 24576]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Creative\\8xxx\\bbui.exe"=
    "c:\\Program Files\\America Online 9.0\\waol.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1187566823\\ee\\aolsoftware.exe"=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
    "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
    "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=
    "c:\\Program Files\\AOL 9.1\\waol.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Documents and Settings\\Brian\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Logitech\\Vid\\Vid.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "<NO NAME>"=

    R0 SymDS;Symantec Data Store;c:\windows\SYSTEM32\DRIVERS\N360\0403000.005\symds.sys [11/6/2010 11:58 AM 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\N360\0403000.005\symefa.sys [11/6/2010 11:58 AM 173104]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101029.001\BHDrvx86.sys [10/29/2010 4:37 PM 692272]
    R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\N360\0403000.005\cchpx86.sys [11/6/2010 11:58 AM 501888]
    R1 SymIRON;Symantec Iron Driver;c:\windows\SYSTEM32\DRIVERS\N360\0403000.005\ironx86.sys [11/6/2010 11:58 AM 116784]
    R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccsvchst.exe [11/6/2010 11:57 AM 126392]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/6/2010 7:54 AM 102448]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101104.004\IDSXpx86.sys [10/19/2010 3:36 PM 341880]
    S2 gupdate1c9f44852430e5e;Google Update Service (gupdate1c9f44852430e5e);c:\program files\Google\Update\GoogleUpdate.exe [6/23/2009 4:19 PM 133104]
    S3 L6DP;L6DP;c:\windows\system32\Drivers\l6dp.sys --> c:\windows\system32\Drivers\l6dp.sys [?]
    S3 L6TPortA;Service - Line 6 TonePort UX1;c:\windows\system32\Drivers\L6TPortA.sys --> c:\windows\system32\Drivers\L6TPortA.sys [?]
    S3 VVBETHERNET;Broadband Blaster 8012U Ethernet Driver;c:\windows\SYSTEM32\DRIVERS\vvbeth.sys [7/15/2006 5:12 PM 15878]
    S3 vvbususb;Broadband Blaster 8012U USB;c:\windows\SYSTEM32\DRIVERS\vvbususb.sys [7/15/2006 5:12 PM 51448]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-11-02 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

    2010-11-12 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-30 03:42]

    2010-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-23 21:19]

    2010-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-23 21:19]

    2010-11-09 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Brian.job
    - c:\program files\Norton 360\Engine\4.3.0.5\navw32.exe [2010-11-06 19:24]

    2010-11-12 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]

    2010-11-12 c:\windows\Tasks\User_Feed_Synchronization-{35D46A12-E3B1-49FD-A798-D1C86D2B3D55}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.optimum.net/Home
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    Trusted Zone: db.com
    Trusted Zone: line6.net
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} - hxxps://dbrasweb-ny1.us.db.com/llclient/dbrasweb/winxp/,DanaInfo=rctoolbox2.us.db.com,CT=java+AXXPEE.dll
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-12 18:13
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3465306497-152574272-1382073938-1005\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7D123B2E-0C5F-D919-194C2B3C78E1FEC1}\{313463E6-9B37-5C56-F570B6CAA31EBA6B}\{14D54DC1-EDC1-0F67-65A1433CC409F39D}*]
    "{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,09,e0,16,
    63,95,c9,d4,4f,d1,7d,a7,4c,82,51,c9,37,b6,ca,f8,54,4b,1f,39,51,08,f1,0c,03,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DA5FD177-5ED9-D129-A0BCADEF3ACDBDBC}\{79EAF540-0E74-317B-4A6E156139C845D3}\{99F2609B-7483-5DDB-3E9DF7E4B6714B5D}*]
    "WHRUBFTNUT3JMXQXKMKSXOBADA1"=hex:01,00,01,00,00,00,00,00,7d,86,67,30,10,5d,1c,
    b8,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    Completion time: 2010-11-12 18:16:00
    ComboFix-quarantined-files.txt 2010-11-12 23:15
    ComboFix2.txt 2010-11-12 02:53

    Pre-Run: 11,602,743,296 bytes free
    Post-Run: 11,582,722,048 bytes free

    - - End Of File - - A06B1F9243B5A6DB5318F49415B82A24
     
  20. BrianB

    BrianB TS Rookie Topic Starter Posts: 39

    Here is the Hijack Log:


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:21:37 PM, on 11/12/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Creative\8xxx\bbui.exe
    C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\MSN Toolbar\Platform\5.0.1363.0\mswinext.exe
    C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Logitech\Vid\vid.exe
    C:\Program Files\AOL 9.1\waol.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    C:\WINDOWS\FSScrCtl.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
    C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
    C:\Program Files\AOL 9.1\shellmon.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optimum.net/Home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\IPSBHO.DLL
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1363.0\npwinext.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\5.0.1363.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1363.0\npwinext.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coIEPlg.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [bbui] C:\Program Files\Creative\8xxx\bbui.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1187566823\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Bing Bar] "C:\Program Files\MSN Toolbar\Platform\5.0.1363.0\mswinext.exe"
    O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
    O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Vid\Vid.exe" -bootmode
    O4 - HKCU\..\Run: [Logitech Vid HD] "C:\Program Files\Logitech\Vid\vid.exe" -bootmode
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
    O4 - Global Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.db.com
    O15 - Trusted Zone: *.line6.net
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} (Confidence Online for Web Applications) - https://dbrasweb-ny1.us.db.com/llcl...aInfo=rctoolbox2.us.db.com,CT=java+AXXPEE.dll
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://dbrasweb-ny1.us.db.com/dana-cached/setup/JuniperSetupSP1.cab
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    O23 - Service: Google Update Service (gupdate1c9f44852430e5e) (gupdate1c9f44852430e5e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    --
    End of file - 13822 bytes
     
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    We're almost through- hold off on router for a bit:

    Please run this Custom CFScript

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad and copy/paste the text in the code below into it:
    Code:
    File::
    c:\windows\system32\Drivers\l6dp.sys
    c:\windows\system32\Drivers\L6TPortA.sys
    
    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
    "<NO NAME>"=-
    RegNull::
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7D123B2E-0C5F-D919-194C2B3C78E1FEC1}\{313463E6-9B37-5C56-F570B6CAA31EBA6B}\{14D54DC1-EDC1-0F67-65A1433CC409F39D}*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DA5FD177-5ED9-D129-A0BCADEF3ACDBDBC}\{79EAF540-0E74-317B-4A6E156139C845D3}\{99F2609B-7483-5DDB-3E9DF7E4B6714B5D}*]
    Driver::
    L6DP
    L6TPortA
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Please update Adobe Reader: Visit this Adobe Reader site and make sure you have the most current update. Uninstall v7 and any other earlier versions as they are vulnerabilities.

    HijackThis is okay.
     
  22. BrianB

    BrianB TS Rookie Topic Starter Posts: 39

    OK here is the latest Combofix log:


    ComboFix 10-11-11.01 - Brian 11/13/2010 19:57:04.3.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2366 [GMT -5:00]
    Running from: c:\documents and settings\Brian\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Brian\Desktop\cfscript.txt
    AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

    FILE ::
    "c:\windows\system32\Drivers\l6dp.sys"
    "c:\windows\system32\Drivers\L6TPortA.sys"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_L6DP
    -------\Service_L6TPortA


    ((((((((((((((((((((((((( Files Created from 2010-10-14 to 2010-11-14 )))))))))))))))))))))))))))))))
    .

    2010-11-12 23:21 . 2010-11-12 23:21 388096 ----a-r- c:\documents and settings\Brian\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-11-12 23:21 . 2010-11-12 23:21 -------- d-----w- c:\program files\Trend Micro
    2010-11-09 23:42 . 2010-11-09 23:42 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
    2010-11-07 02:45 . 2010-11-07 02:45 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
    2010-11-06 21:00 . 2010-11-06 21:00 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2010-11-06 13:10 . 2010-11-06 13:10 -------- d-----w- c:\documents and settings\Brian\Application Data\Tific
    2010-11-06 13:10 . 2010-11-06 13:10 -------- d-----w- c:\documents and settings\Brian\Local Settings\Application Data\Symantec
    2010-11-06 12:50 . 2010-11-06 12:50 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-11-06 12:50 . 2010-11-06 12:50 -------- d-----w- c:\program files\Symantec
    2010-11-06 12:50 . 2010-11-06 12:50 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-11-06 12:49 . 2010-11-07 12:25 -------- d-----w- c:\windows\system32\drivers\N360
    2010-11-06 12:49 . 2010-11-06 12:49 -------- d-----w- c:\program files\Norton 360
    2010-11-06 12:49 . 2010-11-06 12:49 -------- d-----w- c:\program files\Windows Sidebar
    2010-11-06 12:49 . 2010-11-06 12:49 -------- d-----w- c:\program files\NortonInstaller
    2010-11-06 12:49 . 2010-11-06 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
    2010-11-06 01:49 . 2010-11-09 23:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-11-05 23:12 . 2010-11-05 23:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-11-05 09:10 . 2010-11-05 09:10 -------- d-----w- c:\documents and settings\Brian\Application Data\Malwarebytes
    2010-11-05 06:09 . 2010-11-05 06:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
    2010-11-05 03:52 . 2010-11-05 03:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2010-11-05 03:51 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-05 03:51 . 2010-11-05 03:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-05 03:51 . 2010-11-05 03:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-11-05 03:51 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-05 03:47 . 2010-11-05 03:47 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
    2010-11-05 03:43 . 2010-11-06 01:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
    2010-11-05 03:23 . 2010-11-05 03:23 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2010-11-02 19:14 . 2010-11-02 19:15 -------- d-----w- c:\program files\iTunes
    2010-11-02 19:10 . 2010-11-02 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
    2010-11-02 13:47 . 2010-09-15 08:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-11-02 13:40 . 2010-11-02 13:40 -------- d-----w- c:\windows\system32\Adobe
    2010-11-02 11:39 . 2010-11-02 11:39 -------- d-----w- c:\documents and settings\Brian\Application Data\Acapela Group
    2010-11-02 11:38 . 2010-11-02 11:38 -------- d-----w- c:\documents and settings\Brian\Local Settings\Application Data\Xtranormal
    2010-11-02 11:35 . 2010-11-04 23:58 -------- d-----w- c:\program files\Xtranormal
    2010-11-02 11:34 . 2010-11-02 13:12 -------- d-----w- c:\documents and settings\Brian\Application Data\Xtranormal
    2010-10-29 23:03 . 2010-10-29 23:07 -------- d-----w- c:\program files\PS3 Media Server

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-19 20:51 . 2010-08-11 23:29 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-09-18 16:23 . 2004-08-04 10:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2004-08-04 10:00 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2004-08-04 10:00 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2004-08-04 10:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-16 17:46 . 2010-09-16 17:46 28672 ----a-w- c:\windows\system32\drivers\CO_Mon.sys
    2010-09-16 15:22 . 2010-09-16 15:22 53248 ----a-r- c:\documents and settings\Brian\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2010-09-15 06:29 . 2008-03-30 02:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-09-10 05:58 . 2004-08-04 10:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-09-01 11:51 . 2004-08-04 10:00 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42 . 2004-08-04 10:00 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57 . 2004-08-04 10:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 13:39 . 2004-08-04 10:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-08-26 12:52 . 2009-04-16 00:37 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12 . 2004-08-04 10:00 617472 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45 . 2004-08-04 10:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2007-05-09 21:31 . 2007-05-09 21:29 15788024 ----a-w- c:\program files\StuffIt11.0.0.34.exe
    2006-11-30 15:03 . 2006-11-30 15:03 16508560 ----a-w- c:\program files\jre-1_5_0_09-windows-i586-p-s.exe
    2006-11-28 15:56 . 2006-11-28 15:56 14879120 ----a-w- c:\program files\GoogleEarthWin.exe
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-11-12_23.13.42 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-11-14 01:09 . 2010-11-14 01:09 16384 c:\windows\Temp\Perflib_Perfdata_444.dat
    + 2010-11-14 01:07 . 2010-11-14 01:07 16384 c:\windows\Temp\Perflib_Perfdata_244.dat
    + 2005-06-10 11:27 . 2010-11-13 16:32 72576 c:\windows\SYSTEM32\PERFC009.DAT
    - 2005-06-10 11:27 . 2010-11-07 12:35 72576 c:\windows\SYSTEM32\PERFC009.DAT
    + 2005-06-10 11:27 . 2010-11-13 16:32 445370 c:\windows\SYSTEM32\PERFH009.DAT
    - 2005-06-10 11:27 . 2010-11-07 12:35 445370 c:\windows\SYSTEM32\PERFH009.DAT
    + 2010-11-12 23:21 . 2010-11-12 23:21 1094656 c:\windows\Installer\192091.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-23 68856]
    "Logitech Vid"="c:\program files\Logitech\Vid\Vid.exe" [2010-05-11 6061400]
    "Logitech Vid HD"="c:\program files\Logitech\Vid\vid.exe" [2010-05-11 6061400]
    "AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2007-10-31 50528]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
    "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-07-14 26112]
    "bbui"="c:\program files\Creative\8xxx\bbui.exe" [2002-03-08 258048]
    "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-05-07 188416]
    "HostManager"="c:\program files\Common Files\AOL\1187566823\ee\AOLSoftware.exe" [2008-06-24 41824]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1363.0\mswinext.exe" [2010-01-26 243032]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
    "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
    "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

    c:\documents and settings\Brian\Start Menu\Programs\Startup\
    Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-2-19 344064]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-6-10 24576]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Creative\\8xxx\\bbui.exe"=
    "c:\\Program Files\\America Online 9.0\\waol.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1187566823\\ee\\aolsoftware.exe"=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
    "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
    "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=
    "c:\\Program Files\\AOL 9.1\\waol.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Documents and Settings\\Brian\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Logitech\\Vid\\Vid.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "<NO NAME>"=

    R0 SymDS;Symantec Data Store;c:\windows\SYSTEM32\DRIVERS\N360\0403000.005\symds.sys [11/6/2010 11:58 AM 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\N360\0403000.005\symefa.sys [11/6/2010 11:58 AM 173104]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101104.001\BHDrvx86.sys [11/3/2010 7:07 PM 691248]
    R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\N360\0403000.005\cchpx86.sys [11/6/2010 11:58 AM 501888]
    R1 SymIRON;Symantec Iron Driver;c:\windows\SYSTEM32\DRIVERS\N360\0403000.005\ironx86.sys [11/6/2010 11:58 AM 116784]
    R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccsvchst.exe [11/6/2010 11:57 AM 126392]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/6/2010 7:54 AM 102448]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101112.001\IDSXpx86.sys [10/19/2010 3:36 PM 341880]
    S2 gupdate1c9f44852430e5e;Google Update Service (gupdate1c9f44852430e5e);c:\program files\Google\Update\GoogleUpdate.exe [6/23/2009 4:19 PM 133104]
    S3 VVBETHERNET;Broadband Blaster 8012U Ethernet Driver;c:\windows\SYSTEM32\DRIVERS\vvbeth.sys [7/15/2006 5:12 PM 15878]
    S3 vvbususb;Broadband Blaster 8012U USB;c:\windows\SYSTEM32\DRIVERS\vvbususb.sys [7/15/2006 5:12 PM 51448]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-11-02 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

    2010-11-14 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-30 03:42]

    2010-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-23 21:19]

    2010-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-23 21:19]

    2010-11-09 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Brian.job
    - c:\program files\Norton 360\Engine\4.3.0.5\navw32.exe [2010-11-06 19:24]

    2010-11-14 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]

    2010-11-13 c:\windows\Tasks\User_Feed_Synchronization-{35D46A12-E3B1-49FD-A798-D1C86D2B3D55}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.optimum.net/Home
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    Trusted Zone: db.com
    Trusted Zone: line6.net
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} - hxxps://dbrasweb-ny1.us.db.com/llclient/dbrasweb/winxp/,DanaInfo=rctoolbox2.us.db.com,CT=java+AXXPEE.dll
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-13 20:08
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3465306497-152574272-1382073938-1005\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(1184)
    c:\windows\system32\WININET.dll
    c:\windows\system32\logishrd\LVPrcInj01.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\System32\SCardSvr.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Flip Video\FlipShare\FlipShareService.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Smith Micro\StuffIt11\ArcNameService.exe
    c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    c:\windows\wanmpsvc.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    c:\program files\AOL 9.1\waol.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\FSScrCtl.exe
    c:\program files\Common Files\AOL\ACS\AOLacsd.exe
    c:\program files\AOL 9.1\shellmon.exe
    .
    **************************************************************************
    .
    Completion time: 2010-11-13 20:14:58 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-11-14 01:14
    ComboFix2.txt 2010-11-12 23:16
    ComboFix3.txt 2010-11-12 02:53

    Pre-Run: 10,112,466,944 bytes free
    Post-Run: 10,093,244,416 bytes free

    - - End Of File - - 07A042C0C4062345968DE3FA2C14AA65
     
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    The logs are clean. Do you have ant other malware related issues? If not:

    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.

    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin

    You can put the new router in now.
     
  24. BrianB

    BrianB TS Rookie Topic Starter Posts: 39

    Bless you! I think I'm good now. PC running like it's brand new. Just amazing. Thank you very much.

    The question is now... so I don't have to come back and be a pain in the ****... what do I run along with my Norton 360 to keep me safe? And I'm still wondering, is it the ThinkPoint virus all I had or was it multiple things? Those intrusions Norton blocked that I put in my first post seem like things other than Thinkpoint? I do my banking on that pc so I can't help but wonder if info has been gathered for a while. Just being paranoid I guess....
     
  25. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You're welcome We removed everything that was found. Here are some tips for additional security. Just keep in mind that the user is the first line of security> so safe surfing goes a long way! You should change all of your passwords and monitor the online financial transactions.

    Tips for added security and safer browsing:
    Note: All of these programs may not work on Windows 7 or a 64bit OS.
    1. Browser Security Settings: Custom is fine if the user did the settings. Mine are Custom. Default is okay too, but sometimes too restrictive.
      This Tutorial will help guide you through Configuring Security Settings, Managing Active X Controls and other safety features: Make Internet Explorer safer.
    2. Have layered Security:
      • Antivirus Software(only one):Both of the following programs are free and known to be good:
        [o]Avira Free
        [o]Avast Home
      • Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
        [o]Comodo
        [o]Zone Alarm
      • Antispyware: I recommend all of the following:
        [o]Spywareblaster: SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
      [o]Download ZonedOut and save to your desktop. this replaces IE/Spyad and manages the Zones in Internet explorer. This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
      For IE7 and IE8, Windows 2000 thru Vista. No Windows 7 yet.
      IE/Spyad is not longer being supported. If you have this on your system, you should replace it with the following program. Make sure your IE8 is Up-to-date before adding sites to your restricted zone.
      Known issue: If you have "immunized" your computer with Spybot Search and Destroy, and use ZonedOut to "Remove All" restricted sites - ZonedOut will remove your trusted sites as well. Note that if you remove Spybot Search and Destroys Immunization the problem goes away...
      [o]MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
      [o]Google Toolbar Get the free google toolbar to help stop pop up windows.
    3. Stay current on updates:
      [o] Visit the Microsoft Download Sitefrequently. You should get All updates marked Critical and the current SP updates.
      [o]Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
      [o]Check this site .Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.
    4. Reset Cookies to prevent Tracking Cookies:
      [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
      [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
      I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
      AdBlock Plus
      Easy List
    5. Do regular Maintenance
      Remove Temporary Internet Files regularly:
      [o]ATF Cleaner by Atribune
      OR
      [o]TFC
      Disable and Enable System Restore:
      [o]See System Restore Guide This will help you understand what this is, why you need to clean and set restore points and what information is in them.
    6. Practice Safe Email Handling
      [o] Don't open email from anyone you don't know.
      [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
      [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...