TechSpot

Virus and Malware Removal (Internet Explorer randomly redirecting)

Inactive
By pjaneb012673
Apr 19, 2011
  1. My Dell Latitude E6500 lapto is from an employee I replaced at the company I work for. Not sure if there were issues before me, but I definitely need help. My computer had a bunch of malware and spyware on it and it basically shut my system down. The IT dept, told me it was removed, but it's still acting weird. Like everytime I do a Google search and click a link, I am automatically redirected to some other website. I googled the internet issue and found a bunch of sites and tried a few different things, but I think I may have downloaded more junk. Anyway, I finally found this site and followed the posted instructions on the 8-step Viruses/Spyware/Malware Preliminary Removal thread. I hope you can help or at least lead me in the right direction.

    • Malwarebytes Anti-Malware log

    Nothing found

    • GMER log

    GMER 1.0.15.15570 - http://www.gmer.net
    Rootkit quick scan 2011-04-19 01:31:42
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD80 rev.11.0
    Running: 6fi7y26k.exe; Driver: C:\DOCUME~1\pbest\LOCALS~1\Temp\pfrorpob.sys


    ---- Devices - GMER 1.0.15 ----

    Device \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- EOF - GMER 1.0.15 ----

    • DDS logs: both DDS.txt and Attach.txt

    DDS.txt

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by pbest at 0:32:50.93 on Tue 04/19/2011
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2811 [GMT -4:00]
    .
    AV: Best Malware Protection *Enabled/Updated* {B5AAA9CF-B3A8-45E5-B21A-61A68DEADA7F}
    AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: Best Malware Protection *Enabled*
    FW: Symantec Endpoint Protection *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe
    C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
    C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
    svchost.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
    C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\IDT\WDM\sttray.exe
    C:\WINDOWS\system32\AESTFltr.exe
    C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Documents and Settings\pbest\My Documents\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.bing.com/?pc=Z039&form=ZGAPHP
    uInternet Settings,ProxyServer = 10.201.1.2:80
    uInternet Settings,ProxyOverride = <local>
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Telephony Toolbar Services: {431a60e6-675f-4b9f-b3f0-66e0fecc8b34} - c:\program files\evolve ip\assistant\bin\BW_Assistant_Enterprise_IE_S.dll
    BHO: Telephony Toolbar Call Control: {8f1ff1a7-c048-4d6b-b052-56e42ce427cb} - c:\program files\evolve ip\assistant\bin\BW_Assistant_Enterprise_IE_CC.dll
    BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Telephony Toolbar Call Control: {6f6690b9-c5db-4f08-8833-f2ef4dee956b} - c:\program files\evolve ip\assistant\bin\BW_Assistant_Enterprise_IE_CC.dll
    TB: Telephony Toolbar Services: {f10d927f-d3df-4734-98ab-dd258253f5fd} - c:\program files\evolve ip\assistant\bin\BW_Assistant_Enterprise_IE_S.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [HLBackupScheduler] c:\program files\verizon v cast media manager\V CAST Backup Scheduler.exe
    uRun: [C:!Documents and Settings!pbest!Local Settings!Application Data!Google!Chrome!User Data_service_run] "c:\documents and settings\pbest\local settings\application data\google\chrome\application\chrome.exe" --type=service
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /installquiet
    mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
    mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
    mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{ccbaa1f7-e5e1-48b2-9ed9-a79c6a37ce78}\Icon3E5562ED7.ico
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    uPolicies-explorer: DisallowRun = 1 (0x1)
    mPolicies-system: EnableLUA = 0 (0x0)
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251312057953
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251312563875
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    IFEO: image file execution options - svchost.exe
    Hosts: 64.27.10.42 www.google.com
    Hosts: 64.27.10.42 www.google.com.au
    Hosts: 64.27.10.42 www.google.be
    Hosts: 64.27.10.42 www.google.com.br
    Hosts: 64.27.10.42 www.google.ca
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 NHostNT1;Numara Remote Control Driver 1 ver. 9.00 (2007058);c:\windows\system32\drivers\NHOSTNT1.SYS [2009-8-31 92432]
    R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2008-12-29 320800]
    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-3-17 108392]
    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-3-17 108392]
    R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2009-1-22 808296]
    R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2009-1-22 20840]
    R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-2-6 443168]
    R2 NetOp Host for NT Service;Numara Remote Control Helper ver. 9.00 (2007058);c:\program files\numara software\remote\host\NHOSTSVC.EXE [2009-8-31 1499408]
    R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-5-12 2440632]
    R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-8-26 112128]
    R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009-8-26 32808]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-8-26 244368]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-3-26 102448]
    R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110417.004\NAVENG.SYS [2011-4-18 86136]
    R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110417.004\NAVEX15.SYS [2011-4-18 1393144]
    R3 NHOSTNT3;Numara Remote Control Driver 3 ver. 9.00 (2007058) (NHOSTNT3);c:\windows\system32\drivers\NHOSTNT3.SYS [2009-8-31 3216]
    S0 cerc6;cerc6; [x]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-7 136176]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-11-18 23888]
    S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2010-7-8 20480]
    S3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\drivers\nwusbmdm_000.sys [2010-7-8 176384]
    S3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\drivers\nwusbser_000.sys [2010-7-8 176384]
    S3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\drivers\nwusbser2_000.sys [2010-7-8 176384]
    S3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\windows\system32\drivers\PTDCWWAN.sys [2009-8-27 58240]
    S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2010-4-14 32408]
    S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-13 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-04-19 03:08:07 -------- d-----w- c:\program files\VS Revo Group
    2011-04-19 02:57:29 98304 ----a-w- c:\windows\system32\redmonnt.dll
    2011-04-19 02:57:25 -------- d-----w- c:\program files\Search Toolbar
    2011-04-18 23:25:59 -------- d-----w- c:\docume~1\pbest\applic~1\DriverCure
    2011-04-18 23:25:58 -------- d-----w- c:\docume~1\pbest\applic~1\ParetoLogic
    2011-04-18 23:25:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic
    2011-04-15 15:44:27 -------- d-----w- c:\docume~1\pbest\applic~1\Blackberry Desktop
    2011-04-14 18:27:30 -------- d-----w- c:\docume~1\pbest\applic~1\Malwarebytes
    2011-04-14 18:24:13 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\BMJCP
    2011-04-14 18:23:12 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\6576a5
    2011-04-11 15:07:35 -------- d-----w- c:\docume~1\pbest\applic~1\ElevatedDiagnostics
    2011-04-11 15:03:33 -------- d--h--w- c:\windows\PIF
    2011-04-09 05:13:09 -------- d-----w- c:\windows\system32\NtmsData
    2011-04-08 20:33:15 69632 ----a-r- c:\docume~1\pbest\applic~1\microsoft\installer\{ce86e2f5-850c-4207-94a3-a58d647b1733}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
    2011-04-08 20:33:15 69632 ----a-r- c:\docume~1\pbest\applic~1\microsoft\installer\{ce86e2f5-850c-4207-94a3-a58d647b1733}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
    2011-04-08 20:33:15 69632 ----a-r- c:\docume~1\pbest\applic~1\microsoft\installer\{ce86e2f5-850c-4207-94a3-a58d647b1733}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
    2011-04-08 20:33:15 69632 ----a-r- c:\docume~1\pbest\applic~1\microsoft\installer\{ce86e2f5-850c-4207-94a3-a58d647b1733}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
    2011-04-08 20:33:15 69632 ----a-r- c:\docume~1\pbest\applic~1\microsoft\installer\{ce86e2f5-850c-4207-94a3-a58d647b1733}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
    2011-04-08 20:33:15 69632 ----a-r- c:\docume~1\pbest\applic~1\microsoft\installer\{ce86e2f5-850c-4207-94a3-a58d647b1733}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
    2011-04-08 20:33:15 69632 ----a-r- c:\docume~1\pbest\applic~1\microsoft\installer\{ce86e2f5-850c-4207-94a3-a58d647b1733}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
    2011-04-08 20:33:15 69632 ----a-r- c:\docume~1\pbest\applic~1\microsoft\installer\{ce86e2f5-850c-4207-94a3-a58d647b1733}\DesktopMgr.exe
    2011-04-07 01:21:37 -------- d-----w- c:\docume~1\pbest\locals~1\applic~1\Google
    2011-04-07 01:20:15 -------- d-----w- c:\docume~1\pbest\locals~1\applic~1\Deployment
    2011-04-06 16:56:40 -------- d-----w- c:\docume~1\pbest\applic~1\Autodesk
    2011-04-06 16:22:44 -------- d-----w- c:\docume~1\pbest\locals~1\applic~1\PCHealth
    2011-04-06 15:58:42 -------- d-----w- c:\program files\PamperedPartnerPlus
    2011-03-25 16:08:26 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
    2011-03-25 16:07:07 -------- d-----w- c:\docume~1\pbest\locals~1\applic~1\Research In Motion
    2011-03-25 12:51:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\Verizon
    2011-03-25 12:51:43 -------- d-----w- c:\docume~1\pbest\locals~1\applic~1\V CAST Media Manager
    2011-03-25 12:50:27 -------- d-----w- c:\program files\Verizon V CAST Media Manager
    2011-03-25 12:42:06 -------- d-----w- c:\program files\HTC
    2011-03-25 12:41:58 4621840 ----a-w- c:\temp\drivers.exe
    2011-03-25 12:41:43 -------- d-----w- C:\Temp
    2011-03-23 23:54:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\Verizon Wireless
    2011-03-23 23:52:23 -------- d-----w- c:\program files\Novatel Wireless
    2011-03-23 23:51:49 -------- d-----w- c:\docume~1\pbest\locals~1\applic~1\Downloaded Installations
    2011-03-23 23:33:13 -------- d-----w- c:\docume~1\pbest\applic~1\Smith Micro
    2011-03-23 15:18:25 -------- d-----w- c:\docume~1\pbest\locals~1\applic~1\Temp
    2011-03-22 15:36:08 -------- d-----w- c:\docume~1\alluse~1\applic~1\Research In Motion
    2011-03-21 18:19:31 -------- d-----w- c:\documents and settings\pbest\Bluetooth Software
    2011-03-21 16:16:25 -------- d-----w- c:\docume~1\pbest\applic~1\Windows Search
    2011-03-21 15:30:53 -------- d-----w- c:\docume~1\pbest\applic~1\Research In Motion
    .
    ==================== Find3M ====================
    .
    2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
    2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
    2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
    2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
    2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2011-02-03 01:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-02 23:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
    .
    ============= FINISH: 0:33:24.07 ===============

    Attach.txt

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume3
    Install Date: 8/26/2009 1:18:40 PM
    System Uptime: 4/19/2011 12:14:45 AM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0X564R
    Processor: Intel Pentium III Xeon processor | Microprocessor | 2526/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 72 GiB total, 40.092 GiB free.
    D: is FIXED (NTFS) - 2 GiB total, 1.128 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: 1394 Net Adapter
    Device ID: V1394\NIC1394\D076621344FC000
    Manufacturer: Microsoft
    Name: 1394 Net Adapter
    PNP Device ID: V1394\NIC1394\D076621344FC000
    Service: NIC1394
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Cisco Systems VPN Adapter
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco Systems VPN Adapter
    PNP Device ID: ROOT\NET\0000
    Service: CVirtA
    .
    ==== System Restore Points ===================
    .
    RP1: 4/14/2011 5:32:10 PM - System Checkpoint
    RP2: 4/14/2011 5:32:56 PM - Software Distribution Service 3.0
    RP3: 4/18/2011 10:06:37 AM - System Checkpoint
    RP4: 4/18/2011 10:57:33 PM - Printer Driver FoxTab PDF Virtual Printer Installed
    RP5: 4/18/2011 11:16:24 PM - Revo Uninstaller's restore point - FoxTab PDF Converter
    RP6: 4/18/2011 11:22:36 PM - Revo Uninstaller's restore point - Learn.com Player (Uninstall Only)
    .
    ==== Hosts File Hijack ======================
    .
    Hosts: 64.27.10.42 www.google.com
    Hosts: 64.27.10.42 www.google.com.au
    Hosts: 64.27.10.42 www.google.be
    Hosts: 64.27.10.42 www.google.com.br
    Hosts: 64.27.10.42 www.google.ca
    Hosts: 64.27.10.42 www.google.ch
    Hosts: 64.27.10.42 www.google.de
    Hosts: 64.27.10.42 www.google.dk
    Hosts: 64.27.10.42 www.google.fr
    Hosts: 64.27.10.42 www.google.ie
    Hosts: 64.27.10.42 www.google.it
    Hosts: 64.27.10.42 www.google.co.jp
    Hosts: 64.27.10.42 www.google.nl
    Hosts: 64.27.10.42 www.google.no
    Hosts: 64.27.10.42 www.google.co.nz
    Hosts: 64.27.10.42 www.google.pl
    Hosts: 64.27.10.42 www.google.se
    Hosts: 64.27.10.42 www.google.co.uk
    Hosts: 64.27.10.42 www.google.co.za
    Hosts: 64.27.10.42 www.bing.com
    Hosts: 64.27.10.42 search.yahoo.com
    Hosts: 64.27.10.42 uk.search.yahoo.com
    Hosts: 64.27.10.42 ca.search.yahoo.com
    Hosts: 64.27.10.42 de.search.yahoo.com
    Hosts: 64.27.10.42 fr.search.yahoo.com
    Hosts: 64.27.10.42 au.search.yahoo.com
    Hosts: 64.27.10.42 www.google-analytics.com
    .
    ==== Installed Programs ======================
    .
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    Acrobat.com
    ActiveFax
    Adobe Acrobat 9 Standard
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.0.1)
    AEPlans - IDM
    All Day Battery Life Configuration
    Autodesk Design Review 2008
    AutoQuotes
    AutoQuotes 360
    BioAPI Framework
    BlackBerry Desktop Software 6.0.2
    Broadcom USH Host Components
    Cisco Systems VPN Client 5.0.00.0340
    Dell ControlPoint System Manager
    Dell Resource CD
    Dell Security Device Driver Pack
    Dell Touchpad
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    IDT Audio
    Intel PROSet Wireless
    Intel(R) Network Connections Drivers
    Intel(R) PROSet/Wireless WiFi Software
    iSqFt Full Viewer V4.01
    Java Auto Updater
    Java(TM) 6 Update 24
    KIP Request 7
    LiveUpdate 3.3 (Symantec Corporation)
    Malwarebytes' Anti-Malware
    MaxView
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Standard 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Numara Remote Control Host
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    PANTECH PC Card Software
    PowerDVD
    Revo Uninstaller 1.92
    RICOH R5C83x/84x Media Driver Ver.3.53.02
    Search Toolbar
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2466156)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft Office Excel 2007 (KB2464583)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Spelling Dictionaries Support For Adobe Reader 9
    Symantec Endpoint Protection
    The Evolved Office Assistant 16 (16.0.192.1) MB6
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2522999)
    Update for Windows Internet Explorer 8 (KB973874)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Internet Explorer 8 (KB982632)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB943729)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Verizon Mobile Broadband Drivers
    Verizon V CAST Media Manager
    Verizon Wireless PC770 Firmware Updates
    VZAccess Manager
    WebFldrs XP
    WIDCOMM Bluetooth Software
    Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Search 4.0
    WModem Driver Installer
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/14/2011 9:03:17 AM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
    4/13/2011 10:50:21 PM, error: NETLOGON [5719] - No Domain Controller is available for domain HQDCSEC due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
    .
    ==== End Of File ===========================
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot! The host files have been hijacked. I'd like to see the Mbam log please.

    You will need to do a DNS Flush, then reset your router.
    Start> Run> type cmd> enter> at the C prompt type ipconfig /flushdns (note space before the /)

    Exit the Command prompt when finished and shut the system down.-

    • [1]. Shut down your computer, and any other computer connected to your router.
      [2]. On the back of the router, there should be a small hole or button labelled RESET. Using a bent paper clip or similar item, hold that in continuously for twenty seconds.
      [3]. Unplug the router. Wait sixty seconds.
      [4].Now holding again the reset button, plug it back in. Continue holding the reset button for twenty seconds. Unplug the router again.
      [5].With the router unplugged, start your computer. Run MBAM again.
      [6].Connect to the router again. The turn the router back on.
      [7].When it stabilizes, reboot your workstation and try to access the internet. If you have any issues, access the Router configuration page and re-enter your authentication information.
      [8]. Reboot the system and test the internet. You may have to reconfigure the router settings based on your setup.
    ==============================
    When finished:Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
    10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    11. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the clipboard you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ==========================
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
     
  3. pjaneb012673

    pjaneb012673 TS Rookie Topic Starter

    C:\Program Files\EsetOnlineScanner\log.txt

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6427
    # api_version=3.0.2
    # EOSSerial=3b91e965f7019c499138d57ab502b70f
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2011-04-21 02:20:46
    # local_time=2011-04-21 10:20:46 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=9
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=58875
    # found=2
    # cleaned=0
    # scan_time=1344
    C:\Documents and Settings\All Users\Application Data\6576a5\681.mof Win32/RogueAV.A trojan (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Search Toolbar\SearchToolbar.dll Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
     
  4. pjaneb012673

    pjaneb012673 TS Rookie Topic Starter

    C:\ComboFix.txt

    ComboFix 11-04-20.04 - pbest 04/21/2011 12:06:16.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2682 [GMT -4:00]
    Running from: c:\documents and settings\pbest\My Documents\ComboFix.exe
    AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\ahofmann\WINDOWS
    c:\documents and settings\All Users\Application Data\6576a5
    c:\documents and settings\All Users\Application Data\6576a5\681.mof
    c:\documents and settings\All Users\Application Data\6576a5\BackUp\Bluetooth.lnk
    c:\documents and settings\All Users\Application Data\6576a5\BackUp\Dell ControlPoint System Manager.lnk
    c:\documents and settings\All Users\Application Data\6576a5\BackUp\VPN Client.lnk
    c:\documents and settings\All Users\Application Data\6576a5\BackUp\Windows Search.lnk
    c:\documents and settings\All Users\Application Data\6576a5\BMP.ico
    c:\documents and settings\pbest\Recent\ANTIGEN.sys
    c:\documents and settings\pbest\Recent\cb.sys
    c:\documents and settings\pbest\Recent\ddv.sys
    c:\documents and settings\pbest\Recent\dudl.tmp
    c:\documents and settings\pbest\Recent\eb.tmp
    c:\documents and settings\pbest\Recent\energy.tmp
    c:\documents and settings\pbest\Recent\exec.drv
    c:\documents and settings\pbest\Recent\fan.dll
    c:\documents and settings\pbest\Recent\fix.drv
    c:\documents and settings\pbest\Recent\fix.sys
    c:\documents and settings\pbest\Recent\kernel32.dll
    c:\documents and settings\pbest\Recent\kernel32.exe
    c:\documents and settings\pbest\Recent\PE.drv
    c:\documents and settings\pbest\Recent\PE.tmp
    c:\documents and settings\pbest\Recent\ppal.dll
    c:\documents and settings\pbest\Recent\sld.exe
    c:\documents and settings\pbest\Recent\SM.exe
    C:\install.exe
    c:\program files\Search Toolbar
    c:\program files\Search Toolbar\icon.ico
    c:\program files\Search Toolbar\SearchToolbar.dll
    c:\program files\Search Toolbar\SearchToolbarUninstall.exe
    c:\program files\Search Toolbar\SearchToolbarUpdater.exe
    C:\Thumbs.db
    c:\windows\sv.ini
    c:\windows\system32\Thumbs.db
    D:\AUTORUN.INF
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-21 to 2011-04-21 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-21 14:56 . 2011-04-21 14:56 -------- d-----w- c:\documents and settings\pbest\Local Settings\Application Data\Ilivid Player
    2011-04-21 14:56 . 2011-04-21 14:56 -------- d-----w- c:\documents and settings\pbest\Application Data\searchquband
    2011-04-21 14:54 . 2011-04-21 14:56 -------- d-----w- c:\documents and settings\pbest\Application Data\searchqutoolbar
    2011-04-21 14:54 . 2011-04-21 14:54 -------- d-----w- c:\program files\Windows iLivid Toolbar
    2011-04-21 14:54 . 2011-04-21 14:54 -------- d-----w- c:\documents and settings\pbest\Local Settings\Application Data\PackageAware
    2011-04-21 13:43 . 2011-04-21 13:43 -------- d-----w- c:\program files\ESET
    2011-04-19 04:47 . 2011-04-19 04:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-04-19 04:47 . 2011-04-19 04:47 -------- d-----w- c:\program files\Java
    2011-04-19 03:08 . 2011-04-19 03:08 -------- d-----w- c:\program files\VS Revo Group
    2011-04-19 02:57 . 2007-08-21 17:32 98304 ----a-w- c:\windows\system32\redmonnt.dll
    2011-04-18 23:25 . 2011-04-18 23:25 -------- d-----w- c:\documents and settings\pbest\Application Data\DriverCure
    2011-04-18 23:25 . 2011-04-18 23:25 -------- d-----w- c:\documents and settings\pbest\Application Data\ParetoLogic
    2011-04-18 23:25 . 2011-04-19 00:01 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
    2011-04-15 15:44 . 2011-04-15 15:44 -------- d-----w- c:\documents and settings\pbest\Application Data\Blackberry Desktop
    2011-04-14 19:35 . 2011-04-14 19:35 -------- d-sh--w- c:\documents and settings\administrator\IECompatCache
    2011-04-14 18:59 . 2011-04-14 18:59 -------- d-----w- c:\documents and settings\administrator\Application Data\Malwarebytes
    2011-04-14 18:27 . 2011-04-14 18:27 -------- d-----w- c:\documents and settings\pbest\Application Data\Malwarebytes
    2011-04-14 18:24 . 2011-04-14 18:24 -------- d-sh--w- c:\documents and settings\All Users\Application Data\BMJCP
    2011-04-11 15:07 . 2011-04-11 15:07 -------- d-----w- c:\documents and settings\pbest\Application Data\ElevatedDiagnostics
    2011-04-11 15:03 . 2011-04-11 15:03 -------- d--h--w- c:\windows\PIF
    2011-04-09 05:13 . 2011-04-09 05:16 -------- d-----w- c:\windows\system32\NtmsData
    2011-04-08 20:33 . 2011-04-08 20:33 69632 ----a-r- c:\documents and settings\pbest\Application Data\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
    2011-04-08 20:33 . 2011-04-08 20:33 69632 ----a-r- c:\documents and settings\pbest\Application Data\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
    2011-04-08 20:33 . 2011-04-08 20:33 69632 ----a-r- c:\documents and settings\pbest\Application Data\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
    2011-04-08 20:33 . 2011-04-08 20:33 69632 ----a-r- c:\documents and settings\pbest\Application Data\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
    2011-04-08 20:33 . 2011-04-08 20:33 69632 ----a-r- c:\documents and settings\pbest\Application Data\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
    2011-04-08 20:33 . 2011-04-08 20:33 69632 ----a-r- c:\documents and settings\pbest\Application Data\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
    2011-04-08 20:33 . 2011-04-08 20:33 69632 ----a-r- c:\documents and settings\pbest\Application Data\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
    2011-04-08 20:33 . 2011-04-08 20:33 69632 ----a-r- c:\documents and settings\pbest\Application Data\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\DesktopMgr.exe
    2011-04-07 18:10 . 2011-04-07 18:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
    2011-04-07 18:05 . 2011-04-07 18:05 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
    2011-04-07 18:05 . 2011-04-07 18:05 -------- d-----w- c:\program files\Google
    2011-04-07 01:21 . 2011-04-15 18:10 -------- d-----w- c:\documents and settings\pbest\Local Settings\Application Data\Google
    2011-04-07 01:20 . 2011-04-07 01:21 -------- d-----w- c:\documents and settings\pbest\Local Settings\Application Data\Deployment
    2011-04-06 16:56 . 2011-04-06 16:56 -------- d-----w- c:\documents and settings\pbest\Application Data\Autodesk
    2011-04-06 16:22 . 2011-04-06 16:22 -------- d-----w- c:\documents and settings\pbest\Local Settings\Application Data\PCHealth
    2011-04-06 15:58 . 2011-04-12 20:14 -------- d-----w- c:\program files\PamperedPartnerPlus
    2011-04-05 18:11 . 2011-04-05 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
    2011-03-25 16:08 . 2008-11-07 22:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
    2011-03-25 16:07 . 2011-03-25 16:07 -------- d-----w- c:\documents and settings\pbest\Local Settings\Application Data\Research In Motion
    2011-03-25 12:52 . 2011-04-21 15:21 -------- d-----w- c:\documents and settings\pbest\Application Data\vlc
    2011-03-25 12:51 . 2011-03-25 12:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Verizon
    2011-03-25 12:51 . 2011-04-10 00:38 -------- d-----w- c:\documents and settings\pbest\Local Settings\Application Data\V CAST Media Manager
    2011-03-25 12:50 . 2011-03-25 12:51 -------- d-----w- c:\program files\Verizon V CAST Media Manager
    2011-03-25 12:42 . 2011-03-25 12:42 -------- d-----w- c:\program files\HTC
    2011-03-25 12:41 . 2010-07-07 12:14 4621840 ----a-w- c:\temp\drivers.exe
    2011-03-25 12:41 . 2011-03-25 12:41 -------- d-----w- C:\Temp
    2011-03-23 23:54 . 2011-03-23 23:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Verizon Wireless
    2011-03-23 23:52 . 2011-03-23 23:52 -------- d-----w- c:\program files\Novatel Wireless
    2011-03-23 23:51 . 2011-03-23 23:51 -------- d-----w- c:\documents and settings\pbest\Local Settings\Application Data\Downloaded Installations
    2011-03-23 23:51 . 2011-03-23 23:51 -------- d-----w- c:\documents and settings\pbest\Application Data\InstallShield
    2011-03-23 23:33 . 2011-03-23 23:33 -------- d-----w- c:\documents and settings\pbest\Application Data\Smith Micro
    2011-03-23 15:18 . 2011-04-07 02:38 -------- d-----w- c:\documents and settings\pbest\Local Settings\Application Data\Temp
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-19 04:47 . 2011-03-16 19:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-03-07 05:33 . 2009-08-26 17:15 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:37 . 2008-04-13 23:00 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:21 . 2008-04-13 23:00 1857920 ----a-w- c:\windows\system32\win32k.sys
    2011-02-22 23:06 . 2008-04-13 23:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-02-22 23:06 . 2008-04-13 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-02-22 23:06 . 2008-04-13 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-02-22 11:41 . 2008-04-13 23:00 385024 ----a-w- c:\windows\system32\html.iec
    2011-02-17 13:18 . 2008-04-13 23:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-02-17 13:18 . 2008-04-13 23:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-02-17 12:32 . 2009-08-26 20:07 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2011-02-16 22:56 . 2010-06-16 17:53 64000 ----a-w- c:\windows\system32\drivers\RimUsb.sys
    2011-02-15 12:56 . 2008-04-13 23:00 290432 ----a-w- c:\windows\system32\atmfd.dll
    2011-02-09 13:53 . 2008-04-13 23:00 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53 . 2008-04-13 23:00 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-08 13:33 . 2008-04-13 23:00 978944 ----a-w- c:\windows\system32\mfc42.dll
    2011-02-08 13:33 . 2008-04-13 23:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2011-02-02 07:58 . 2009-08-26 17:14 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57 . 2009-08-26 17:14 677888 ----a-w- c:\windows\system32\mstsc.exe
    2001-12-03 21:09 . 2009-08-28 18:06 90112 ----a-w- c:\program files\internet explorer\plugins\DjVuControl.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HLBackupScheduler"="c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe" [2010-12-08 5247624]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-01 13537280]
    "nwiz"="nwiz.exe" [2008-08-01 1630208]
    "NVHotkey"="nvHotkey.dll" [2008-08-01 90112]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-01 86016]
    "AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-08-27 471040]
    "IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-07-11 1351680]
    "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-07-11 1191936]
    "DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-01-10 667648]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-12-21 200704]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-03-17 115560]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-8-15 604776]
    Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-2-6 1095456]
    VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2009-8-27 6144]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Numara Software\\Remote\\Host\\NHSTW32.EXE"=
    "c:\\Program Files\\ActiveFax\\Client\\ActFaxClient.exe"=
    "c:\\Program Files\\AutoQuotes\\AQNet6.exe"=
    "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
    "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
    "c:\\Program Files\\MSN\\MSNCoreFiles\\Install\\msnsusii.exe"=
    "c:\\Program Files\\PamperedPartnerPlus\\PamperedPartnerPlus.exe"=
    "c:\\Program Files\\Verizon Wireless\\VZAccess Manager\\VZAccess Manager.exe"=
    "c:\\Program Files\\Verizon Wireless\\Firmware Updates\\Novatel\\DUU_Verizon_PC770_FW167.029.exe"=
    "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Documents and Settings\\pbest\\My Documents\\My Pictures\\PDFConverterSetup.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    .
    R1 NHostNT1;Numara Remote Control Driver 1 ver. 9.00 (2007058);c:\windows\system32\drivers\NHOSTNT1.SYS [8/31/2009 10:34 AM 92432]
    R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [12/29/2008 11:07 AM 320800]
    R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [1/22/2009 10:19 AM 808296]
    R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [1/22/2009 10:19 AM 20840]
    R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2/6/2009 8:06 PM 443168]
    R2 NetOp Host for NT Service;Numara Remote Control Helper ver. 9.00 (2007058);c:\program files\Numara Software\Remote\Host\NHOSTSVC.EXE [8/31/2009 10:34 AM 1499408]
    R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [8/26/2009 1:29 PM 112128]
    R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [8/26/2009 2:38 PM 32808]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [8/26/2009 2:07 PM 244368]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/26/2011 2:54 PM 102448]
    R3 NHOSTNT3;Numara Remote Control Driver 3 ver. 9.00 (2007058) (NHOSTNT3);c:\windows\system32\drivers\NHOSTNT3.SYS [8/31/2009 10:34 AM 3216]
    S0 cerc6;cerc6; [x]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/7/2011 2:05 PM 136176]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [11/18/2008 6:17 PM 23888]
    S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/8/2010 10:52 AM 20480]
    S3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\drivers\nwusbmdm_000.sys [7/8/2010 10:52 AM 176384]
    S3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\drivers\nwusbser_000.sys [7/8/2010 10:52 AM 176384]
    S3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\drivers\nwusbser2_000.sys [7/8/2010 10:52 AM 176384]
    S3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\windows\system32\drivers\PTDCWWAN.sys [8/27/2009 4:18 PM 58240]
    S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [4/14/2010 8:29 PM 32408]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/13/2008 7:00 PM 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 18:05]
    .
    2011-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 18:05]
    .
    2011-04-21 c:\windows\Tasks\User_Feed_Synchronization-{98A4784B-8987-48D1-A068-C8576F85AB4D}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
    .
    2011-04-21 c:\windows\Tasks\User_Feed_Synchronization-{9B5CEC4A-EEAE-4576-86B6-04AA510AA859}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyServer = 10.201.1.2:80
    uInternet Settings,ProxyOverride = <local>
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-10 - (no file)
    HKCU-Run-C:!Documents and Settings!pbest!Local Settings!Application Data!Google!Chrome!User Data_service_run - c:\documents and settings\pbest\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    HKLM-Run-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray.exe
    SafeBoot-Symantec Antvirus
    AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
    AddRemove-3282912111.www.aq360.com - c:\program files\Microsoft Silverlight\4.0.60129.0\Silverlight.Configuration.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-04-21 12:12
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1796)
    c:\windows\system32\netprovcredman.dll
    .
    - - - - - - - > 'explorer.exe'(4664)
    c:\windows\system32\WININET.dll
    c:\windows\system32\btmmhook.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\btncopy.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
    c:\program files\Intel\WiFi\bin\S24EvMon.exe
    c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
    c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe
    c:\windows\System32\SCardSvr.exe
    c:\program files\Cisco Systems\VPN Client\cvpnd.exe
    c:\program files\Intel\WiFi\bin\EvtEng.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\nvsvc32.exe
    c:\windows\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe
    c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    c:\program files\Intel\WiFi\bin\WLKeeper.exe
    c:\windows\system32\SearchIndexer.exe
    c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\program files\Numara Software\Remote\Host\NHSTW32.EXE
    c:\program files\Numara Software\Remote\Host\nldrw32.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\RUNDLL32.EXE
    c:\program files\IDT\WDM\sttray.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\DellTPad\ApMsgFwd.exe
    c:\program files\DellTPad\HidFind.exe
    c:\program files\DellTPad\Apntex.exe
    c:\progra~1\WI371A~1\Datamngr\DATAMN~1.EXE
    .
    **************************************************************************
    .
    Completion time: 2011-04-21 12:15:15 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-04-21 16:15
    .
    Pre-Run: 42,391,773,184 bytes free
    Post-Run: 42,338,816,000 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - C0D6B6C96EE93B0BF4B28CBDCC6C51E0
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    After looking at the Combofix log, it is evident that this is a work system. While I am glad to assist members who may also use their system as part of their work, I don't attempt to replace the IT for the office:

    There is a great deal of software on this system pointing directly to a work-relate environment. Programs like:
    c:\program files\PamperedPartnerPlus>> (pampered chef consultant software)
    c:\program files\Numara Software\Remote\Host\NHSTW32.EXE
    c:\program files\Numara Software\Remote\Host\nldrw32.exe

    A log on of this:
    - - - - - - - > 'winlogon.exe'(1796)
    c:\windows\system32\netprovcredman.dll> Network Provider Credentials Manager

    You do have Best Malware Protection on the system which is a rogue anti-spyware program from the same family as Personal Internet Security 2011. It is hard to believe that Malwarebytes found nothing- but then you did not include the log.

    Please bring the system back to the attention of the IT. Tell him/her that some things were missed. If you were given this system to use as an employee, that it where you should go.

    If this is to be a personal computer for you, I would recommend doing a reformat/reinstall and only adding you own personal programs and apps.

    Combofix has removed entries- there is also some indication that an infected flash drive was used. If that is the case, you need to disinfect it-and any other movable devices: If they have been connected to other machines, they may now be infected.

    Please disinfect all movable drives
    1. Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
    2. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
      Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
    3. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
    4. Wait until it has finished scanning and then exit the program.
    5. Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
    =================
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.