Ugh...she told me she wasn't able to connect to the internet. When I looked at her computer, I noticed Norton 360 wasn't running and I couldn't get it to start. Fortunately she had Malwarebytes previously installed and although I couldn't update the database (no connection), running it did show that she had PUM.Hijack.Startmenu. I had it cleaned but still no luck get Norton to start or connecting to the internet. (Logs below) Doing some reading, I found and ran Marwarebytes Anti-RootKit. It found 2 things including Spyware.PWS and PUM.Hijack.Startmenu again. (Logs below) From this site, I downloaded DDS and ran it. (Log below). Any help is appreciated.
-----------------------------------------
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org
Database version: v2012.01.11.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Bob H :: REGINA [administrator]
11/17/2012 9:10:17 AM
mbam-log-2012-11-17 (09-10-17).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229104
Time elapsed: 21 minute(s), 25 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-----------------------------
Malwarebytes Anti-Rootkit 1.1.0.1009
www.malwarebytes.org
Database version: v2012.11.03.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Bob H :: REGINA [administrator]
11/19/2012 8:49:29 AM
mbar-log-2012-11-19 (08-49-29).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 28234
Time elapsed: 38 minute(s), 29 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Delete on reboot. [f1103163a1bc41f5753e30e7d1331de3]
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Documents and Settings\Jeannie\Local Settings\Temp\~DFBD3C.tmp (Spyware.PWS) -> Delete on reboot. [0cf593013429c6708c6b5f7ea063eb15]
(end)
-------------------------------
DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Bob H at 9:55:03 on 2012-11-19
#Option Extended Search is enabled.
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.564 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Dual-Band Wireless A+G Notebook Adapter\WLService.exe
C:\Program Files\Dual-Band Wireless A+G Notebook Adapter\WPC55AGV3.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -
BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: CNavExtBho Class: {BDF3E430-B101-42AD-A544-FADC6B084872} -
BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Norton AntiVirus: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [gcasServ] "c:\program files\microsoft antispyware\gcasServ.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [KodakShareButtonApp] c:\program files\kodak\kodak share button app\Listener.exe
mRun: [ArcSoft MediaImpression Monitor] c:\program files\kodak\mediaimpression\ArcMonitor.exe
mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRunOnce: [Z1] c:\documents and settings\bob h\desktop\mbar\mbar.exe /cleanup /s
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxps://virtualkitchenshowroom.homedepot.com/VS/Core/Player/2020PlayerAX_Win32.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8D59819B-2067-4A6B-84F4-7F84570E3C30} - hxxp://slnj.mylinksyscam.com:1025/img/LinksysMLViewer.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} - hxxp://192.168.1.104/NetCamPlayerWeb11gv2.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{BBFACFB2-FA12-4D1F-A203-002E71665BEF} : DHCPNameServer = 192.168.2.1 192.168.2.1
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft.AntiSpyware.ShellExecuteHook.1 - {9EF34FF2-3396-4527-9D27-04C8C1C67806} - c:\program files\microsoft antispyware\shellextension.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502000.00d\symds.sys [2012-1-30 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502000.00d\symefa.sys [2012-1-30 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20120207.003\BHDrvx86.sys [2012-2-9 820344]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys [2012-1-30 136312]
R2 WPC55AGV3;WPC55AGV3;c:\program files\dual-band wireless a+g notebook adapter\WLService.exe [2011-7-1 41025]
R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [2011-1-28 36224]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-4 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20120210.002\IDSXpx86.sys [2012-2-10 356280]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-11-19 35144]
S2 N360;Norton 360;c:\program files\norton 360\engine\5.2.0.13\ccsvchst.exe [2012-1-30 130008]
S2 pciinfo;HP Pci Information;\??\c:\docume~1\jeannie\locals~1\temp\hpispz\hpdom\pciinfo.sys --> c:\docume~1\jeannie\locals~1\temp\hpispz\hpdom\pciinfo.sys [?]
S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20120210.035\NAVENG.SYS [2012-2-11 86136]
S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20120210.035\NAVEX15.SYS [2012-2-11 1576312]
S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [2011-1-28 134912]
.
=============== File Associations ===============
.
ShellExec: hpqpssp.exe: Open=c:\program files\hp\digital imaging\bin\hpqpssp.exe
ShellExec: hpqpstp.exe: Open=c:\program files\hp\digital imaging\bin\hpqpstp.exe
.
=============== Created Last 60 ================
.
2012-11-19 14:45:2635144----a-w-c:\windows\system32\drivers\mbamchameleon.sys
2012-11-17 18:59:37--------d-----w-c:\windows\system32\wbem\repository\FS
2012-11-17 18:59:37--------d-----w-c:\windows\system32\wbem\Repository
2012-11-17 18:41:23--------d-----w-c:\documents and settings\bob h\local settings\application data\NPE
2012-11-17 14:09:47--------d-----w-c:\documents and settings\bob h\application data\Malwarebytes
2012-11-17 14:04:08--------d-----w-c:\documents and settings\all users\application data\PC Tools
2012-11-12 15:57:11--------d-----w-c:\program files\D-Link
2012-10-02 18:04:2158368------w-c:\windows\system32\dllcache\synceng.dll
2012-09-24 21:05:4291648----a-w-c:\windows\system32\spool\prtprocs\w32x86\hpzpp4sa.dll
2012-09-24 21:05:4138400----a-w-c:\windows\system32\hpz3l4sa.dll
2012-09-24 21:04:11286720----a-r-c:\windows\system32\HPZc3212.dll
2012-09-24 21:04:10258122----a-r-c:\windows\system32\hpovst09.dll
2012-09-24 21:04:09835072----a-r-c:\windows\system32\hpwtiop1.dll
2012-09-24 21:04:08876544----a-r-c:\windows\system32\hpwwiax1.dll
.
==================== Find6M ====================
.
2012-10-22 08:37:311866368----a-w-c:\windows\system32\win32k.sys
2012-10-02 18:04:2158368----a-w-c:\windows\system32\synceng.dll
2012-08-28 15:14:53916992----a-w-c:\windows\system32\wininet.dll
2012-08-28 15:14:5343520----a-w-c:\windows\system32\licmgr10.dll
2012-08-28 15:14:521469440------w-c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15385024----a-w-c:\windows\system32\html.iec
2012-08-24 13:53:22177664----a-w-c:\windows\system32\wintrust.dll
2012-08-21 13:29:192192896----a-w-c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:062069632----a-w-c:\windows\system32\ntkrnlpa.exe
2012-07-06 13:58:5178336----a-w-c:\windows\system32\browser.dll
2012-07-04 14:05:18139784----a-w-c:\windows\system32\drivers\rdpwd.sys
2012-06-05 15:50:251372672----a-w-c:\windows\system32\msxml6.dll
2012-06-05 15:50:251172480----a-w-c:\windows\system32\msxml3.dll
2012-06-04 04:32:08152576----a-w-c:\windows\system32\schannel.dll
2012-06-02 19:19:4422040----a-w-c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38219160----a-w-c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:3815384----a-w-c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:3415384----a-w-c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:3017944----a-w-c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58275696----a-w-c:\windows\system32\mucltui.dll
2012-06-02 19:18:58214256----a-w-c:\windows\system32\muweb.dll
2012-06-02 19:18:5817136----a-w-c:\windows\system32\mucltui.dll.mui
2012-06-01 16:50:06601088----a-w-c:\windows\system32\crypt32.dll
2012-01-31 01:14:4438808920----a-w-c:\program files\FileFormatConverters.exe
.
============= FINISH: 9:56:11.89 ===============
-----------------------------------------
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org
Database version: v2012.01.11.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Bob H :: REGINA [administrator]
11/17/2012 9:10:17 AM
mbam-log-2012-11-17 (09-10-17).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229104
Time elapsed: 21 minute(s), 25 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-----------------------------
Malwarebytes Anti-Rootkit 1.1.0.1009
www.malwarebytes.org
Database version: v2012.11.03.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Bob H :: REGINA [administrator]
11/19/2012 8:49:29 AM
mbar-log-2012-11-19 (08-49-29).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 28234
Time elapsed: 38 minute(s), 29 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Delete on reboot. [f1103163a1bc41f5753e30e7d1331de3]
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Documents and Settings\Jeannie\Local Settings\Temp\~DFBD3C.tmp (Spyware.PWS) -> Delete on reboot. [0cf593013429c6708c6b5f7ea063eb15]
(end)
-------------------------------
DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Bob H at 9:55:03 on 2012-11-19
#Option Extended Search is enabled.
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.564 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Dual-Band Wireless A+G Notebook Adapter\WLService.exe
C:\Program Files\Dual-Band Wireless A+G Notebook Adapter\WPC55AGV3.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -
BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: CNavExtBho Class: {BDF3E430-B101-42AD-A544-FADC6B084872} -
BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Norton AntiVirus: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [gcasServ] "c:\program files\microsoft antispyware\gcasServ.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [KodakShareButtonApp] c:\program files\kodak\kodak share button app\Listener.exe
mRun: [ArcSoft MediaImpression Monitor] c:\program files\kodak\mediaimpression\ArcMonitor.exe
mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRunOnce: [Z1] c:\documents and settings\bob h\desktop\mbar\mbar.exe /cleanup /s
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxps://virtualkitchenshowroom.homedepot.com/VS/Core/Player/2020PlayerAX_Win32.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8D59819B-2067-4A6B-84F4-7F84570E3C30} - hxxp://slnj.mylinksyscam.com:1025/img/LinksysMLViewer.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} - hxxp://192.168.1.104/NetCamPlayerWeb11gv2.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{BBFACFB2-FA12-4D1F-A203-002E71665BEF} : DHCPNameServer = 192.168.2.1 192.168.2.1
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft.AntiSpyware.ShellExecuteHook.1 - {9EF34FF2-3396-4527-9D27-04C8C1C67806} - c:\program files\microsoft antispyware\shellextension.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502000.00d\symds.sys [2012-1-30 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502000.00d\symefa.sys [2012-1-30 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20120207.003\BHDrvx86.sys [2012-2-9 820344]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys [2012-1-30 136312]
R2 WPC55AGV3;WPC55AGV3;c:\program files\dual-band wireless a+g notebook adapter\WLService.exe [2011-7-1 41025]
R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [2011-1-28 36224]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-4 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20120210.002\IDSXpx86.sys [2012-2-10 356280]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-11-19 35144]
S2 N360;Norton 360;c:\program files\norton 360\engine\5.2.0.13\ccsvchst.exe [2012-1-30 130008]
S2 pciinfo;HP Pci Information;\??\c:\docume~1\jeannie\locals~1\temp\hpispz\hpdom\pciinfo.sys --> c:\docume~1\jeannie\locals~1\temp\hpispz\hpdom\pciinfo.sys [?]
S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20120210.035\NAVENG.SYS [2012-2-11 86136]
S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20120210.035\NAVEX15.SYS [2012-2-11 1576312]
S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [2011-1-28 134912]
.
=============== File Associations ===============
.
ShellExec: hpqpssp.exe: Open=c:\program files\hp\digital imaging\bin\hpqpssp.exe
ShellExec: hpqpstp.exe: Open=c:\program files\hp\digital imaging\bin\hpqpstp.exe
.
=============== Created Last 60 ================
.
2012-11-19 14:45:2635144----a-w-c:\windows\system32\drivers\mbamchameleon.sys
2012-11-17 18:59:37--------d-----w-c:\windows\system32\wbem\repository\FS
2012-11-17 18:59:37--------d-----w-c:\windows\system32\wbem\Repository
2012-11-17 18:41:23--------d-----w-c:\documents and settings\bob h\local settings\application data\NPE
2012-11-17 14:09:47--------d-----w-c:\documents and settings\bob h\application data\Malwarebytes
2012-11-17 14:04:08--------d-----w-c:\documents and settings\all users\application data\PC Tools
2012-11-12 15:57:11--------d-----w-c:\program files\D-Link
2012-10-02 18:04:2158368------w-c:\windows\system32\dllcache\synceng.dll
2012-09-24 21:05:4291648----a-w-c:\windows\system32\spool\prtprocs\w32x86\hpzpp4sa.dll
2012-09-24 21:05:4138400----a-w-c:\windows\system32\hpz3l4sa.dll
2012-09-24 21:04:11286720----a-r-c:\windows\system32\HPZc3212.dll
2012-09-24 21:04:10258122----a-r-c:\windows\system32\hpovst09.dll
2012-09-24 21:04:09835072----a-r-c:\windows\system32\hpwtiop1.dll
2012-09-24 21:04:08876544----a-r-c:\windows\system32\hpwwiax1.dll
.
==================== Find6M ====================
.
2012-10-22 08:37:311866368----a-w-c:\windows\system32\win32k.sys
2012-10-02 18:04:2158368----a-w-c:\windows\system32\synceng.dll
2012-08-28 15:14:53916992----a-w-c:\windows\system32\wininet.dll
2012-08-28 15:14:5343520----a-w-c:\windows\system32\licmgr10.dll
2012-08-28 15:14:521469440------w-c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15385024----a-w-c:\windows\system32\html.iec
2012-08-24 13:53:22177664----a-w-c:\windows\system32\wintrust.dll
2012-08-21 13:29:192192896----a-w-c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:062069632----a-w-c:\windows\system32\ntkrnlpa.exe
2012-07-06 13:58:5178336----a-w-c:\windows\system32\browser.dll
2012-07-04 14:05:18139784----a-w-c:\windows\system32\drivers\rdpwd.sys
2012-06-05 15:50:251372672----a-w-c:\windows\system32\msxml6.dll
2012-06-05 15:50:251172480----a-w-c:\windows\system32\msxml3.dll
2012-06-04 04:32:08152576----a-w-c:\windows\system32\schannel.dll
2012-06-02 19:19:4422040----a-w-c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38219160----a-w-c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:3815384----a-w-c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:3415384----a-w-c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:3017944----a-w-c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58275696----a-w-c:\windows\system32\mucltui.dll
2012-06-02 19:18:58214256----a-w-c:\windows\system32\muweb.dll
2012-06-02 19:18:5817136----a-w-c:\windows\system32\mucltui.dll.mui
2012-06-01 16:50:06601088----a-w-c:\windows\system32\crypt32.dll
2012-01-31 01:14:4438808920----a-w-c:\program files\FileFormatConverters.exe
.
============= FINISH: 9:56:11.89 ===============