As the title states, I recently got a virus and it has blocked my access to tne internet. I finally tried to fix it by updating my antivirus software and realized I couldn't upgrade without an internet connect. Anyone have any helpful hints?
Jef1308 0 Newbie Poster
Jef1308 0 Newbie Poster
Sorry I noticed the "read me" after I posted this. I am in the process of running all of the scans on my computer but will post result after I get some sleep. I have ran the ATF, GMER, and am currently running MBAM. The first GMER ran correctly and I have the logs saved from the scan but shut itself down after I tried the second scan. I was curious if this was because I left too many boxes checked (i.e. the devices, modules, etc.). Should those be unselected?
Like I said I will post the GMER One, DDS, and MBAM logs after I finish them tomorrow.
Jef1308 0 Newbie Poster
After a night of sleep I am feeling much better and have gotten all of the logs that I was able to get. The only one that should be missing (Unless I overlooked something) should be the GMER Two log. As I stated above, it shutdown in the middle of the scan.
GMER One
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-22 04:48:58
Windows 6.0.6001 Service Pack 1
Running: kz4bwdro.exe; Driver: C:\Users\jef\AppData\Local\Temp\uwldypow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
MBAM
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4461
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
8/22/2010 3:41:51 PM
mbam-log-2010-08-22 (15-41-51).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 323489
Time elapsed: 4 hour(s), 9 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 4
Registry Data Items Infected: 14
Folders Infected: 1
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\e405.e405mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e405.e405mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c0f371d7-926d-4700-b65e-63bff1197205} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b876028-b388-4f6d-922f-f52faec8535f} (Adware.NetPumper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0b876028-b388-4f6d-922f-f52faec8535f} (Adware.NetPumper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0b876028-b388-4f6d-922f-f52faec8535f} (Adware.NetPumper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\e405.e405mgr (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0b876028-b388-4f6d-922f-f52faec8535f} (Adware.NetPumper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{0b876028-b388-4f6d-922f-f52faec8535f} (Adware.NetPumper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0b876028-b388-4f6d-922f-f52faec8535f} (Adware.NetPumper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{0b876028-b388-4f6d-922f-f52faec8535f} (Adware.NetPumper) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com/ie6.html) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\(default) (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com/ie6.html) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\(default) (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
Folders Infected:
C:\Windows\System32\238044 (Trojan.BHO) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\WeFiBar\tbWeFi.dll (Adware.NetPumper) -> Quarantined and deleted successfully.
C:\Users\jef\Downloads\PopularScreensaversSetup2.3.50.22.ZRfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
DDS and Attach
DDS (Ver_10-03-17.01) - NTFSx86
Run by jef at 16:02:40.40 on Sun 08/22/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_07
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.893.261 [GMT -5:00]
AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton AntiVirus *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\rpcnet.exe
C:\Program Files\Windows SSL Transport\servlnks.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Absolute Software\LoJack for Laptops Notifier 2\LoJackNotifier.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Windows\system32\AbtSvcHost_.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
G:\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.Google.com/
uSearch Bar = hxxp://www.Google.com/
uSearch Page = hxxp://www.Google.com/
uSearchMigratedDefaultURL = hxxp://www.Google.com/
mDefault_Search_URL = hxxp://www.Google.com/
mSearch Bar = hxxp://www.Google.com/
mSearch Page = hxxp://www.Google.com/
mSearchMigratedDefaultURL = hxxp://www.Google.com/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:55636
uSearchAssistant = hxxp://www.Google.com/
mSearchURL = hxxp://www.Google.com/
mSearchAssistant = hxxp://www.Google.com/
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11 (.NET CLR 3.5.30729)" -"http://www.gamespyarcade.com/software/webgames/sicktwisted/fivefinger/fivefinger_index.htm"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRunOnce: [<NO NAME>]
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - hxxp://launch.gamespyarcade.com/software/launch/alaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} - hxxp://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\jef\appdata\roaming\mozilla\firefox\profiles\b0q2csts.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 55636
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20091217.001\IDSvix86.sys [2009-12-18 286768]
R2 AbtSvcHost;AbtSvcHost;c:\windows\system32\AbtSvcHost_.exe [2010-7-16 49584]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-10-30 149352]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\norton pc checkup\engine\2.0.2.506\SymcPCCULaunchSvc.exe [2009-12-9 103280]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\norton pc checkup\engine\2.0.2.506\ccSvcHst.exe [2009-12-9 126392]
R2 servlnks;servlnks;c:\program files\windows ssl transport\servlnks.exe [2008-5-20 9728]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-12-1 102448]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-6-21 1251720]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c994c7ef977a09;Google Update Service (gupdate1c994c7ef977a09);c:\program files\google\update\GoogleUpdate.exe [2009-2-22 133104]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2009-7-25 28672]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
=============== Created Last 30 ================
2010-08-22 10:15:07 0 d-----w- c:\users\jef\appdata\roaming\Malwarebytes
2010-08-22 10:14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-22 10:14:37 0 d-----w- c:\programdata\Malwarebytes
2010-08-22 10:14:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-22 10:14:36 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-16 03:30:12 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-16 03:27:29 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-08-16 03:27:21 36352 ----a-w- c:\windows\system32\rtutils.dll
2010-08-16 03:27:11 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-16 03:27:10 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-16 03:27:02 1257472 ----a-w- c:\windows\system32\msxml3.dll
2010-08-16 03:26:50 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-16 03:26:49 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-16 03:25:16 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
==================== Find3M ====================
2010-08-22 20:47:15 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-08-22 20:47:13 57752 ----a-w- c:\windows\system32\rpcnet.dll
2010-07-17 11:35:56 29184 ----a-w- c:\windows\system32\CtLoJack.dll
2010-07-12 16:52:12 49584 ----a-w- c:\windows\system32\AbtSvcHost_.exe
2010-07-12 16:52:12 49584 ----a-w- c:\windows\system32\AbtSvcHost.exe
2010-06-28 16:17:26 833024 ----a-w- c:\windows\system32\wininet.dll
2010-06-28 16:13:32 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-11 15:31:42 274432 ----a-w- c:\windows\system32\schannel.dll
2010-05-26 16:16:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25:15 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-03-17 02:06:36 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-03-17 02:06:36 51200 ----a-w- c:\windows\inf\infpub.dat
2010-03-17 02:06:30 86016 ----a-w- c:\windows\inf\infstor.dat
2008-11-28 08:17:44 174 --sha-w- c:\program files\desktop.ini
2008-11-28 01:16:50 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2006-11-22 14:55:54 8192 --sha-w- c:\windows\users\default\NTUSER.DAT
============= FINISH: 16:03:27.43 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 6/20/2008 8:34:45 PM
System Uptime: 8/22/2010 3:46:05 PM (1 hours ago)
Motherboard: Dell Inc. | | 0UW953
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-50 | Socket M2/S1G1 | 1600/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 102 GiB total, 22.66 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 0.864 GiB free.
E: is CDROM ()
F: is CDROM (CDFS)
G: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP533: 8/4/2010 3:00:17 AM - Windows Update
RP534: 8/15/2010 10:02:36 PM - Windows Update
RP535: 8/16/2010 5:17:52 PM - Windows Update
RP536: 8/18/2010 12:00:07 AM - Scheduled Checkpoint
RP537: 8/18/2010 3:00:48 AM - Windows Update
RP538: 8/22/2010 3:20:03 AM - Windows Update
==== Installed Programs ======================
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Adobe Shockwave Player
AIM 7
AIM Toolbar
AppCore
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Big Fish Games Client
Bonjour
Canon Inkjet Printer Driver Add-On Module
ccCommon
CCleaner (remove only)
CLUE Classic
CLUE Classic (remove only)
Component Framework
Conexant HDA D110 MDC V.92 Modem
DivX Web Player
Download Updater (AOL LLC)
DX-Ball 1.09
eBay Desktop
Flow Chart Maker
Freedom Surfing Toolkit
GameSpy Arcade
Google Earth
Google Update Helper
Google Updater
Graboid Video 1.5
GTA San Andreas
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iPhone Configuration Utility
iTunes
Java(TM) 6 Update 7
K-Lite Mega Codec Pack 3.8.0
LiveUpdate (Symantec Corporation)
LoJack for Laptops Notifier
Malwarebytes' Anti-Malware
ManyCam 2.4 (remove only)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Age of Empires Gold
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
Mozilla ActiveX Control v1.7.12
Mozilla Firefox (3.5.2)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery Case Files: Huntsville
Nero 8
neroxml
Netflix Movie Viewer
Norton AntiVirus
Norton AntiVirus (Symantec Corporation)
Norton AntiVirus Help
Norton PC Checkup
Norton Protection Center
OpenOffice.org Installer 1.0
QuickTime
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
SPBBC 32bit
Symantec Real Time Storage Protection Component
Symantec Technical Support Web Controls
SymNet
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2279264)
VC80CRTRedist - 8.0.50727.762
VCRedistSetup
VideoLAN VLC media player 0.8.6d
VNC Free Edition 4.1.3
WeFi 3.6.0.7
WeFiBar Toolbar
WildTangent Games
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
==== End Of File ===========================
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Hi and welcome to the Daniweb forums :).
==========
You are not running DDS from the desktop as requested in the sticky. Please move it to that location.
----
Please download ComboFix by sUBs from HERE or HERE
- You must download it to and run it from your Desktop
- Physically disconnect from the internet.
- Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
- Double click combofix.exe & follow the prompts.
- When finished, it will produce a log. Please save that log to post in your next reply.
- Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Run Combofix ONCE only!!
Jef1308 0 Newbie Poster
Sorry about that. Here are the DDS, Attach, and the CF logs. Also, should I attempt to run the GMER scans again?
DDS
DDS (Ver_10-03-17.01) - NTFSx86
Run by jef at 13:05:44.57 on Mon 08/23/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_07
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.893.350 [GMT -5:00]
AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton AntiVirus *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\rpcnet.exe
C:\Program Files\Windows SSL Transport\servlnks.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Absolute Software\LoJack for Laptops Notifier 2\LoJackNotifier.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\AbtSvcHost_.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\jef\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.Google.com/
uSearch Bar = hxxp://www.Google.com/
uSearch Page = hxxp://www.Google.com/
uSearchMigratedDefaultURL = hxxp://www.Google.com/
mDefault_Search_URL = hxxp://www.Google.com/
mSearch Bar = hxxp://www.Google.com/
mSearch Page = hxxp://www.Google.com/
mSearchMigratedDefaultURL = hxxp://www.Google.com/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:55636
uSearchAssistant = hxxp://www.Google.com/
mSearchURL = hxxp://www.Google.com/
mSearchAssistant = hxxp://www.Google.com/
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11 (.NET CLR 3.5.30729)" -"http://www.gamespyarcade.com/software/webgames/sicktwisted/fivefinger/fivefinger_index.htm"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRunOnce: [<NO NAME>]
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - hxxp://launch.gamespyarcade.com/software/launch/alaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} - hxxp://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\jef\appdata\roaming\mozilla\firefox\profiles\b0q2csts.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 55636
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20091217.001\IDSvix86.sys [2009-12-18 286768]
R2 AbtSvcHost;AbtSvcHost;c:\windows\system32\AbtSvcHost_.exe [2010-7-16 49584]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-10-30 149352]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\norton pc checkup\engine\2.0.2.506\SymcPCCULaunchSvc.exe [2009-12-9 103280]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\norton pc checkup\engine\2.0.2.506\ccSvcHst.exe [2009-12-9 126392]
R2 servlnks;servlnks;c:\program files\windows ssl transport\servlnks.exe [2008-5-20 9728]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-12-1 102448]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-6-21 1251720]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c994c7ef977a09;Google Update Service (gupdate1c994c7ef977a09);c:\program files\google\update\GoogleUpdate.exe [2009-2-22 133104]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2009-7-25 28672]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
=============== Created Last 30 ================
2010-08-22 10:15:07 0 d-----w- c:\users\jef\appdata\roaming\Malwarebytes
2010-08-22 10:14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-22 10:14:37 0 d-----w- c:\programdata\Malwarebytes
2010-08-22 10:14:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-22 10:14:36 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-16 03:30:12 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-16 03:27:29 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-08-16 03:27:21 36352 ----a-w- c:\windows\system32\rtutils.dll
2010-08-16 03:27:11 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-16 03:27:10 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-16 03:27:02 1257472 ----a-w- c:\windows\system32\msxml3.dll
2010-08-16 03:26:50 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-16 03:26:49 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-16 03:25:16 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
==================== Find3M ====================
2010-08-23 14:34:25 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-08-23 01:24:06 57752 ----a-w- c:\windows\system32\rpcnet.dll
2010-07-17 11:35:56 29184 ----a-w- c:\windows\system32\CtLoJack.dll
2010-07-12 16:52:12 49584 ----a-w- c:\windows\system32\AbtSvcHost_.exe
2010-07-12 16:52:12 49584 ----a-w- c:\windows\system32\AbtSvcHost.exe
2010-06-28 16:17:26 833024 ----a-w- c:\windows\system32\wininet.dll
2010-06-28 16:13:32 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-11 15:31:42 274432 ----a-w- c:\windows\system32\schannel.dll
2010-05-26 16:16:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25:15 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-03-17 02:06:36 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-03-17 02:06:36 51200 ----a-w- c:\windows\inf\infpub.dat
2010-03-17 02:06:30 86016 ----a-w- c:\windows\inf\infstor.dat
2008-11-28 08:17:44 174 --sha-w- c:\program files\desktop.ini
2008-11-28 01:16:50 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2006-11-22 14:55:54 8192 --sha-w- c:\windows\users\default\NTUSER.DAT
============= FINISH: 13:08:04.70 ===============
Attach
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 6/20/2008 8:34:45 PM
System Uptime: 8/23/2010 3:54:21 AM (10 hours ago)
Motherboard: Dell Inc. | | 0UW953
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-50 | Socket M2/S1G1 | 1600/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 102 GiB total, 22.476 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 0.864 GiB free.
E: is CDROM ()
F: is CDROM (CDFS)
G: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
==== Installed Programs ======================
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Adobe Shockwave Player
AIM 7
AIM Toolbar
AppCore
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Big Fish Games Client
Bonjour
Canon Inkjet Printer Driver Add-On Module
ccCommon
CCleaner (remove only)
CLUE Classic
CLUE Classic (remove only)
Component Framework
Conexant HDA D110 MDC V.92 Modem
DivX Web Player
Download Updater (AOL LLC)
DX-Ball 1.09
eBay Desktop
Flow Chart Maker
Freedom Surfing Toolkit
GameSpy Arcade
Google Earth
Google Update Helper
Google Updater
Graboid Video 1.5
GTA San Andreas
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iPhone Configuration Utility
iTunes
Java(TM) 6 Update 7
K-Lite Mega Codec Pack 3.8.0
LiveUpdate (Symantec Corporation)
LoJack for Laptops Notifier
Malwarebytes' Anti-Malware
ManyCam 2.4 (remove only)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Age of Empires Gold
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
Mozilla ActiveX Control v1.7.12
Mozilla Firefox (3.5.2)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery Case Files: Huntsville
Nero 8
neroxml
Netflix Movie Viewer
Norton AntiVirus
Norton AntiVirus (Symantec Corporation)
Norton AntiVirus Help
Norton PC Checkup
Norton Protection Center
OpenOffice.org Installer 1.0
QuickTime
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
SPBBC 32bit
Symantec Real Time Storage Protection Component
Symantec Technical Support Web Controls
SymNet
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2279264)
VC80CRTRedist - 8.0.50727.762
VCRedistSetup
VideoLAN VLC media player 0.8.6d
VNC Free Edition 4.1.3
WeFi 3.6.0.7
WeFiBar Toolbar
WildTangent Games
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
==== End Of File ===========================
CF log
ComboFix 10-08-22.07 - jef 08/23/2010 13:38:35.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.893.240 [GMT -5:00]
Running from: c:\users\jef\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
SP: Norton AntiVirus *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\setup.exe
c:\users\jef\AppData\Local\Microsoft\Windows\Temporary Internet Files\TestBrowser.html
.
((((((((((((((((((((((((( Files Created from 2010-07-23 to 2010-08-23 )))))))))))))))))))))))))))))))
.
2010-08-23 19:00 . 2010-08-23 19:01 -------- d-----w- c:\users\jef\AppData\Local\temp
2010-08-23 19:00 . 2010-08-23 19:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-22 10:15 . 2010-08-22 10:15 -------- d-----w- c:\users\jef\AppData\Roaming\Malwarebytes
2010-08-22 10:14 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-22 10:14 . 2010-08-22 10:14 -------- d-----w- c:\programdata\Malwarebytes
2010-08-22 10:14 . 2010-08-22 10:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-22 10:14 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-16 03:30 . 2010-05-27 19:16 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-16 03:27 . 2010-06-21 13:18 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-08-16 03:27 . 2010-06-18 16:43 36352 ----a-w- c:\windows\system32\rtutils.dll
2010-08-16 03:27 . 2010-06-08 17:00 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-16 03:27 . 2010-06-08 17:00 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-16 03:27 . 2010-06-11 15:30 1257472 ----a-w- c:\windows\system32\msxml3.dll
2010-08-16 03:26 . 2010-06-18 14:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-16 03:26 . 2010-06-18 14:43 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-16 03:25 . 2010-06-16 15:59 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-23 18:24 . 2008-06-21 01:29 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-08-23 18:24 . 2008-06-21 01:19 57752 ----a-w- c:\windows\system32\rpcnet.dll
2010-08-23 14:47 . 2009-02-22 08:30 -------- d-----w- c:\programdata\Google Updater
2010-08-22 20:41 . 2009-06-24 00:40 -------- d-----w- c:\program files\WeFiBar
2010-08-18 08:10 . 2008-06-23 04:52 -------- d-----w- c:\programdata\Microsoft Help
2010-08-18 08:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-17 11:36 . 2010-07-17 11:36 -------- d-----w- c:\program files\Absolute Software
2010-07-17 11:35 . 2010-07-17 11:35 29184 ----a-w- c:\windows\system32\CtLoJack.dll
2010-07-12 16:52 . 2010-07-16 10:49 49584 ----a-w- c:\windows\system32\AbtSvcHost_.exe
2010-07-12 16:52 . 2010-07-12 16:52 49584 ----a-w- c:\windows\system32\AbtSvcHost.exe
2010-06-30 08:06 . 2008-06-23 05:02 -------- d-----w- c:\program files\Microsoft.NET
2010-06-28 16:17 . 2010-08-16 03:29 833024 ----a-w- c:\windows\system32\wininet.dll
2010-06-28 16:13 . 2010-08-16 03:29 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-11 15:31 . 2010-08-16 03:29 274432 ----a-w- c:\windows\system32\schannel.dll
2010-05-26 16:16 . 2010-06-11 02:10 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-06-11 02:10 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-11-22 14:55 . 2006-11-22 14:55 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-14 1688872]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-20 815104]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c994c7ef977a09;Google Update Service (gupdate1c994c7ef977a09);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 133104]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2007-03-20 28672]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20091217.001\IDSvix86.sys [2009-11-20 286768]
S2 AbtSvcHost;AbtSvcHost;c:\windows\system32\AbtSvcHost_.exe [2010-07-12 49584]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe [2009-12-04 103280]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe [2009-08-24 126392]
S2 servlnks;servlnks;c:\program files\Windows SSL Transport\servlnks.exe [2008-05-21 9728]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-26 102448]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
2010-08-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-22 22:52]
2010-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 08:31]
2010-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 08:31]
2010-08-18 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - jef.job
- c:\program files\Norton AntiVirus\Navw32.exe [2007-08-27 01:19]
2010-08-23 c:\windows\Tasks\User_Feed_Synchronization-{263FAB15-CC4D-4967-A7FE-99CCF525FEEF}.job
- c:\windows\system32\msfeedssync.exe [2008-06-24 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.Google.com/
uSearchMigratedDefaultURL = hxxp://www.Google.com/
mSearch Bar = hxxp://www.Google.com/
mSearchMigratedDefaultURL = hxxp://www.Google.com/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:55636
uSearchAssistant = hxxp://www.Google.com/
mSearchURL = hxxp://www.Google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\jef\AppData\Roaming\Mozilla\Firefox\Profiles\b0q2csts.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 55636
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-23 14:01
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-08-23 14:08:02
ComboFix-quarantined-files.txt 2010-08-23 19:07
Pre-Run: 24,013,471,744 bytes free
Post-Run: 24,356,462,592 bytes free
- - End Of File - - DE8A023F1043F1EDA3D28E23B0BF5CF4
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
1. Please open Notepad
- Click Start , then Run
- Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:55636
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Save the above as CFScript.txt
4. Physically disconnect from the internet.
5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
6. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.
7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:
- Combofix.txt
Please take note:
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
=========
Please download JavaRa
If you get this message:
Problems with the download? Please use this direct link or try another mirror.
Select the Direct link download unzip it to your Desktop.
Double click JavaRa.exe then click Remove Older Versions.
Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.
Next, open JavaRa.exe again, and select Search For Updates.
Select Update Using Sun Java's Website --> Search, and continue the instructions for downloading and installing the latest Java version. Look for JDK 6 Update 21 (JDK or JRE). On the right select this one Download JRE..
In Vista and Windows 7 run the tool as Administrator.
Edited by crunchie because: n/a
Jef1308 0 Newbie Poster
Everything ran smoothly up until I went to update using the website. I use Firefox and whenever it tries to pull up a webpage I get the message "The Proxy Server is refusing connection." I have the second JavaRa and second CF logs to follow. Also, I am going into work but will check back in tonight when I get off to do whatever else is required to get my laptop back up and running. Thanks in advance for all of the help.
CF log
ComboFix 10-08-22.07 - jef 08/23/2010 16:34:45.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.893.325 [GMT -5:00]
Running from: c:\users\jef\Desktop\ComboFix.exe
Command switches used :: c:\users\jef\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
SP: Norton AntiVirus *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2010-07-23 to 2010-08-23 )))))))))))))))))))))))))))))))
.
2010-08-23 21:51 . 2010-08-23 21:51 -------- d-----w- c:\users\jef\AppData\Local\temp
2010-08-23 21:51 . 2010-08-23 21:51 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-23 21:51 . 2010-08-23 21:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-23 20:07 . 2010-08-23 20:07 -------- d-----w- c:\users\jef\AppData\Local\Absolute_Software
2010-08-22 10:15 . 2010-08-22 10:15 -------- d-----w- c:\users\jef\AppData\Roaming\Malwarebytes
2010-08-22 10:14 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-22 10:14 . 2010-08-22 10:14 -------- d-----w- c:\programdata\Malwarebytes
2010-08-22 10:14 . 2010-08-22 10:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-22 10:14 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-16 03:30 . 2010-05-27 19:16 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-16 03:27 . 2010-06-21 13:18 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-08-16 03:27 . 2010-06-18 16:43 36352 ----a-w- c:\windows\system32\rtutils.dll
2010-08-16 03:27 . 2010-06-08 17:00 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-16 03:27 . 2010-06-08 17:00 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-16 03:27 . 2010-06-11 15:30 1257472 ----a-w- c:\windows\system32\msxml3.dll
2010-08-16 03:26 . 2010-06-18 14:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-16 03:26 . 2010-06-18 14:43 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-16 03:25 . 2010-06-16 15:59 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-23 18:24 . 2008-06-21 01:29 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-08-23 18:24 . 2008-06-21 01:19 57752 ----a-w- c:\windows\system32\rpcnet.dll
2010-08-23 14:47 . 2009-02-22 08:30 -------- d-----w- c:\programdata\Google Updater
2010-08-22 20:41 . 2009-06-24 00:40 -------- d-----w- c:\program files\WeFiBar
2010-08-18 08:10 . 2008-06-23 04:52 -------- d-----w- c:\programdata\Microsoft Help
2010-08-18 08:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-17 11:36 . 2010-07-17 11:36 -------- d-----w- c:\program files\Absolute Software
2010-07-17 11:35 . 2010-07-17 11:35 29184 ----a-w- c:\windows\system32\CtLoJack.dll
2010-07-12 16:52 . 2010-07-16 10:49 49584 ----a-w- c:\windows\system32\AbtSvcHost_.exe
2010-07-12 16:52 . 2010-07-12 16:52 49584 ----a-w- c:\windows\system32\AbtSvcHost.exe
2010-06-30 08:06 . 2008-06-23 05:02 -------- d-----w- c:\program files\Microsoft.NET
2010-06-28 16:17 . 2010-08-16 03:29 833024 ----a-w- c:\windows\system32\wininet.dll
2010-06-28 16:13 . 2010-08-16 03:29 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-11 15:31 . 2010-08-16 03:29 274432 ----a-w- c:\windows\system32\schannel.dll
2010-05-26 16:16 . 2010-06-11 02:10 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-06-11 02:10 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-11-22 14:55 . 2006-11-22 14:55 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-14 1688872]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-20 815104]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c994c7ef977a09;Google Update Service (gupdate1c994c7ef977a09);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 133104]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2007-03-20 28672]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20091217.001\IDSvix86.sys [2009-11-20 286768]
S2 AbtSvcHost;AbtSvcHost;c:\windows\system32\AbtSvcHost_.exe [2010-07-12 49584]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe [2009-12-04 103280]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe [2009-08-24 126392]
S2 servlnks;servlnks;c:\program files\Windows SSL Transport\servlnks.exe [2008-05-21 9728]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-26 102448]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
2010-08-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-22 22:52]
2010-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 08:31]
2010-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 08:31]
2010-08-18 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - jef.job
- c:\program files\Norton AntiVirus\Navw32.exe [2007-08-27 01:19]
2010-08-23 c:\windows\Tasks\User_Feed_Synchronization-{263FAB15-CC4D-4967-A7FE-99CCF525FEEF}.job
- c:\windows\system32\msfeedssync.exe [2008-06-24 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.Google.com/
uSearchMigratedDefaultURL = hxxp://www.Google.com/
mSearch Bar = hxxp://www.Google.com/
mSearchMigratedDefaultURL = hxxp://www.Google.com/
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.Google.com/
mSearchURL = hxxp://www.Google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\jef\AppData\Roaming\Mozilla\Firefox\Profiles\b0q2csts.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 55636
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-23 16:51
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-08-23 16:57:45
ComboFix-quarantined-files.txt 2010-08-23 21:57
ComboFix2.txt 2010-08-23 19:08
Pre-Run: 24,359,923,712 bytes free
Post-Run: 24,125,497,344 bytes free
- - End Of File - - 47485A6C14789050C77FF176A4525A93
JavaRa
JavaRa 1.16 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Mon Aug 23 17:15:08 2010
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610007
Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610007
Found and removed: SOFTWARE\Classes\JavaPlugin.160_07
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07
Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610007
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
Found and removed: Software\Classes\JavaPlugin.160_07
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_07
Found and removed: Software\JavaSoft\Java2D\1.6.0_07
Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_07
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
------------------------------------
Finished reporting.
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
1. Please open Notepad
- Click Start , then Run
- Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
DDS::
FF - prefs.js: network.proxy.http_port - 55636
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Save the above as CFScript.txt
4. Physically disconnect from the internet.
5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
6. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.
7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:
- Combofix.txt
Please take note:
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
=============
Can you connect with FF now?
Edited by crunchie because: n/a
Jef1308 0 Newbie Poster
No, still no connection. It's not just FF either, my IE can't connect as well. CF logs to follow. Can you tell if my Antivirus is causing the problem? I have tried disabling everything I can find but it still gives me the prompt that I have software running. Would uninstalling it do the trick?
CF
ComboFix 10-08-22.07 - jef 08/23/2010 23:29:25.3.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.893.260 [GMT -5:00]
Running from: c:\users\jef\Desktop\ComboFix.exe
Command switches used :: c:\users\jef\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
SP: Norton AntiVirus *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2010-07-24 to 2010-08-24 )))))))))))))))))))))))))))))))
.
2010-08-24 04:47 . 2010-08-24 04:47 -------- d-----w- c:\users\jef\AppData\Local\temp
2010-08-24 04:47 . 2010-08-24 04:47 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-24 04:47 . 2010-08-24 04:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-23 20:07 . 2010-08-23 20:07 -------- d-----w- c:\users\jef\AppData\Local\Absolute_Software
2010-08-22 10:15 . 2010-08-22 10:15 -------- d-----w- c:\users\jef\AppData\Roaming\Malwarebytes
2010-08-22 10:14 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-22 10:14 . 2010-08-22 10:14 -------- d-----w- c:\programdata\Malwarebytes
2010-08-22 10:14 . 2010-08-22 10:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-22 10:14 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-16 03:30 . 2010-05-27 19:16 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-16 03:27 . 2010-06-21 13:18 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-08-16 03:27 . 2010-06-18 16:43 36352 ----a-w- c:\windows\system32\rtutils.dll
2010-08-16 03:27 . 2010-06-08 17:00 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-16 03:27 . 2010-06-08 17:00 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-16 03:27 . 2010-06-11 15:30 1257472 ----a-w- c:\windows\system32\msxml3.dll
2010-08-16 03:26 . 2010-06-18 14:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-16 03:26 . 2010-06-18 14:43 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-16 03:25 . 2010-06-16 15:59 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-24 04:17 . 2008-06-21 01:29 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-08-24 04:17 . 2008-06-21 01:19 57752 ----a-w- c:\windows\system32\rpcnet.dll
2010-08-23 14:47 . 2009-02-22 08:30 -------- d-----w- c:\programdata\Google Updater
2010-08-22 20:41 . 2009-06-24 00:40 -------- d-----w- c:\program files\WeFiBar
2010-08-18 08:10 . 2008-06-23 04:52 -------- d-----w- c:\programdata\Microsoft Help
2010-08-18 08:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-17 11:36 . 2010-07-17 11:36 -------- d-----w- c:\program files\Absolute Software
2010-07-17 11:35 . 2010-07-17 11:35 29184 ----a-w- c:\windows\system32\CtLoJack.dll
2010-07-12 16:52 . 2010-07-16 10:49 49584 ----a-w- c:\windows\system32\AbtSvcHost_.exe
2010-07-12 16:52 . 2010-07-12 16:52 49584 ----a-w- c:\windows\system32\AbtSvcHost.exe
2010-06-30 08:06 . 2008-06-23 05:02 -------- d-----w- c:\program files\Microsoft.NET
2010-06-28 16:17 . 2010-08-16 03:29 833024 ----a-w- c:\windows\system32\wininet.dll
2010-06-28 16:13 . 2010-08-16 03:29 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-11 15:31 . 2010-08-16 03:29 274432 ----a-w- c:\windows\system32\schannel.dll
2010-05-26 16:16 . 2010-06-11 02:10 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-06-11 02:10 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-11-22 14:55 . 2006-11-22 14:55 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-14 1688872]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-20 815104]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c994c7ef977a09;Google Update Service (gupdate1c994c7ef977a09);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 133104]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2007-03-20 28672]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20091217.001\IDSvix86.sys [2009-11-20 286768]
S2 AbtSvcHost;AbtSvcHost;c:\windows\system32\AbtSvcHost_.exe [2010-07-12 49584]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe [2009-12-04 103280]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe [2009-08-24 126392]
S2 servlnks;servlnks;c:\program files\Windows SSL Transport\servlnks.exe [2008-05-21 9728]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-26 102448]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
2010-08-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-22 22:52]
2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 08:31]
2010-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 08:31]
2010-08-18 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - jef.job
- c:\program files\Norton AntiVirus\Navw32.exe [2007-08-27 01:19]
2010-08-23 c:\windows\Tasks\User_Feed_Synchronization-{263FAB15-CC4D-4967-A7FE-99CCF525FEEF}.job
- c:\windows\system32\msfeedssync.exe [2008-06-24 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.Google.com/
uSearchMigratedDefaultURL = hxxp://www.Google.com/
mSearch Bar = hxxp://www.Google.com/
mSearchMigratedDefaultURL = hxxp://www.Google.com/
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.Google.com/
mSearchURL = hxxp://www.Google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\jef\AppData\Roaming\Mozilla\Firefox\Profiles\b0q2csts.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 55636
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-23 23:47
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-08-23 23:53:23
ComboFix-quarantined-files.txt 2010-08-24 04:53
ComboFix2.txt 2010-08-23 21:57
ComboFix3.txt 2010-08-23 19:08
Pre-Run: 23,907,917,824 bytes free
Post-Run: 23,920,898,048 bytes free
- - End Of File - - 70BC4B7D816BFA4AE80677CE0E34366F
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Have you tried going into Internet Options and checking the proxy settings? Make sure no proxy is set.
Which program are you talking about uninstalling?
Jef1308 0 Newbie Poster
Norton Antivirus. Everytime I run CF it says there is still a realtime scanner enabled and I can't seem to find it to disable it so I thought uninstalling might be the best bet.
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Norton has certainly caused such problems in the past and the only way to definitely find out would be to uninstall it. Personally, I wouldn't have it on my PC :).
Jef1308 0 Newbie Poster
Sorry, that was exactly the problem. Now my FF and IE are both back up and running. Also, I updated to the latest version of Java. Is there anything else I need to do to finish getting my computer straightened out?
Oh and disregard the uninstalling thing. I thought my antivirus software was prohibiting CF to do its thing. Apparently it did what it was suppose to do anyway.
Jef1308 0 Newbie Poster
Ah I never noticed the second page of this forum, so I didn't see that message until I replied. Anyway, I will probably uninstall it because my school gave me a copy of Symnatec, or whatever it is called.
I believe you have fixed everything I had a problem with though. Thanks a ton, I am forever indebted to you.
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Remember that Symantec is Norton :).
To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC by OldTimer:
Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.
Jef1308 0 Newbie Poster
Alright, OTC has been ran and everything was removed. Thanks again for all of your help.
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
No worries :).
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.