Jump to content

Shields

Members
  • Posts

    5
  • Joined

  • Last visited

Reputation

0 Neutral
  1. ComboFix 12-12-30.01 - Gregg Shields 12/31/2012 2:01.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.1587 [GMT -6:00] Running from: c:\documents and settings\Gregg Shields\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\7q4da2444o4nswy c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\SPL149.tmp c:\documents and settings\All Users\SPL18B.tmp c:\documents and settings\All Users\SPL5.tmp c:\documents and settings\All Users\SPL50.tmp c:\documents and settings\All Users\SPL6.tmp c:\documents and settings\All Users\SPL64.tmp c:\documents and settings\All Users\SPL7.tmp c:\documents and settings\Gregg Shields\Application Data\.# c:\documents and settings\Gregg Shields\awt43abr.exe c:\documents and settings\Gregg Shields\g2mdlhlpx.exe c:\documents and settings\Gregg Shields\GoToAssistDownloadHelper.exe c:\documents and settings\Gregg Shields\Local Settings\Application Data\7q4da2444o4nswy c:\program files\iWin Games\iWinGamesHookIE.dll c:\windows\$NtUninstallKB54015$ c:\windows\$NtUninstallKB54015$\520828843 c:\windows\$NtUninstallKB54015$\599585091\@ c:\windows\$NtUninstallKB54015$\599585091\Desktop.ini c:\windows\$NtUninstallKB54015$\599585091\L\00000004.@ c:\windows\$NtUninstallKB54015$\599585091\L\201d3dde c:\windows\$NtUninstallKB54015$\599585091\L\76603ac3 c:\windows\$NtUninstallKB54015$\599585091\L\rohepcid c:\windows\$NtUninstallKB54015$\599585091\U\00000004.@ c:\windows\$NtUninstallKB54015$\599585091\U\00000008.@ c:\windows\$NtUninstallKB54015$\599585091\U\000000cb.@ c:\windows\$NtUninstallKB54015$\599585091\U\80000000.@ c:\windows\$NtUninstallKB54015$\599585091\U\80000032.@ c:\windows\system32\SET113.tmp c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe . Infected copy of c:\windows\system32\drivers\netbt.sys was found and disinfected Restored copy from - The cat found it c:\windows\system32\drivers\i8042prt.sys . . . is missing!! . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_MYWEBSEARCHSERVICE . . ((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-31 ))))))))))))))))))))))))))))))) . . 2012-12-31 07:58 . 2008-04-14 12:00 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys 2012-12-31 07:58 . 2008-04-14 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys 2012-12-30 17:50 . 2012-12-31 00:45 -------- d-----w- c:\documents and settings\Gregg Shields\Application Data\Stand O'Food 3 2012-12-21 19:10 . 2012-12-21 19:10 -------- d-----w- c:\program files\iPod 2012-12-21 19:10 . 2012-12-21 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 2012-12-21 06:07 . 2012-12-27 03:23 -------- d-----w- c:\documents and settings\Gregg Shields\Application Data\Rainbow 2012-12-20 02:20 . 2012-12-20 02:20 -------- d-----w- c:\documents and settings\Gregg Shields\Local Settings\Application Data\Smilebox 2012-12-20 02:19 . 2012-12-28 15:25 -------- d-----w- c:\documents and settings\Gregg Shields\Application Data\Smilebox . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-16 12:23 . 2008-04-25 16:16 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-12-12 15:55 . 2012-04-24 14:54 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-12 15:55 . 2011-07-19 13:18 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-13 11:20 . 2008-04-25 16:16 1875456 ----a-w- c:\windows\system32\win32k.sys 2012-11-02 02:02 . 2008-04-25 16:16 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17 . 2008-04-25 16:16 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17 . 2008-04-25 16:16 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35 . 2008-04-25 16:16 385024 ----a-w- c:\windows\system32\html.iec 2012-10-25 09:12 . 2012-10-25 09:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-10-25 09:12 . 2012-10-25 09:12 69632 ----a-w- c:\windows\system32\QuickTime.qts 2012-10-02 18:04 . 2008-04-25 16:16 58368 ----a-w- c:\windows\system32\synceng.dll 2012-07-04 18:31 . 2011-05-16 02:44 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-24 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "lxdumon.exe"="c:\program files\Lexmark 5600-6600 Series\lxdumon.exe" [2010-02-04 676520] "lxduamon"="c:\program files\Lexmark 5600-6600 Series\lxduamon.exe" [2010-02-04 16040] "Desktop Disc Tool"="c:\program files\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160] "Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544] . c:\documents and settings\Administrator\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\DELL\DellDock\DellDock.exe [2009-12-15 1324384] . c:\documents and settings\Gregg Shields\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\DELL\DellDock\DellDock.exe [2009-12-15 1324384] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-7-23 757760] Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . c:\documents and settings\Default User\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\DELL\DellDock\DellDock.exe [2009-12-15 1324384] Dell Dock.lnk - c:\program files\DELL\DellDock\DellDock.exe [2009-12-15 1324384] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2009-03-04 22:14 57344 ----a-w- c:\windows\ALCMTR.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor] 2009-07-31 20:00 1626112 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2009-03-04 22:29 178712 ----a-w- c:\windows\system32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2009-03-04 22:30 150040 ----a-w- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5600-6600 Series Fax Server] 2010-02-04 05:10 311976 ----a-w- c:\program files\Lexmark 5600-6600 Series\fm3032.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv] 2009-12-29 21:35 140520 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2009-03-04 22:29 150040 ----a-w- c:\windows\system32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-10-25 09:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2009-03-04 22:14 18084864 ----a-w- c:\windows\RTHDCPL.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0604000.009\symds.sys [10/1/2012 6:14 PM 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0604000.009\symefa.sys [10/1/2012 6:14 PM 924320] R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20121106.001\BHDrvx86.sys [10/23/2012 5:34 PM 995488] R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0604000.009\ccsetx86.sys [10/1/2012 6:14 PM 132768] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0604000.009\ironx86.sys [10/1/2012 6:14 PM 149624] R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [10/21/2011 3:23 PM 196176] R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [10/13/2011 5:21 PM 249648] R2 DockLoginService;Dock Login Service;c:\program files\DELL\DellDock\DockLogin.exe [6/9/2009 8:11 AM 155648] R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [7/1/2011 2:01 PM 352248] R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [4/8/2011 9:17 AM 176848] R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?] R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [12/25/2010 4:09 PM 94208] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [6/14/2011 3:57 PM 148520] R2 N360;Norton 360;c:\program files\Norton 360\Engine\6.4.0.9\ccsvchst.exe [10/1/2012 6:14 PM 138272] R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe [1/11/2012 10:53 PM 135608] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/9/2012 12:12 PM 106656] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe --> c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [?] S2 PCCUJobMgr;Common Client Job Manager Service;"c:\program files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe" /s "PCCUJobMgr" /m "c:\program files\Norton PC Checkup\Engine\2.0.17.20\diMaster.dll" /prefetch:1 --> c:\program files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe [?] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [12/20/2010 1:02 PM 16512] S3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [10/12/2010 11:59 AM 206072] S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20121127.001\IDSXpx86.sys [11/28/2012 7:57 AM 373728] S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [5/7/2010 6:36 AM 92008] . Contents of the 'Scheduled Tasks' folder . 2012-12-31 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 15:55] . 2012-12-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57] . 2012-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-24 14:26] . 2012-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-24 14:26] . 2012-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4148726867-3119766015-2641412422-1005Core.job - c:\documents and settings\Gregg Shields\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-01 02:37] . 2012-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4148726867-3119766015-2641412422-1005UA.job - c:\documents and settings\Gregg Shields\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-01 02:37] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local>;*.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 68.238.96.12 FF - ProfilePath - c:\documents and settings\Gregg Shields\Application Data\Mozilla\Firefox\Profiles\chhzo0n6.default\ FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: browser.startup.homepage - www.yahoo.com FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2012-11-04 00:37; {98e34367-8df7-42b4-837b-20b892ff0849}; c:\program files\iWin Games\firefox FF - ExtSQL: !HIDDEN! 2009-11-03 16:19; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - ORPHANS REMOVED - - - - . SafeBoot-mcmscsvc SafeBoot-MCODS MSConfigStartUp-Security Protection - c:\documents and settings\All Users\Application Data\defender.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-12-31 02:18 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360] "ImagePath"="\"c:\program files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.4.0.9\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PCCUJobMgr] "ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.17.20\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(3080) c:\windows\system32\WININET.dll c:\docume~1\GREGGS~1\LOCALS~1\Temp\IadHide5.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\drivers\KodakCCS.exe c:\windows\system32\lxducoms.exe c:\windows\system32\SearchIndexer.exe c:\program files\Lexmark 5600-6600 Series\lxduMsdMon.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\SearchProtocolHost.exe c:\windows\system32\SearchFilterHost.exe . ************************************************************************** . Completion time: 2012-12-31 02:24:19 - machine was rebooted ComboFix-quarantined-files.txt 2012-12-31 08:24 . Pre-Run: 229,879,832,576 bytes free Post-Run: 232,783,548,416 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 37A05D26BF9D62D09ED0C5898662A604 No major problems other than ComboFix kept saying it was taking longer than usual because of the amount of issues it was finding. But I guess that's a good thing! The pop-ups and redirects don't seem to be happening for now. Thank you!
  2. And here's the Rogue Killer Log: RogueKiller V8.4.1 [Dec 28 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Gregg Shields [Admin rights] Mode : Remove -- Date : 12/31/2012 00:28:35 ¤¤¤ Bad processes : 3 ¤¤¤ [DLL] explorer.exe -- C:\WINDOWS\explorer.exe : C:\Documents and Settings\Gregg Shields\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\chrome_frame_helper.dll -> UNLOADED [sUSP PATH] chrome_frame_helper.exe -- C:\Documents and Settings\Gregg Shields\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\chrome_frame_helper.exe -> KILLED [TermProc] [sUSP PATH] SmileboxTray.exe -- C:\Documents and Settings\Gregg Shields\Application Data\Smilebox\SmileboxTray.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 11 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : ChromeFrameHelper ("C:\Documents and Settings\Gregg Shields\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\chrome_frame_helper.exe" --startup) -> DELETED [RUN][sUSP PATH] HKCU\[...]\Run : SmileboxTray ("C:\Documents and Settings\Gregg Shields\Application Data\Smilebox\SmileboxTray.exe") -> DELETED [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED [HJPOL] HKLM\[...]\System : DISABLETASKMGR (0) -> DELETED [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [WALLP] HKCU\[...]\Desktop : Wallpaper (C:\Documents and Settings\Gregg Shields\Local Settings\Application Data\Microsoft\Wallpaper1.bmp) -> REPLACED (C:\WINDOWS\web\wallpaper\Bliss.bmp) [sHELLSPWN] HKLM\[...]\command : ("%1" %*) -> REPLACED ("%1" %*) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ SSDT[12] : NtAlertResumeThread @ 0x805D4C0C -> HOOKED (Unknown @ 0x8A47ABE0) SSDT[13] : NtAlertThread @ 0x805D4BBC -> HOOKED (Unknown @ 0x8A4EDDE8) SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AEE -> HOOKED (Unknown @ 0x8A43C778) SSDT[19] : NtAssignProcessToJobObject @ 0x805D66D0 -> HOOKED (Unknown @ 0x8A4210D8) SSDT[31] : NtConnectPort @ 0x805A4604 -> HOOKED (Unknown @ 0x89C12D90) SSDT[43] : NtCreateMutant @ 0x806176DE -> HOOKED (Unknown @ 0x8A387BA8) SSDT[52] : NtCreateSymbolicLinkObject @ 0x805C3A2E -> HOOKED (Unknown @ 0x8A7459C0) SSDT[53] : NtCreateThread @ 0x805D1068 -> HOOKED (Unknown @ 0x8A450EE0) SSDT[57] : NtDebugActiveProcess @ 0x80643B6E -> HOOKED (Unknown @ 0x8A421110) SSDT[68] : NtDuplicateObject @ 0x805BE03C -> HOOKED (Unknown @ 0x8A613C70) SSDT[83] : NtFreeVirtualMemory @ 0x805B2FE6 -> HOOKED (Unknown @ 0x895F5098) SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9288 -> HOOKED (Unknown @ 0x8A464BC8) SSDT[91] : NtImpersonateThread @ 0x805D7890 -> HOOKED (Unknown @ 0x8A45C968) SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (Unknown @ 0x89D0E858) SSDT[108] : NtMapViewOfSection @ 0x805B206E -> HOOKED (Unknown @ 0x89C42998) SSDT[114] : NtOpenEvent @ 0x8060F09C -> HOOKED (Unknown @ 0x8A4470A8) SSDT[122] : NtOpenProcess @ 0x805CB486 -> HOOKED (Unknown @ 0x895FD278) SSDT[123] : NtOpenProcessToken @ 0x805EDF56 -> HOOKED (Unknown @ 0x8A532438) SSDT[125] : NtOpenSection @ 0x805AA420 -> HOOKED (Unknown @ 0x8A439B58) SSDT[128] : NtOpenThread @ 0x805CB712 -> HOOKED (Unknown @ 0x89C29290) SSDT[137] : NtProtectVirtualMemory @ 0x805B8452 -> HOOKED (Unknown @ 0x8A5524F0) SSDT[206] : NtResumeThread @ 0x805D4A48 -> HOOKED (Unknown @ 0x8A48D390) SSDT[213] : NtSetContextThread @ 0x805D2C4A -> HOOKED (Unknown @ 0x8A533BF8) SSDT[228] : NtSetInformationProcess @ 0x805CDED0 -> HOOKED (Unknown @ 0x8A5ABD80) SSDT[240] : NtSetSystemInformation @ 0x8060FD54 -> HOOKED (Unknown @ 0x8A410B58) SSDT[253] : NtSuspendProcess @ 0x805D4B10 -> HOOKED (Unknown @ 0x8A4517A0) SSDT[254] : NtSuspendThread @ 0x805D4982 -> HOOKED (Unknown @ 0x8A5165E0) SSDT[257] : NtTerminateProcess @ 0x805D2308 -> HOOKED (Unknown @ 0x8A551968) SSDT[258] : NtTerminateThread @ 0x805D2502 -> HOOKED (Unknown @ 0x8A5280A8) SSDT[267] : NtUnmapViewOfSection @ 0x805B2E7C -> HOOKED (Unknown @ 0x8A528B08) SSDT[277] : NtWriteVirtualMemory @ 0x805B4400 -> HOOKED (Unknown @ 0x89790098) S_SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8A38FDB8) S_SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x8A3855B8) S_SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x8A385200) S_SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x8A38E0D0) S_SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x8A4779F0) S_SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x8A3A6C90) S_SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x8A444A90) S_SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x8A435350) S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8A526248) S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8A41CC88) ¤¤¤ Infection : Rogue.AntiSpy-AH ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD3200AAKS-75L9A0 +++++ --- User --- [MBR] b13f3f19a104f9c1ebdd96360509e4aa [bSP] 3b83ad77660a0b1dca762ed603421109 : Dell MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 295204 Mo 2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 604670535 | Size: 9993 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_12312012_02d0028.txt >> RKreport[1]_S_12312012_02d0026.txt ; RKreport[2]_D_12312012_02d0028.txt
  3. AdwCleaner Log: # AdwCleaner v2.104 - Logfile created 12/31/2012 at 00:16:19 # Updated 29/12/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Gregg Shields - DEBBY # Boot Mode : Normal # Running from : C:\Documents and Settings\Gregg Shields\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Documents and Settings\Gregg Shields\Application Data\Mozilla\Firefox\Profiles\chhzo0n6.default\searchplugins\Conduit.xml File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml Folder Deleted : C:\Documents and Settings\All Users\Application Data\iWin Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia Folder Deleted : C:\Documents and Settings\Gregg Shields\Application Data\iWin Folder Deleted : C:\Documents and Settings\Gregg Shields\Application Data\PriceGong Folder Deleted : C:\Documents and Settings\Gregg Shields\Local Settings\Application Data\Conduit Folder Deleted : C:\Documents and Settings\Gregg Shields\Local Settings\Application Data\RealoreStudios Folder Deleted : C:\Program Files\1ClickDownload Folder Deleted : C:\Program Files\Conduit ***** [Registry] ***** Key Deleted : HKCU\Software\1ClickDownload Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\FunWebProducts Key Deleted : HKCU\Software\IGearSettings Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03FEE850-0101-4E9E-B6D4-6FC74D3DB360} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03FEE850-0101-4E9E-B6D4-6FC74D3DB360} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\PriceGong Key Deleted : HKCU\Software\RealoreStudios Key Deleted : HKCU\Software\SmartBar Key Deleted : HKCU\Software\Toolbar Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978} Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3030623 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60F83C46-D768-4511-B445-026781DBBDAC} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{64D4A2F3-8201-4F6C-AEA5-26F1FEEC5067} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03FEE850-0101-4E9E-B6D4-6FC74D3DB360} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6} Key Deleted : HKLM\Software\RealoreStudios Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{03FEE850-0101-4E9E-B6D4-6FC74D3DB360}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03FEE850-0101-4E9E-B6D4-6FC74D3DB360}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03FEE850-0101-4E9E-B6D4-6FC74D3DB360}] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v13.0.1 (en-US) File : C:\Documents and Settings\Gregg Shields\Application Data\Mozilla\Firefox\Profiles\chhzo0n6.default\prefs.js Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search"); Deleted : user_pref("browser.search.defaultthis.engineName", "RealoreStudios Customized Web Search"); Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2412158&Sea[...] -\\ Google Chrome v23.0.1271.97 File : C:\Documents and Settings\Gregg Shields\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences Deleted [l.8] : homepage = "hxxp://isearch.avg.com?cid=%7Bb5dccc13-7ae5-4644-a31f-a0f8bc77c586%7D&mid=d29ddb7[...] Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://isearch.avg.com?cid=%7Bb5dccc13-7ae5-4644-a31f-a0f8[...] Deleted [l.117] : homepage = "hxxp://isearch.avg.com?cid=%7Bb5dccc13-7ae5-4644-a31f-a0f8bc77c586%7D&mid=d29ddb76bb[...] Deleted [l.390] : urls_to_restore_on_startup = [ "hxxp://isearch.avg.com?cid=%7Bb5dccc13-7ae5-4644-a31f-a0f8bc7[...] ************************* AdwCleaner[s1].txt - [7786 octets] - [31/12/2012 00:16:19] ########## EOF - C:\AdwCleaner[s1].txt - [7846 octets] ##########
  4. DeFogger Log: defogger_disable by jpshortstuff (23.02.10.1) Log created at 23:04 on 30/12/2012 (Gregg Shields) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Security Check Log: Results of screen317's Security Check version 0.99.7 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Security Center service is not running! This report may not be accurate! Norton 360 Antivirus out of date! (On Access scanning disabled!) ``````````````````````````````` Anti-malware/Other Utilities Check: CCleaner Java 6 Update 17 Out of date Java installed! Adobe Reader 9.5.2 Out of date Adobe Reader installed! Mozilla Firefox (x86 en-US..) Firefox Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent Norton ccSvcHst.exe ``````````End of Log```````````` The DDS Logs: Attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 5/21/2010 9:13:54 PM System Uptime: 12/30/2012 10:34:31 PM (1 hours ago) . Motherboard: Dell Inc. | | 0U880P Processor: Pentium® Dual-Core CPU E5400 @ 2.70GHz | CPU 1 | 1184/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 288 GiB total, 212.262 GiB free. D: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable J: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP475: 9/30/2012 9:10:22 AM - System Checkpoint RP476: 10/1/2012 5:16:13 PM - System Checkpoint RP477: 10/3/2012 8:11:41 AM - System Checkpoint RP478: 10/4/2012 5:25:36 PM - System Checkpoint RP479: 10/5/2012 6:40:57 PM - System Checkpoint RP480: 10/6/2012 9:26:12 PM - System Checkpoint RP481: 10/8/2012 1:09:18 AM - System Checkpoint RP482: 10/9/2012 4:14:13 AM - System Checkpoint RP483: 10/10/2012 3:00:23 AM - Software Distribution Service 3.0 RP484: 10/11/2012 3:02:17 AM - System Checkpoint RP485: 10/12/2012 5:44:53 AM - System Checkpoint RP486: 10/13/2012 8:52:31 AM - System Checkpoint RP487: 10/14/2012 10:36:09 AM - System Checkpoint RP488: 10/15/2012 11:24:19 AM - System Checkpoint RP489: 10/16/2012 12:45:08 PM - System Checkpoint RP490: 10/17/2012 1:32:58 PM - System Checkpoint RP491: 10/18/2012 2:04:48 PM - System Checkpoint RP492: 10/19/2012 10:58:11 PM - System Checkpoint RP493: 10/21/2012 4:02:49 AM - System Checkpoint RP494: 10/22/2012 7:04:52 AM - System Checkpoint RP495: 10/23/2012 7:56:59 AM - System Checkpoint RP496: 10/24/2012 12:43:14 PM - System Checkpoint RP497: 10/25/2012 12:58:16 PM - System Checkpoint RP498: 10/26/2012 6:43:56 PM - System Checkpoint RP499: 10/27/2012 7:43:39 PM - System Checkpoint RP500: 10/28/2012 9:14:00 PM - System Checkpoint RP501: 10/29/2012 11:37:57 PM - System Checkpoint RP502: 10/30/2012 11:56:48 PM - System Checkpoint RP503: 11/1/2012 1:18:38 AM - System Checkpoint RP504: 11/2/2012 4:04:23 PM - System Checkpoint RP505: 11/3/2012 7:08:49 PM - System Checkpoint RP506: 11/5/2012 5:25:32 AM - System Checkpoint RP507: 11/6/2012 5:48:06 AM - System Checkpoint RP508: 11/7/2012 6:14:20 AM - System Checkpoint RP509: 11/8/2012 8:02:24 AM - System Checkpoint RP510: 11/9/2012 9:05:51 AM - System Checkpoint RP511: 11/10/2012 10:08:34 AM - System Checkpoint RP512: 11/11/2012 1:58:57 PM - System Checkpoint RP513: 11/12/2012 5:16:06 PM - System Checkpoint RP514: 11/13/2012 6:23:07 PM - System Checkpoint RP515: 11/15/2012 10:56:25 AM - System Checkpoint RP516: 11/16/2012 3:00:28 AM - Software Distribution Service 3.0 RP517: 11/17/2012 3:42:36 AM - System Checkpoint RP518: 11/18/2012 6:05:53 AM - System Checkpoint RP519: 11/19/2012 11:08:17 AM - System Checkpoint RP520: 11/20/2012 1:10:45 PM - System Checkpoint RP521: 11/21/2012 3:07:45 PM - System Checkpoint RP522: 11/26/2012 2:13:44 PM - System Checkpoint RP523: 11/27/2012 2:55:15 PM - System Checkpoint RP524: 11/28/2012 5:14:20 PM - System Checkpoint RP525: 11/29/2012 8:40:35 PM - System Checkpoint RP526: 11/30/2012 9:54:54 PM - System Checkpoint RP527: 12/2/2012 1:27:13 AM - System Checkpoint RP528: 12/3/2012 2:43:47 AM - System Checkpoint RP529: 12/4/2012 4:40:15 AM - System Checkpoint RP530: 12/5/2012 3:09:10 PM - System Checkpoint RP531: 12/6/2012 4:11:23 PM - System Checkpoint RP532: 12/7/2012 5:55:03 PM - System Checkpoint RP533: 12/8/2012 9:09:02 PM - System Checkpoint RP534: 12/9/2012 10:45:38 AM - Removed Vz In Home Agent. RP535: 12/9/2012 10:45:59 AM - Installed Vz In Home Agent. RP536: 12/10/2012 12:06:49 PM - System Checkpoint RP537: 12/11/2012 1:58:58 PM - System Checkpoint RP538: 12/12/2012 3:23:33 PM - System Checkpoint RP539: 12/13/2012 3:00:16 AM - Software Distribution Service 3.0 RP540: 12/14/2012 3:54:26 AM - System Checkpoint RP541: 12/15/2012 4:20:25 AM - System Checkpoint RP542: 12/16/2012 7:05:14 AM - System Checkpoint RP543: 12/17/2012 7:36:26 AM - System Checkpoint RP544: 12/18/2012 8:42:29 AM - System Checkpoint RP545: 12/19/2012 12:29:53 PM - System Checkpoint RP546: 12/20/2012 12:43:53 PM - System Checkpoint RP547: 12/21/2012 7:15:27 AM - Software Distribution Service 3.0 RP548: 12/22/2012 7:58:07 AM - System Checkpoint RP549: 12/23/2012 11:40:53 AM - System Checkpoint RP550: 12/24/2012 1:52:26 PM - System Checkpoint RP551: 12/25/2012 2:54:47 PM - System Checkpoint RP552: 12/26/2012 3:06:37 PM - System Checkpoint RP553: 12/27/2012 9:17:30 PM - System Checkpoint . ==== Installed Programs ====================== . ABBYY FineReader 6.0 Sprint Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.5.2 Apple Application Support Apple Mobile Device Support Apple Software Update Audacity 1.2.6 Big Fish Games: Game Manager Bing Bar Bonjour CardRd81 CCHelp CCleaner CCScore Compatibility Pack for the 2007 Office system Consumer In-Home Service Agreement Coupon Printer for Windows CR2 Dell DataSafe Online Dell Dock Dell Driver Reset Tool Dell System Restore DriverBoost ESSAdpt ESSANUP ESSBrwr ESSCAM ESSCDBK ESScore ESSCT ESSEMAIL ESSgui ESShelp ESSini ESSPCD ESSPDock ESSSONIC ESSTUTOR ESSvpaht ESSvpot Free DVD Ripper Version 2.25 Google Chrome Google Chrome Frame Google Toolbar for Internet Explorer Google Update Helper GoToMeeting 5.1.0.880 HLPCCTR HLPIndex HLPPDOCK HLPSFO Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB2779562) Hotfix for Windows XP (KB915800-v4) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB953955) Hotfix for Windows XP (KB954434) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB954708) Hotfix for Windows XP (KB958347) Hotfix for Windows XP (KB959252) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB968764) Hotfix for Windows XP (KB969084) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) IHA_MessageCenter Intel® Graphics Media Accelerator Driver iTunes iWin Games (remove only) Java 6 Update 17 Junk Mail filter update Kodak EasyShare software KSU Lexmark 5600-6600 Series Lexmark Printable Web Lexmark Toolbar Lexmark Tools for Office Malwarebytes Anti-Malware version 1.65.1.1000 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Live Add-in 1.5 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works MobileMe Control Panel Mozilla Firefox 13.0.1 (x86 en-US) Mozilla Maintenance Service MSN MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB973685) MSXML 6.0 Parser (KB927977) Music Rescue Norton 360 Norton PC Checkup Notifier OfotoXMI OGA Notifier 2.0.0048.0 OTtBP OTtBPSDK PCDLNCH Plants vs. Zombies PowerDVD DX QuickTime Realtek High Definition Audio Driver Roxio Burn Safari Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB2761465) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Search 4 - KB963093 Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2483614) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2491683) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB2753842-v2) Security Update for Windows XP (KB2753842) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2779030) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB963027) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969897) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972260) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB976325) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Segoe UI SFR SFR2 Shop-n-Spree: Shopping Paradise Smilebox Stand O'Food 3 Stand O Food 3 (remove only) TomTom HOME 2.7.4.1962 TomTom HOME Visual Studio Merge Modules Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB980182) Update for Windows Internet Explorer 8 (KB982632) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB898461) Update for Windows XP (KB951618-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB961503) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update for Windows XP (KB978207) Update for Windows XP (KB980182) Update Installer for WildTangent Games App VCAMCEN VoiceOver Kit VPRINTOL Vz In Home Agent WebEx WebFldrs XP WildTangent Games WildTangent Games App Windows Genuine Advantage Notifications (KB905474) Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer Windows Management Framework Core Windows Media Format 11 runtime Windows Media Player 11 Windows Presentation Foundation Windows Search 4.0 XML Paper Specification Shared Components Pack 1.0 . ==== Event Viewer Messages From Past Week ======== . 12/29/2012 3:37:19 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found. 12/29/2012 1:50:27 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 12/29/2012 1:50:27 PM, error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the path specified. 12/29/2012 1:50:27 PM, error: Service Control Manager [7000] - The Common Client Job Manager Service service failed to start due to the following error: The system cannot find the file specified. . ==== End Of File =========================== DDS.txt: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 Run by Gregg Shields at 23:09:03 on 2012-12-30 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.561 [GMT -6:00] . AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} FW: Norton 360 *Disabled* . ============== Running Processes ================ . C:\Program Files\Dell\DellDock\DockLogin.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Dell\DellDock\DellDock.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe C:\Program Files\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\Gregg Shields\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\chrome_frame_helper.exe C:\Documents and Settings\Gregg Shields\Application Data\Smilebox\SmileboxTray.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe C:\Program Files\iWin Games\iWinTrusted.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxduserv.exe C:\WINDOWS\system32\lxducoms.exe C:\WINDOWS\system32\mfevtps.exe C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Gregg Shields\Desktop\Defogger.exe C:\Documents and Settings\Gregg Shields\Desktop\SecurityCheck.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchFilterHost.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k HTTPFilter . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ uSearch Bar = hxxp://www.bing.com/sphome.aspx uSearch Page = http://www.bing.com uInternet Connection Wizard,ShellNext = iexplore uProxyOverride = <local>;*.local mSearchAssistant = hxxp://www.bing.com/sphome.aspx uURLSearchHooks: {03fee850-0101-4e9e-b6d4-6fc74d3db360} - <orphaned> BHO: {03fee850-0101-4e9e-b6d4-6fc74d3db360} - <orphaned> BHO: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\6.4.0.9\coieplg.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\6.4.0.9\ips\ipsbho.dll BHO: IEHlprObj Class: {8CA5ED52-F3FB-4414-A105-2E3491156990} - c:\program files\iwin games\iWinGamesHookIE.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll BHO: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - c:\program files\lexmark printable web\bho.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\6.4.0.9\coieplg.dll TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\6.4.0.9\coieplg.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Google Update] "c:\documents and settings\gregg shields\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [ChromeFrameHelper] "c:\documents and settings\gregg shields\local settings\application data\google\chrome\application\23.0.1271.97\chrome_frame_helper.exe" --startup uRun: [smileboxTray] "c:\documents and settings\gregg shields\application data\smilebox\SmileboxTray.exe" mRun: [lxdumon.exe] "c:\program files\lexmark 5600-6600 series\lxdumon.exe" mRun: [lxduamon] "c:\program files\lexmark 5600-6600 series\lxduamon.exe" mRun: [Desktop Disc Tool] "c:\program files\roxio\roxio burn\RoxioBurnLauncher.exe" mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" StartupFolder: c:\docume~1\greggs~1\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:323 uPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 IE: &Search - http://tbedits.radiorage.com/one-toolbaredits/menusearch.jhtml?s=100000486&p2=^ZX^xdm003^S02516^us&si=CNmioPWUk7ICFWd-TAod01AAKg&a=0E497693-7B9E-4348-8731-E3B8E7E30149&n=2012083120&cv=1 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe LSP: mswsock.dll DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Burger%20Bustle/Images/stg_drm.ocx DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Burger%20Bustle/Images/armhelper.ocx DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://vocus.webex.com/client/T27LC/webex/ieatgpc.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 192.168.1.1 68.238.96.12 TCP: Interfaces\{84CF5CA3-01E7-49F1-899D-BBFD79990BE2} : DHCPNameServer = 192.168.1.1 68.238.96.12 Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\documents and settings\gregg shields\local settings\application data\google\chrome\application\23.0.1271.97\npchrome_frame.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\gregg shields\application data\mozilla\firefox\profiles\chhzo0n6.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2412158&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: browser.startup.homepage - www.yahoo.com FF - prefs.js: network.proxy.type - 0 FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - plugin: c:\documents and settings\gregg shields\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\7\NP_wtapp.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll FF - ExtSQL: 2012-11-04 00:37; {98e34367-8df7-42b4-837b-20b892ff0849}; c:\program files\iwin games\firefox FF - ExtSQL: !HIDDEN! 2009-11-03 16:19; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-13 459728] R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0604000.009\symds.sys [2012-10-1 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0604000.009\symefa.sys [2012-10-1 924320] R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\bashdefs\20121106.001\BHDrvx86.sys [2012-10-23 995488] R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0604000.009\ccsetx86.sys [2012-10-1 132768] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0604000.009\ironx86.sys [2012-10-1 149624] R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648] R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2009-6-9 155648] R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-7-1 352248] R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2011-4-8 176848] R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?] R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [2010-12-25 94208] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-6-14 148520] R2 N360;Norton 360;c:\program files\norton 360\engine\6.4.0.9\ccsvchst.exe [2012-10-1 138272] R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.17.20\SymcPCCULaunchSvc.exe [2012-1-11 135608] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-9 106656] S2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe --> c:\progra~1\mcafee\sitead~1\mcsacore.exe [?] S2 PCCUJobMgr;Common Client Job Manager Service;"c:\program files\norton pc checkup\engine\2.0.17.20\ccsvchst.exe" /s "pccujobmgr" /m "c:\program files\norton pc checkup\engine\2.0.17.20\dimaster.dll" /prefetch:1 --> c:\program files\norton pc checkup\engine\2.0.17.20\ccSvcHst.exe [?] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-12-20 16512] S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072] S3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\ipsdefs\20121127.001\IDSXpx86.sys [2012-11-28 373728] S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\virusdefs\20121128.003\NAVENG.SYS [2012-11-28 92704] S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\virusdefs\20121128.003\NAVEX15.SYS [2012-11-28 1601184] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-25 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-5-7 92008] . =============== File Associations =============== . ShellExec: EasyShare.exe: Preview="c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe" . =============== Created Last 30 ================ . 2012-12-30 17:50:34 -------- d-----w- c:\documents and settings\gregg shields\application data\Stand O'Food 3 2012-12-28 21:47:57 123392 ----a-w- c:\documents and settings\gregg shields\awt43abr.exe 2012-12-21 19:10:40 -------- d-----w- c:\program files\iPod 2012-12-21 19:10:38 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1 2012-12-21 06:07:18 -------- d-----w- c:\documents and settings\gregg shields\application data\Rainbow 2012-12-20 02:20:03 -------- d-----w- c:\documents and settings\gregg shields\local settings\application data\Smilebox 2012-12-20 02:19:28 -------- d-----w- c:\documents and settings\gregg shields\application data\Smilebox . ==================== Find3M ==================== . 2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-12-12 15:55:34 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-12 15:55:34 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-13 11:20:36 1875456 ----a-w- c:\windows\system32\win32k.sys 2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec 2012-10-25 09:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-10-25 09:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts 2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll . ============= FINISH: 23:10:36.48 ===============
  5. I have a redirect virus involving all search engines, most of the time redirecting to "Live Search Now." Nothing found on quick scan, though. Below are the MBAM logs: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.27.09 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Gregg Shields :: DEBBY [administrator] 12/30/2012 10:37:09 PM mbam-log-2012-12-30 (22-37-09).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 250607 Time elapsed: 19 minute(s), 52 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.