Sign in to follow this  
Followers 0
Shields

Live Search Now Redirect Virus

12 posts in this topic

I have a redirect virus involving all search engines, most of the time redirecting to "Live Search Now."

Nothing found on quick scan, though.

Below are the MBAM logs:

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.27.09

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Gregg Shields :: DEBBY [administrator]

12/30/2012 10:37:09 PM

mbam-log-2012-12-30 (22-37-09).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 250607

Time elapsed: 19 minute(s), 52 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

Hello

I need to get some reports to get a base to start from so I need you to run these programs first.

-DeFogger-

  • Please download
DeFogger to your desktop.
Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK

Do not re-enable these drivers until otherwise instructed.

-Security Check-

  • Download Security Check by screen317 from
here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:
    dds_scr.gif
    Download DDS and save it to your desktop
Link1
Link2
Link3
  • Double-Click on dds.scr and a command window will appear. This is normal.
  • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt

    [*]A window will open instructing you save & post the logs

    [*]Save the logs to a convenient place such as your desktop

    [*]Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following
  1. both reports from DDS
  2. report from security check
  3. let me know of any problems you may have had

Gringo

Share this post


Link to post
Share on other sites

DeFogger Log:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 23:04 on 30/12/2012 (Gregg Shields)

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

Security Check Log:

Results of screen317's Security Check version 0.99.7

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!

Norton 360

Antivirus out of date! (On Access scanning disabled!)

```````````````````````````````

Anti-malware/Other Utilities Check:

CCleaner

Java 6 Update 17

Out of date Java installed!

Adobe Reader 9.5.2

Out of date Adobe Reader installed!

Mozilla Firefox (x86 en-US..) Firefox Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Norton ccSvcHst.exe

``````````End of Log````````````

The DDS Logs:

Attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 5/21/2010 9:13:54 PM

System Uptime: 12/30/2012 10:34:31 PM (1 hours ago)

.

Motherboard: Dell Inc. | | 0U880P

Processor: Pentium® Dual-Core CPU E5400 @ 2.70GHz | CPU 1 | 1184/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 288 GiB total, 212.262 GiB free.

D: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP475: 9/30/2012 9:10:22 AM - System Checkpoint

RP476: 10/1/2012 5:16:13 PM - System Checkpoint

RP477: 10/3/2012 8:11:41 AM - System Checkpoint

RP478: 10/4/2012 5:25:36 PM - System Checkpoint

RP479: 10/5/2012 6:40:57 PM - System Checkpoint

RP480: 10/6/2012 9:26:12 PM - System Checkpoint

RP481: 10/8/2012 1:09:18 AM - System Checkpoint

RP482: 10/9/2012 4:14:13 AM - System Checkpoint

RP483: 10/10/2012 3:00:23 AM - Software Distribution Service 3.0

RP484: 10/11/2012 3:02:17 AM - System Checkpoint

RP485: 10/12/2012 5:44:53 AM - System Checkpoint

RP486: 10/13/2012 8:52:31 AM - System Checkpoint

RP487: 10/14/2012 10:36:09 AM - System Checkpoint

RP488: 10/15/2012 11:24:19 AM - System Checkpoint

RP489: 10/16/2012 12:45:08 PM - System Checkpoint

RP490: 10/17/2012 1:32:58 PM - System Checkpoint

RP491: 10/18/2012 2:04:48 PM - System Checkpoint

RP492: 10/19/2012 10:58:11 PM - System Checkpoint

RP493: 10/21/2012 4:02:49 AM - System Checkpoint

RP494: 10/22/2012 7:04:52 AM - System Checkpoint

RP495: 10/23/2012 7:56:59 AM - System Checkpoint

RP496: 10/24/2012 12:43:14 PM - System Checkpoint

RP497: 10/25/2012 12:58:16 PM - System Checkpoint

RP498: 10/26/2012 6:43:56 PM - System Checkpoint

RP499: 10/27/2012 7:43:39 PM - System Checkpoint

RP500: 10/28/2012 9:14:00 PM - System Checkpoint

RP501: 10/29/2012 11:37:57 PM - System Checkpoint

RP502: 10/30/2012 11:56:48 PM - System Checkpoint

RP503: 11/1/2012 1:18:38 AM - System Checkpoint

RP504: 11/2/2012 4:04:23 PM - System Checkpoint

RP505: 11/3/2012 7:08:49 PM - System Checkpoint

RP506: 11/5/2012 5:25:32 AM - System Checkpoint

RP507: 11/6/2012 5:48:06 AM - System Checkpoint

RP508: 11/7/2012 6:14:20 AM - System Checkpoint

RP509: 11/8/2012 8:02:24 AM - System Checkpoint

RP510: 11/9/2012 9:05:51 AM - System Checkpoint

RP511: 11/10/2012 10:08:34 AM - System Checkpoint

RP512: 11/11/2012 1:58:57 PM - System Checkpoint

RP513: 11/12/2012 5:16:06 PM - System Checkpoint

RP514: 11/13/2012 6:23:07 PM - System Checkpoint

RP515: 11/15/2012 10:56:25 AM - System Checkpoint

RP516: 11/16/2012 3:00:28 AM - Software Distribution Service 3.0

RP517: 11/17/2012 3:42:36 AM - System Checkpoint

RP518: 11/18/2012 6:05:53 AM - System Checkpoint

RP519: 11/19/2012 11:08:17 AM - System Checkpoint

RP520: 11/20/2012 1:10:45 PM - System Checkpoint

RP521: 11/21/2012 3:07:45 PM - System Checkpoint

RP522: 11/26/2012 2:13:44 PM - System Checkpoint

RP523: 11/27/2012 2:55:15 PM - System Checkpoint

RP524: 11/28/2012 5:14:20 PM - System Checkpoint

RP525: 11/29/2012 8:40:35 PM - System Checkpoint

RP526: 11/30/2012 9:54:54 PM - System Checkpoint

RP527: 12/2/2012 1:27:13 AM - System Checkpoint

RP528: 12/3/2012 2:43:47 AM - System Checkpoint

RP529: 12/4/2012 4:40:15 AM - System Checkpoint

RP530: 12/5/2012 3:09:10 PM - System Checkpoint

RP531: 12/6/2012 4:11:23 PM - System Checkpoint

RP532: 12/7/2012 5:55:03 PM - System Checkpoint

RP533: 12/8/2012 9:09:02 PM - System Checkpoint

RP534: 12/9/2012 10:45:38 AM - Removed Vz In Home Agent.

RP535: 12/9/2012 10:45:59 AM - Installed Vz In Home Agent.

RP536: 12/10/2012 12:06:49 PM - System Checkpoint

RP537: 12/11/2012 1:58:58 PM - System Checkpoint

RP538: 12/12/2012 3:23:33 PM - System Checkpoint

RP539: 12/13/2012 3:00:16 AM - Software Distribution Service 3.0

RP540: 12/14/2012 3:54:26 AM - System Checkpoint

RP541: 12/15/2012 4:20:25 AM - System Checkpoint

RP542: 12/16/2012 7:05:14 AM - System Checkpoint

RP543: 12/17/2012 7:36:26 AM - System Checkpoint

RP544: 12/18/2012 8:42:29 AM - System Checkpoint

RP545: 12/19/2012 12:29:53 PM - System Checkpoint

RP546: 12/20/2012 12:43:53 PM - System Checkpoint

RP547: 12/21/2012 7:15:27 AM - Software Distribution Service 3.0

RP548: 12/22/2012 7:58:07 AM - System Checkpoint

RP549: 12/23/2012 11:40:53 AM - System Checkpoint

RP550: 12/24/2012 1:52:26 PM - System Checkpoint

RP551: 12/25/2012 2:54:47 PM - System Checkpoint

RP552: 12/26/2012 3:06:37 PM - System Checkpoint

RP553: 12/27/2012 9:17:30 PM - System Checkpoint

.

==== Installed Programs ======================

.

ABBYY FineReader 6.0 Sprint

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.2

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Audacity 1.2.6

Big Fish Games: Game Manager

Bing Bar

Bonjour

CardRd81

CCHelp

CCleaner

CCScore

Compatibility Pack for the 2007 Office system

Consumer In-Home Service Agreement

Coupon Printer for Windows

CR2

Dell DataSafe Online

Dell Dock

Dell Driver Reset Tool

Dell System Restore

DriverBoost

ESSAdpt

ESSANUP

ESSBrwr

ESSCAM

ESSCDBK

ESScore

ESSCT

ESSEMAIL

ESSgui

ESShelp

ESSini

ESSPCD

ESSPDock

ESSSONIC

ESSTUTOR

ESSvpaht

ESSvpot

Free DVD Ripper Version 2.25

Google Chrome

Google Chrome Frame

Google Toolbar for Internet Explorer

Google Update Helper

GoToMeeting 5.1.0.880

HLPCCTR

HLPIndex

HLPPDOCK

HLPSFO

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB2779562)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB953955)

Hotfix for Windows XP (KB954434)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB958347)

Hotfix for Windows XP (KB959252)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB968764)

Hotfix for Windows XP (KB969084)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

IHA_MessageCenter

Intel® Graphics Media Accelerator Driver

iTunes

iWin Games (remove only)

Java 6 Update 17

Junk Mail filter update

Kodak EasyShare software

KSU

Lexmark 5600-6600 Series

Lexmark Printable Web

Lexmark Toolbar

Lexmark Tools for Office

Malwarebytes Anti-Malware version 1.65.1.1000

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office Live Add-in 1.5

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

MobileMe Control Panel

Mozilla Firefox 13.0.1 (x86 en-US)

Mozilla Maintenance Service

MSN

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB973685)

MSXML 6.0 Parser (KB927977)

Music Rescue

Norton 360

Norton PC Checkup

Notifier

OfotoXMI

OGA Notifier 2.0.0048.0

OTtBP

OTtBPSDK

PCDLNCH

Plants vs. Zombies

PowerDVD DX

QuickTime

Realtek High Definition Audio Driver

Roxio Burn

Safari

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB2761465)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2483614)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2753842-v2)

Security Update for Windows XP (KB2753842)

Security Update for Windows XP (KB2758857)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB2770660)

Security Update for Windows XP (KB2779030)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371-v2)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB976325)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Segoe UI

SFR

SFR2

Shop-n-Spree: Shopping Paradise

Smilebox

Stand O'Food 3

Stand O Food 3 (remove only)

TomTom HOME 2.7.4.1962

TomTom HOME Visual Studio Merge Modules

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows Internet Explorer 8 (KB982632)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB898461)

Update for Windows XP (KB951618-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update for Windows XP (KB978207)

Update for Windows XP (KB980182)

Update Installer for WildTangent Games App

VCAMCEN

VoiceOver Kit

VPRINTOL

Vz In Home Agent

WebEx

WebFldrs XP

WildTangent Games

WildTangent Games App

Windows Genuine Advantage Notifications (KB905474)

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Windows Management Framework Core

Windows Media Format 11 runtime

Windows Media Player 11

Windows Presentation Foundation

Windows Search 4.0

XML Paper Specification Shared Components Pack 1.0

.

==== Event Viewer Messages From Past Week ========

.

12/29/2012 3:37:19 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

12/29/2012 1:50:27 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

12/29/2012 1:50:27 PM, error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the path specified.

12/29/2012 1:50:27 PM, error: Service Control Manager [7000] - The Common Client Job Manager Service service failed to start due to the following error: The system cannot find the file specified.

.

==== End Of File ===========================

DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702

Run by Gregg Shields at 23:09:03 on 2012-12-30

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.561 [GMT -6:00]

.

AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: Norton 360 *Disabled*

.

============== Running Processes ================

.

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Dell\DellDock\DellDock.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe

C:\Program Files\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\Gregg Shields\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\chrome_frame_helper.exe

C:\Documents and Settings\Gregg Shields\Application Data\Smilebox\SmileboxTray.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

C:\Program Files\iWin Games\iWinTrusted.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxduserv.exe

C:\WINDOWS\system32\lxducoms.exe

C:\WINDOWS\system32\mfevtps.exe

C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe

C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Gregg Shields\Desktop\Defogger.exe

C:\Documents and Settings\Gregg Shields\Desktop\SecurityCheck.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchFilterHost.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uSearch Bar = hxxp://www.bing.com/sphome.aspx

uSearch Page = http://www.bing.com

uInternet Connection Wizard,ShellNext = iexplore

uProxyOverride = <local>;*.local

mSearchAssistant = hxxp://www.bing.com/sphome.aspx

uURLSearchHooks: {03fee850-0101-4e9e-b6d4-6fc74d3db360} - <orphaned>

BHO: {03fee850-0101-4e9e-b6d4-6fc74d3db360} - <orphaned>

BHO: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\6.4.0.9\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\6.4.0.9\ips\ipsbho.dll

BHO: IEHlprObj Class: {8CA5ED52-F3FB-4414-A105-2E3491156990} - c:\program files\iwin games\iWinGamesHookIE.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll

BHO: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - c:\program files\lexmark printable web\bho.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\6.4.0.9\coieplg.dll

TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\6.4.0.9\coieplg.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Google Update] "c:\documents and settings\gregg shields\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ChromeFrameHelper] "c:\documents and settings\gregg shields\local settings\application data\google\chrome\application\23.0.1271.97\chrome_frame_helper.exe" --startup

uRun: [smileboxTray] "c:\documents and settings\gregg shields\application data\smilebox\SmileboxTray.exe"

mRun: [lxdumon.exe] "c:\program files\lexmark 5600-6600 series\lxdumon.exe"

mRun: [lxduamon] "c:\program files\lexmark 5600-6600 series\lxduamon.exe"

mRun: [Desktop Disc Tool] "c:\program files\roxio\roxio burn\RoxioBurnLauncher.exe"

mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\docume~1\greggs~1\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

IE: &Search - http://tbedits.radiorage.com/one-toolbaredits/menusearch.jhtml?s=100000486&p2=^ZX^xdm003^S02516^us&si=CNmioPWUk7ICFWd-TAod01AAKg&a=0E497693-7B9E-4348-8731-E3B8E7E30149&n=2012083120&cv=1

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

LSP: mswsock.dll

DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Burger%20Bustle/Images/stg_drm.ocx

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Burger%20Bustle/Images/armhelper.ocx

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://vocus.webex.com/client/T27LC/webex/ieatgpc.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.1.1 68.238.96.12

TCP: Interfaces\{84CF5CA3-01E7-49F1-899D-BBFD79990BE2} : DHCPNameServer = 192.168.1.1 68.238.96.12

Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\documents and settings\gregg shields\local settings\application data\google\chrome\application\23.0.1271.97\npchrome_frame.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\gregg shields\application data\mozilla\firefox\profiles\chhzo0n6.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2412158&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: browser.startup.homepage - www.yahoo.com

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\documents and settings\gregg shields\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\7\NP_wtapp.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll

FF - ExtSQL: 2012-11-04 00:37; {98e34367-8df7-42b4-837b-20b892ff0849}; c:\program files\iwin games\firefox

FF - ExtSQL: !HIDDEN! 2009-11-03 16:19; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-13 459728]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0604000.009\symds.sys [2012-10-1 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0604000.009\symefa.sys [2012-10-1 924320]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\bashdefs\20121106.001\BHDrvx86.sys [2012-10-23 995488]

R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0604000.009\ccsetx86.sys [2012-10-1 132768]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0604000.009\ironx86.sys [2012-10-1 149624]

R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]

R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2009-6-9 155648]

R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-7-1 352248]

R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2011-4-8 176848]

R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]

R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [2010-12-25 94208]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-6-14 148520]

R2 N360;Norton 360;c:\program files\norton 360\engine\6.4.0.9\ccsvchst.exe [2012-10-1 138272]

R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.17.20\SymcPCCULaunchSvc.exe [2012-1-11 135608]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-9 106656]

S2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe --> c:\progra~1\mcafee\sitead~1\mcsacore.exe [?]

S2 PCCUJobMgr;Common Client Job Manager Service;"c:\program files\norton pc checkup\engine\2.0.17.20\ccsvchst.exe" /s "pccujobmgr" /m "c:\program files\norton pc checkup\engine\2.0.17.20\dimaster.dll" /prefetch:1 --> c:\program files\norton pc checkup\engine\2.0.17.20\ccSvcHst.exe [?]

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-12-20 16512]

S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]

S3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\ipsdefs\20121127.001\IDSXpx86.sys [2012-11-28 373728]

S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\virusdefs\20121128.003\NAVENG.SYS [2012-11-28 92704]

S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\virusdefs\20121128.003\NAVEX15.SYS [2012-11-28 1601184]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-25 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-5-7 92008]

.

=============== File Associations ===============

.

ShellExec: EasyShare.exe: Preview="c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe"

.

=============== Created Last 30 ================

.

2012-12-30 17:50:34 -------- d-----w- c:\documents and settings\gregg shields\application data\Stand O'Food 3

2012-12-28 21:47:57 123392 ----a-w- c:\documents and settings\gregg shields\awt43abr.exe

2012-12-21 19:10:40 -------- d-----w- c:\program files\iPod

2012-12-21 19:10:38 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1

2012-12-21 06:07:18 -------- d-----w- c:\documents and settings\gregg shields\application data\Rainbow

2012-12-20 02:20:03 -------- d-----w- c:\documents and settings\gregg shields\local settings\application data\Smilebox

2012-12-20 02:19:28 -------- d-----w- c:\documents and settings\gregg shields\application data\Smilebox

.

==================== Find3M ====================

.

2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-12-12 15:55:34 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-12 15:55:34 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-13 11:20:36 1875456 ----a-w- c:\windows\system32\win32k.sys

2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec

2012-10-25 09:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-10-25 09:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll

.

============= FINISH: 23:10:36.48 ===============

Share this post


Link to post
Share on other sites

Hello

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-AdwCleaner-

  • Please download
AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+

Gringo

Share this post


Link to post
Share on other sites

AdwCleaner Log:

# AdwCleaner v2.104 - Logfile created 12/31/2012 at 00:16:19

# Updated 29/12/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Gregg Shields - DEBBY

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Gregg Shields\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Gregg Shields\Application Data\Mozilla\Firefox\Profiles\chhzo0n6.default\searchplugins\Conduit.xml

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

Folder Deleted : C:\Documents and Settings\All Users\Application Data\iWin

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia

Folder Deleted : C:\Documents and Settings\Gregg Shields\Application Data\iWin

Folder Deleted : C:\Documents and Settings\Gregg Shields\Application Data\PriceGong

Folder Deleted : C:\Documents and Settings\Gregg Shields\Local Settings\Application Data\Conduit

Folder Deleted : C:\Documents and Settings\Gregg Shields\Local Settings\Application Data\RealoreStudios

Folder Deleted : C:\Program Files\1ClickDownload

Folder Deleted : C:\Program Files\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\FunWebProducts

Key Deleted : HKCU\Software\IGearSettings

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03FEE850-0101-4E9E-B6D4-6FC74D3DB360}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03FEE850-0101-4E9E-B6D4-6FC74D3DB360}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\PriceGong

Key Deleted : HKCU\Software\RealoreStudios

Key Deleted : HKCU\Software\SmartBar

Key Deleted : HKCU\Software\Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3030623

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60F83C46-D768-4511-B445-026781DBBDAC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{64D4A2F3-8201-4F6C-AEA5-26F1FEEC5067}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03FEE850-0101-4E9E-B6D4-6FC74D3DB360}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}

Key Deleted : HKLM\Software\RealoreStudios

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{03FEE850-0101-4E9E-B6D4-6FC74D3DB360}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03FEE850-0101-4E9E-B6D4-6FC74D3DB360}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03FEE850-0101-4E9E-B6D4-6FC74D3DB360}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (en-US)

File : C:\Documents and Settings\Gregg Shields\Application Data\Mozilla\Firefox\Profiles\chhzo0n6.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

Deleted : user_pref("browser.search.defaultthis.engineName", "RealoreStudios Customized Web Search");

Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2412158&Sea[...]

-\\ Google Chrome v23.0.1271.97

File : C:\Documents and Settings\Gregg Shields\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.8] : homepage = "hxxp://isearch.avg.com?cid=%7Bb5dccc13-7ae5-4644-a31f-a0f8bc77c586%7D&mid=d29ddb7[...]

Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://isearch.avg.com?cid=%7Bb5dccc13-7ae5-4644-a31f-a0f8[...]

Deleted [l.117] : homepage = "hxxp://isearch.avg.com?cid=%7Bb5dccc13-7ae5-4644-a31f-a0f8bc77c586%7D&mid=d29ddb76bb[...]

Deleted [l.390] : urls_to_restore_on_startup = [ "hxxp://isearch.avg.com?cid=%7Bb5dccc13-7ae5-4644-a31f-a0f8bc7[...]

*************************

AdwCleaner[s1].txt - [7786 octets] - [31/12/2012 00:16:19]

########## EOF - C:\AdwCleaner[s1].txt - [7846 octets] ##########

Share this post


Link to post
Share on other sites

And here's the Rogue Killer Log:

RogueKiller V8.4.1 [Dec 28 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Gregg Shields [Admin rights]

Mode : Remove -- Date : 12/31/2012 00:28:35

¤¤¤ Bad processes : 3 ¤¤¤

[DLL] explorer.exe -- C:\WINDOWS\explorer.exe : C:\Documents and Settings\Gregg Shields\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\chrome_frame_helper.dll -> UNLOADED

[sUSP PATH] chrome_frame_helper.exe -- C:\Documents and Settings\Gregg Shields\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\chrome_frame_helper.exe -> KILLED [TermProc]

[sUSP PATH] SmileboxTray.exe -- C:\Documents and Settings\Gregg Shields\Application Data\Smilebox\SmileboxTray.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 11 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : ChromeFrameHelper ("C:\Documents and Settings\Gregg Shields\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\chrome_frame_helper.exe" --startup) -> DELETED

[RUN][sUSP PATH] HKCU\[...]\Run : SmileboxTray ("C:\Documents and Settings\Gregg Shields\Application Data\Smilebox\SmileboxTray.exe") -> DELETED

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED

[HJPOL] HKLM\[...]\System : DISABLETASKMGR (0) -> DELETED

[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

[WALLP] HKCU\[...]\Desktop : Wallpaper (C:\Documents and Settings\Gregg Shields\Local Settings\Application Data\Microsoft\Wallpaper1.bmp) -> REPLACED (C:\WINDOWS\web\wallpaper\Bliss.bmp)

[sHELLSPWN] HKLM\[...]\command : ("%1" %*) -> REPLACED ("%1" %*)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

SSDT[12] : NtAlertResumeThread @ 0x805D4C0C -> HOOKED (Unknown @ 0x8A47ABE0)

SSDT[13] : NtAlertThread @ 0x805D4BBC -> HOOKED (Unknown @ 0x8A4EDDE8)

SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AEE -> HOOKED (Unknown @ 0x8A43C778)

SSDT[19] : NtAssignProcessToJobObject @ 0x805D66D0 -> HOOKED (Unknown @ 0x8A4210D8)

SSDT[31] : NtConnectPort @ 0x805A4604 -> HOOKED (Unknown @ 0x89C12D90)

SSDT[43] : NtCreateMutant @ 0x806176DE -> HOOKED (Unknown @ 0x8A387BA8)

SSDT[52] : NtCreateSymbolicLinkObject @ 0x805C3A2E -> HOOKED (Unknown @ 0x8A7459C0)

SSDT[53] : NtCreateThread @ 0x805D1068 -> HOOKED (Unknown @ 0x8A450EE0)

SSDT[57] : NtDebugActiveProcess @ 0x80643B6E -> HOOKED (Unknown @ 0x8A421110)

SSDT[68] : NtDuplicateObject @ 0x805BE03C -> HOOKED (Unknown @ 0x8A613C70)

SSDT[83] : NtFreeVirtualMemory @ 0x805B2FE6 -> HOOKED (Unknown @ 0x895F5098)

SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9288 -> HOOKED (Unknown @ 0x8A464BC8)

SSDT[91] : NtImpersonateThread @ 0x805D7890 -> HOOKED (Unknown @ 0x8A45C968)

SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (Unknown @ 0x89D0E858)

SSDT[108] : NtMapViewOfSection @ 0x805B206E -> HOOKED (Unknown @ 0x89C42998)

SSDT[114] : NtOpenEvent @ 0x8060F09C -> HOOKED (Unknown @ 0x8A4470A8)

SSDT[122] : NtOpenProcess @ 0x805CB486 -> HOOKED (Unknown @ 0x895FD278)

SSDT[123] : NtOpenProcessToken @ 0x805EDF56 -> HOOKED (Unknown @ 0x8A532438)

SSDT[125] : NtOpenSection @ 0x805AA420 -> HOOKED (Unknown @ 0x8A439B58)

SSDT[128] : NtOpenThread @ 0x805CB712 -> HOOKED (Unknown @ 0x89C29290)

SSDT[137] : NtProtectVirtualMemory @ 0x805B8452 -> HOOKED (Unknown @ 0x8A5524F0)

SSDT[206] : NtResumeThread @ 0x805D4A48 -> HOOKED (Unknown @ 0x8A48D390)

SSDT[213] : NtSetContextThread @ 0x805D2C4A -> HOOKED (Unknown @ 0x8A533BF8)

SSDT[228] : NtSetInformationProcess @ 0x805CDED0 -> HOOKED (Unknown @ 0x8A5ABD80)

SSDT[240] : NtSetSystemInformation @ 0x8060FD54 -> HOOKED (Unknown @ 0x8A410B58)

SSDT[253] : NtSuspendProcess @ 0x805D4B10 -> HOOKED (Unknown @ 0x8A4517A0)

SSDT[254] : NtSuspendThread @ 0x805D4982 -> HOOKED (Unknown @ 0x8A5165E0)

SSDT[257] : NtTerminateProcess @ 0x805D2308 -> HOOKED (Unknown @ 0x8A551968)

SSDT[258] : NtTerminateThread @ 0x805D2502 -> HOOKED (Unknown @ 0x8A5280A8)

SSDT[267] : NtUnmapViewOfSection @ 0x805B2E7C -> HOOKED (Unknown @ 0x8A528B08)

SSDT[277] : NtWriteVirtualMemory @ 0x805B4400 -> HOOKED (Unknown @ 0x89790098)

S_SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8A38FDB8)

S_SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x8A3855B8)

S_SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x8A385200)

S_SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x8A38E0D0)

S_SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x8A4779F0)

S_SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x8A3A6C90)

S_SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x8A444A90)

S_SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x8A435350)

S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8A526248)

S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8A41CC88)

¤¤¤ Infection : Rogue.AntiSpy-AH ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200AAKS-75L9A0 +++++

--- User ---

[MBR] b13f3f19a104f9c1ebdd96360509e4aa

[bSP] 3b83ad77660a0b1dca762ed603421109 : Dell MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 295204 Mo

2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 604670535 | Size: 9993 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2]_D_12312012_02d0028.txt >>

RKreport[1]_S_12312012_02d0026.txt ; RKreport[2]_D_12312012_02d0028.txt

Share this post


Link to post
Share on other sites

Hello

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Share this post


Link to post
Share on other sites

ComboFix 12-12-30.01 - Gregg Shields 12/31/2012 2:01.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.1587 [GMT -6:00]

Running from: c:\documents and settings\Gregg Shields\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\7q4da2444o4nswy

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\SPL149.tmp

c:\documents and settings\All Users\SPL18B.tmp

c:\documents and settings\All Users\SPL5.tmp

c:\documents and settings\All Users\SPL50.tmp

c:\documents and settings\All Users\SPL6.tmp

c:\documents and settings\All Users\SPL64.tmp

c:\documents and settings\All Users\SPL7.tmp

c:\documents and settings\Gregg Shields\Application Data\.#

c:\documents and settings\Gregg Shields\awt43abr.exe

c:\documents and settings\Gregg Shields\g2mdlhlpx.exe

c:\documents and settings\Gregg Shields\GoToAssistDownloadHelper.exe

c:\documents and settings\Gregg Shields\Local Settings\Application Data\7q4da2444o4nswy

c:\program files\iWin Games\iWinGamesHookIE.dll

c:\windows\$NtUninstallKB54015$

c:\windows\$NtUninstallKB54015$\520828843

c:\windows\$NtUninstallKB54015$\599585091\@

c:\windows\$NtUninstallKB54015$\599585091\Desktop.ini

c:\windows\$NtUninstallKB54015$\599585091\L\00000004.@

c:\windows\$NtUninstallKB54015$\599585091\L\201d3dde

c:\windows\$NtUninstallKB54015$\599585091\L\76603ac3

c:\windows\$NtUninstallKB54015$\599585091\L\rohepcid

c:\windows\$NtUninstallKB54015$\599585091\U\00000004.@

c:\windows\$NtUninstallKB54015$\599585091\U\00000008.@

c:\windows\$NtUninstallKB54015$\599585091\U\000000cb.@

c:\windows\$NtUninstallKB54015$\599585091\U\80000000.@

c:\windows\$NtUninstallKB54015$\599585091\U\80000032.@

c:\windows\system32\SET113.tmp

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

.

Infected copy of c:\windows\system32\drivers\netbt.sys was found and disinfected

Restored copy from - The cat found it :)

c:\windows\system32\drivers\i8042prt.sys . . . is missing!!

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_MYWEBSEARCHSERVICE

.

.

((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-31 )))))))))))))))))))))))))))))))

.

.

2012-12-31 07:58 . 2008-04-14 12:00 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys

2012-12-31 07:58 . 2008-04-14 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys

2012-12-30 17:50 . 2012-12-31 00:45 -------- d-----w- c:\documents and settings\Gregg Shields\Application Data\Stand O'Food 3

2012-12-21 19:10 . 2012-12-21 19:10 -------- d-----w- c:\program files\iPod

2012-12-21 19:10 . 2012-12-21 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

2012-12-21 06:07 . 2012-12-27 03:23 -------- d-----w- c:\documents and settings\Gregg Shields\Application Data\Rainbow

2012-12-20 02:20 . 2012-12-20 02:20 -------- d-----w- c:\documents and settings\Gregg Shields\Local Settings\Application Data\Smilebox

2012-12-20 02:19 . 2012-12-28 15:25 -------- d-----w- c:\documents and settings\Gregg Shields\Application Data\Smilebox

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-16 12:23 . 2008-04-25 16:16 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-12-12 15:55 . 2012-04-24 14:54 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-12 15:55 . 2011-07-19 13:18 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-11-13 11:20 . 2008-04-25 16:16 1875456 ----a-w- c:\windows\system32\win32k.sys

2012-11-02 02:02 . 2008-04-25 16:16 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 12:17 . 2008-04-25 16:16 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:17 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-11-01 12:17 . 2008-04-25 16:16 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-11-01 00:35 . 2008-04-25 16:16 385024 ----a-w- c:\windows\system32\html.iec

2012-10-25 09:12 . 2012-10-25 09:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-10-25 09:12 . 2012-10-25 09:12 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-10-02 18:04 . 2008-04-25 16:16 58368 ----a-w- c:\windows\system32\synceng.dll

2012-07-04 18:31 . 2011-05-16 02:44 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-24 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"lxdumon.exe"="c:\program files\Lexmark 5600-6600 Series\lxdumon.exe" [2010-02-04 676520]

"lxduamon"="c:\program files\Lexmark 5600-6600 Series\lxduamon.exe" [2010-02-04 16040]

"Desktop Disc Tool"="c:\program files\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]

"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]

.

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\DELL\DellDock\DellDock.exe [2009-12-15 1324384]

.

c:\documents and settings\Gregg Shields\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\DELL\DellDock\DellDock.exe [2009-12-15 1324384]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-7-23 757760]

Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

c:\documents and settings\Default User\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\DELL\DellDock\DellDock.exe [2009-12-15 1324384]

Dell Dock.lnk - c:\program files\DELL\DellDock\DellDock.exe [2009-12-15 1324384]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2009-03-04 22:14 57344 ----a-w- c:\windows\ALCMTR.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]

2009-07-31 20:00 1626112 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2009-03-04 22:29 178712 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2009-03-04 22:30 150040 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5600-6600 Series Fax Server]

2010-02-04 05:10 311976 ----a-w- c:\program files\Lexmark 5600-6600 Series\fm3032.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]

2009-12-29 21:35 140520 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2009-03-04 22:29 150040 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-10-25 09:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2009-03-04 22:14 18084864 ----a-w- c:\windows\RTHDCPL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0604000.009\symds.sys [10/1/2012 6:14 PM 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0604000.009\symefa.sys [10/1/2012 6:14 PM 924320]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20121106.001\BHDrvx86.sys [10/23/2012 5:34 PM 995488]

R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0604000.009\ccsetx86.sys [10/1/2012 6:14 PM 132768]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0604000.009\ironx86.sys [10/1/2012 6:14 PM 149624]

R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [10/21/2011 3:23 PM 196176]

R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [10/13/2011 5:21 PM 249648]

R2 DockLoginService;Dock Login Service;c:\program files\DELL\DellDock\DockLogin.exe [6/9/2009 8:11 AM 155648]

R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [7/1/2011 2:01 PM 352248]

R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [4/8/2011 9:17 AM 176848]

R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]

R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [12/25/2010 4:09 PM 94208]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [6/14/2011 3:57 PM 148520]

R2 N360;Norton 360;c:\program files\Norton 360\Engine\6.4.0.9\ccsvchst.exe [10/1/2012 6:14 PM 138272]

R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe [1/11/2012 10:53 PM 135608]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/9/2012 12:12 PM 106656]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe --> c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [?]

S2 PCCUJobMgr;Common Client Job Manager Service;"c:\program files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe" /s "PCCUJobMgr" /m "c:\program files\Norton PC Checkup\Engine\2.0.17.20\diMaster.dll" /prefetch:1 --> c:\program files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe [?]

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [12/20/2010 1:02 PM 16512]

S3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [10/12/2010 11:59 AM 206072]

S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20121127.001\IDSXpx86.sys [11/28/2012 7:57 AM 373728]

S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [5/7/2010 6:36 AM 92008]

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-31 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 15:55]

.

2012-12-28 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]

.

2012-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-24 14:26]

.

2012-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-24 14:26]

.

2012-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4148726867-3119766015-2641412422-1005Core.job

- c:\documents and settings\Gregg Shields\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-01 02:37]

.

2012-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4148726867-3119766015-2641412422-1005UA.job

- c:\documents and settings\Gregg Shields\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-01 02:37]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1 68.238.96.12

FF - ProfilePath - c:\documents and settings\Gregg Shields\Application Data\Mozilla\Firefox\Profiles\chhzo0n6.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: browser.startup.homepage - www.yahoo.com

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2012-11-04 00:37; {98e34367-8df7-42b4-837b-20b892ff0849}; c:\program files\iWin Games\firefox

FF - ExtSQL: !HIDDEN! 2009-11-03 16:19; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-mcmscsvc

SafeBoot-MCODS

MSConfigStartUp-Security Protection - c:\documents and settings\All Users\Application Data\defender.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-12-31 02:18

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360]

"ImagePath"="\"c:\program files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PCCUJobMgr]

"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.17.20\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3080)

c:\windows\system32\WININET.dll

c:\docume~1\GREGGS~1\LOCALS~1\Temp\IadHide5.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\drivers\KodakCCS.exe

c:\windows\system32\lxducoms.exe

c:\windows\system32\SearchIndexer.exe

c:\program files\Lexmark 5600-6600 Series\lxduMsdMon.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\SearchProtocolHost.exe

c:\windows\system32\SearchFilterHost.exe

.

**************************************************************************

.

Completion time: 2012-12-31 02:24:19 - machine was rebooted

ComboFix-quarantined-files.txt 2012-12-31 08:24

.

Pre-Run: 229,879,832,576 bytes free

Post-Run: 232,783,548,416 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 37A05D26BF9D62D09ED0C5898662A604

No major problems other than ComboFix kept saying it was taking longer than usual because of the amount of issues it was finding. But I guess that's a good thing! The pop-ups and redirects don't seem to be happening for now. Thank you!

Share this post


Link to post
Share on other sites

Greetings

I want you to run these next,

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Share this post


Link to post
Share on other sites

Greetings

 

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools

 

 

 

Gringo

Share this post


Link to post
Share on other sites

 

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.