Google Redirect Virus

Dell / DIMENSION 8400
February 14, 2010 at 09:46:25
Specs: Microsoft Windows XP Professional, 2.992 GHz / 1022 MB
I have the google redirect virus. I used rkill followed by malwarebytes and thought I had it, but once I tried to use google, it came right back so I am assume it is embedded somewhere.

I need help getting rid of it.

On a related note, I have been getting hammered by viruses lately despite no "at risk" computer behavior.

I was one of those affected by this week's MS Security Patch problem that affected XP and while I appear to have gotten it removed, I am wondering if that has made me susceptible to these viruses that I am getting (my third one this week).


See More: Google Redirect Virus

Report •


#1
February 14, 2010 at 09:57:06
Download DDS and save it to your desktop.
DDS.scr


Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt

Save both reports to your desktop then post them please.


Report •

#2
February 14, 2010 at 10:15:15
I turned off my anti-virus, but DDS would not run, so I presume I have some other script blocker active? Where else would I look?

Report •

#3
February 14, 2010 at 10:29:35
Nevermind...I got it.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Paul Schneider at 12:15:50.71 on Sun 02/14/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.496 [GMT -6:00]

AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Paul Schneider\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.badgernation.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.8.0.41\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: {FE54FA40-D68C-11D2-98FA-00C0F0318AFE} - No File
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [CTSysVol] c:\program files\creative\sound blaster live! 24-bit\surround mixer\CTSysVol.exe /r
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.0.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128895959283
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://dancers.visionsnightclub.com/activex/AxisCamControl.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} - hxxp://community.webshots.com/html/WSPhotoUploader.CAB
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
SEH: CShellExecuteHookImpl Object: {54d9498b-cf93-414f-8984-8ce7fde0d391} - c:\program files\ewido\security suite\shellhook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\paulsc~1\applic~1\mozilla\firefox\profiles\k9xgcasg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.badgernation.com/
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1008000.029\SymEFA.sys [2010-1-27 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1008000.029\BHDrvx86.sys [2010-1-27 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1008000.029\cchpx86.sys [2010-1-27 482432]
R1 ewido security suite driver;ewido security suite driver;c:\program files\ewido\security suite\guard.sys [2004-11-22 3072]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100210.001\IDSXpx86.sys [2010-2-12 329592]
R2 ewido security suite control;ewido security suite control;c:\program files\ewido\security suite\ewidoctrl.exe [2004-11-11 16448]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-29 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100214.004\NAVENG.SYS [2010-2-14 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100214.004\NAVEX15.SYS [2010-2-14 1324720]
S2 gupdate1ca3196c4feaa07;Google Update Service (gupdate1ca3196c4feaa07);c:\program files\google\update\GoogleUpdate.exe [2009-9-9 133104]
S2 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\engine\16.8.0.41\ccSvcHst.exe [2010-1-27 117640]
S3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~2\hwdiag\bin\PCD5SRVC.pkms [2007-12-5 20640]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-8-24 1252232]
S4 ewido security suite guard;ewido security suite guard;c:\program files\ewido\security suite\ewidoguard.exe [2006-2-7 151616]

=============== Created Last 30 ================


==================== Find3M ====================

2010-01-17 21:59:39 105824 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-07 22:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 15:33:06 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-31 15:33:06 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-12-18 13:05:43 634648 ------w- c:\windows\system32\dllcache\iexplore.exe
2009-12-18 13:04:09 161792 ------w- c:\windows\system32\dllcache\ieakui.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 18:43:27 343040 ------w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-14 07:08:23 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2009-12-08 09:23:28 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2009-12-04 18:22:22 455424 ----a-w- c:\windows\system32\dllcache\mrxsmb.sys
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\dllcache\quartz.dll
2009-11-27 16:07:35 8704 ------w- c:\windows\system32\dllcache\tsbyuv.dll
2009-11-27 16:07:35 28672 ------w- c:\windows\system32\dllcache\msvidc32.dll
2009-11-27 16:07:34 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2009-11-27 16:07:34 11264 ------w- c:\windows\system32\dllcache\msrle32.dll
2009-11-21 15:51:04 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2006-03-12 02:59:26 1504256 --sha-w- c:\program files\ehthumbs.db
2005-10-22 03:21:31 38743 ----a-w- c:\program files\PIEPatch2.6.exe
2008-11-10 09:07:04 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008111020081111\index.dat

============= FINISH: 12:25:50.87 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/16/2005 11:25:37 PM
System Uptime: 2/12/2010 10:29:13 PM (38 hours ago)

Motherboard: Dell Inc. | | 0U7077
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 144 GiB total, 75.167 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP358: 11/17/2009 5:48:59 AM - System Checkpoint
RP359: 11/18/2009 6:24:23 AM - System Checkpoint
RP360: 11/19/2009 7:00:25 AM - System Checkpoint
RP361: 11/20/2009 7:22:59 AM - System Checkpoint
RP362: 11/21/2009 7:33:55 AM - System Checkpoint
RP363: 11/22/2009 8:09:52 AM - System Checkpoint
RP364: 11/23/2009 10:00:12 AM - System Checkpoint
RP365: 11/24/2009 10:33:50 AM - System Checkpoint
RP366: 11/25/2009 3:00:16 AM - Software Distribution Service 3.0
RP367: 11/26/2009 4:20:37 AM - System Checkpoint
RP368: 11/27/2009 9:15:35 AM - System Checkpoint
RP369: 11/28/2009 10:19:17 AM - System Checkpoint
RP370: 11/29/2009 11:06:53 AM - System Checkpoint
RP371: 11/30/2009 11:09:24 AM - System Checkpoint
RP372: 12/1/2009 11:21:20 AM - System Checkpoint
RP373: 12/2/2009 11:33:19 AM - System Checkpoint
RP374: 12/3/2009 11:57:17 AM - System Checkpoint
RP375: 12/4/2009 5:23:56 PM - System Checkpoint
RP376: 12/5/2009 7:22:57 PM - System Checkpoint
RP377: 12/6/2009 7:30:55 PM - System Checkpoint
RP378: 12/7/2009 9:28:28 PM - System Checkpoint
RP379: 12/9/2009 3:33:17 AM - System Checkpoint
RP380: 12/10/2009 3:00:47 AM - Software Distribution Service 3.0
RP381: 12/11/2009 3:43:04 AM - System Checkpoint
RP382: 12/12/2009 3:55:04 AM - System Checkpoint
RP383: 12/13/2009 5:09:32 AM - System Checkpoint
RP384: 12/14/2009 5:27:09 AM - System Checkpoint
RP385: 12/15/2009 6:03:05 AM - System Checkpoint
RP386: 12/16/2009 6:27:05 AM - System Checkpoint
RP387: 12/17/2009 7:27:04 AM - System Checkpoint
RP388: 12/18/2009 8:03:06 AM - System Checkpoint
RP389: 12/19/2009 8:56:19 AM - System Checkpoint
RP390: 12/20/2009 12:06:39 PM - System Checkpoint
RP391: 12/21/2009 12:51:09 PM - System Checkpoint
RP392: 12/22/2009 2:15:03 PM - System Checkpoint
RP393: 12/23/2009 4:27:33 PM - System Checkpoint
RP394: 12/24/2009 5:27:02 PM - System Checkpoint
RP395: 12/25/2009 6:03:02 PM - System Checkpoint
RP396: 12/26/2009 6:15:03 PM - System Checkpoint
RP397: 12/27/2009 6:28:11 PM - System Checkpoint
RP398: 12/28/2009 6:51:05 PM - System Checkpoint
RP399: 12/29/2009 7:51:02 PM - System Checkpoint
RP400: 12/30/2009 8:39:02 PM - System Checkpoint
RP401: 12/31/2009 9:38:29 PM - System Checkpoint
RP402: 1/1/2010 9:43:52 PM - System Checkpoint
RP403: 1/2/2010 10:12:46 PM - System Checkpoint
RP404: 1/3/2010 10:30:15 PM - System Checkpoint
RP405: 1/5/2010 12:06:18 AM - System Checkpoint
RP406: 1/6/2010 12:37:25 AM - System Checkpoint
RP407: 1/7/2010 1:18:17 AM - System Checkpoint
RP408: 1/8/2010 2:04:28 AM - System Checkpoint
RP409: 1/9/2010 2:14:57 AM - System Checkpoint
RP410: 1/10/2010 2:30:57 AM - System Checkpoint
RP411: 1/11/2010 2:50:58 AM - System Checkpoint
RP412: 1/12/2010 6:38:43 PM - System Checkpoint
RP413: 1/13/2010 3:00:36 AM - Software Distribution Service 3.0
RP414: 1/14/2010 4:10:54 AM - System Checkpoint
RP415: 1/15/2010 4:22:55 AM - System Checkpoint
RP416: 1/16/2010 4:34:54 AM - System Checkpoint
RP417: 1/17/2010 4:43:17 AM - System Checkpoint
RP418: 1/18/2010 5:31:19 AM - System Checkpoint
RP419: 1/19/2010 5:43:17 AM - System Checkpoint
RP420: 1/20/2010 5:55:16 AM - System Checkpoint
RP421: 1/21/2010 6:31:16 AM - System Checkpoint
RP422: 1/22/2010 3:00:18 AM - Software Distribution Service 3.0
RP423: 1/23/2010 3:21:44 AM - System Checkpoint
RP424: 1/24/2010 3:33:42 AM - System Checkpoint
RP425: 1/25/2010 4:21:41 AM - System Checkpoint
RP426: 1/26/2010 4:33:42 AM - System Checkpoint
RP427: 1/27/2010 4:57:40 AM - System Checkpoint
RP428: 1/28/2010 5:06:13 AM - System Checkpoint
RP429: 1/29/2010 5:21:41 AM - System Checkpoint
RP430: 1/30/2010 5:45:38 AM - System Checkpoint
RP431: 1/31/2010 5:57:40 AM - System Checkpoint
RP432: 2/1/2010 6:57:38 AM - System Checkpoint
RP433: 2/2/2010 7:09:38 AM - System Checkpoint
RP434: 2/3/2010 7:44:54 AM - System Checkpoint
RP435: 2/4/2010 8:20:59 AM - System Checkpoint
RP436: 2/5/2010 9:32:54 AM - System Checkpoint
RP437: 2/6/2010 10:32:54 AM - System Checkpoint
RP438: 2/7/2010 11:17:32 AM - System Checkpoint
RP439: 2/8/2010 11:53:50 AM - System Checkpoint
RP440: 2/9/2010 12:41:51 PM - System Checkpoint
RP441: 2/10/2010 3:00:18 AM - Software Distribution Service 3.0
RP442: 2/12/2010 3:00:28 AM - Software Distribution Service 3.0
RP443: 2/13/2010 3:27:35 AM - System Checkpoint
RP444: 2/14/2010 4:51:36 AM - System Checkpoint

==== Installed Programs ======================

µTorrent
Ad-Aware SE Personal
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.5
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
Amazon MP3 Downloader 1.0.3
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
Audacity 1.2.3
AutoUpdate
Banctec Service Agreement
Baseball Mogul 2009 DEMO
Basketball Playbook 008
Bonjour
Broadcom Advanced Control Suite 2
BufferChm
CCleaner (remove only)
Cisco Network Magic
CleanUp!
Creative MediaSource
CustomerResearchQFolder
D1400
D1400_Help
Dell Driver Reset Tool
Dell Picture Studio v3.0
Dell Support Center (Support Software)
Dell System Restore
DellSupport
DeviceDiscovery
DeviceManagementQFolder
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
dj_sf_ProductContext
dj_sf_software
dj_sf_software_req
EarthLink setup files
ESPNMotion
eSupportQFolder
ewido security suite
GemMaster Mystic
Get High Speed Internet!
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HijackThis 1.99.1
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Customer Participation Program 8.0
HP Deskjet 8.0 Software
HP Imaging Device Functions 8.0
HP Photosmart Essential
HP Product Assistant
HP Solution Center 8.0
HP Update
HPProductAssistant
HPSSupply
Intel Application Accelerator
Intel(R) 537EP V9x DF PCI Modem
Internet Explorer Default Page
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java(TM) 6 Update 10
KB408682
Learn2 Player (Uninstall Only)
Lexmark Supplies Monitor
Lexmark Z45
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Logitech Gaming Software
LOTR The Return of the King tm
LucasArts' Jedi Knight
LucasArts' X-Wing vs. TIE Fighter
Macromedia Flash Player
Madden NFL 2004
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Picture It! 2000
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox (3.5.7)
MS Works Spreadsheet to XLS Converter
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch® Jukebox
My Way Search Assistant
Network Magic
NetZeroInstallers
Norton AntiVirus
Norton Internet Security
Otto
P.I.E. Patch
Panda ActiveScan
Pandigital Photo Viewer 3.3
Patton $ Software 2007
Patton $ Software 2009
PosteRazor
PowerDVD 5.3
Pure Networks Platform
QuickBooks Simple Start Special Edition
QuickTime
RealPlayer
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SolutionCenter
Some PDF Image Extractr 1.5
Sonic DLA
Sonic Encoders
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sound Blaster Live! 24-bit
Spybot - Search & Destroy 1.3.1 TX
Status
Symantec Technical Support Web Controls
Toolbox
TrayApp


Report •

Related Solutions

#4
February 14, 2010 at 10:59:16
Your java is out of date and may have been exploited.
Download the latest version of java from this link:

Java


Click on the JRE 6 Update 18 download button.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
Then from your desktop double-click on jre-6u178-windows-i586-p.exe to install the newest version.

You should go to add/remove programs and uninstall these programs as they are know to harbor spyware:


utorrent
my web search assistant

Please download Combofix with internet explorer instead of Mozilla FireFox if possible.

Remember..your Nortons antivirus , Ewido, Spybot's TeaTimer must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.

Please download ComboFix to the desktop from one of the following links:

ComboFix

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#5
February 14, 2010 at 14:36:13
Still with you...just getting to the combofix. As you can see, it took what...2 hours to get re-logged in.

Report •

#6
February 14, 2010 at 20:03:34
Both times I tried to run combofix, it appeared to hang on me. I turned off both my firewall and anti-virus, but don't know if there is something I missed, or maybe a problem with my system. Any ideas?

Report •

#7
February 14, 2010 at 20:10:45
Now, I am being hit with a "You may be the victim of software counterfeiting", which I believe is also some sort of malware. I am just getting hammered here.

Report •

#8
February 15, 2010 at 03:54:05
Did you rename Combofix when you downloaded it?

If you did try running Malwarebytes then try Combofix again.

Please download Malwarebytes' Anti-Malware from one of these sites:

MalwareBytes1

MalwareBytes2

Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.

1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.


Report •

#9
February 15, 2010 at 10:08:00
Yes, I renamed combofix.

I already have a current version of Malwarebytes, with recently updated definitions. It seems to run normally, but isn't picking anything up.

I don't recall if it was renamed, so I guess I will try that.


Report •

#10
February 15, 2010 at 14:47:45
Download TDSSKiller to your Desktop from the following link.

TDSSKiller


1. Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop. It will extract to an unzipped folder, drag TDSSKiller.exe out of that folder onto the desktop.
2. Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v


3. If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
4. When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Then try running Combofix from safe mode.


Report •

#11
February 15, 2010 at 20:52:36
Here is the TDSSKiller log. I will be running combofix next (if it will work for me):

22:50:00:040 6848 TDSS rootkit removing tool 2.2.3 Feb 4 2010 14:34:00
22:50:00:040 6848 ================================================================================
22:50:00:040 6848 SystemInfo:

22:50:00:040 6848 OS Version: 5.1.2600 ServicePack: 3.0
22:50:00:040 6848 Product type: Workstation
22:50:00:040 6848 ComputerName: PAUL
22:50:00:040 6848 UserName: Paul Schneider
22:50:00:040 6848 Windows directory: C:\WINDOWS
22:50:00:040 6848 Processor architecture: Intel x86
22:50:00:040 6848 Number of processors: 2
22:50:00:040 6848 Page size: 0x1000
22:50:00:040 6848 Boot type: Normal boot
22:50:00:040 6848 ================================================================================
22:50:00:055 6848 UnloadDriverW: NtUnloadDriver error 2
22:50:00:055 6848 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
22:50:00:055 6848 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
22:50:00:196 6848 UtilityInit: KLMD drop and load success
22:50:00:196 6848 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201010)
22:50:00:196 6848 UtilityInit: KLMD open success
22:50:00:196 6848 UtilityInit: Initialize success
22:50:00:196 6848
22:50:00:196 6848 Scanning Services ...
22:50:00:196 6848 CreateRegParser: Registry parser init started
22:50:00:196 6848 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127
22:50:00:196 6848 CreateRegParser: DisableWow64Redirection error
22:50:00:196 6848 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
22:50:00:196 6848 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043
22:50:00:196 6848 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
22:50:00:196 6848 wfopen_ex: Trying to KLMD file open
22:50:00:196 6848 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system
22:50:00:196 6848 wfopen_ex: File opened ok (Flags 2)
22:50:00:196 6848 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 384B00
22:50:00:196 6848 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
22:50:00:196 6848 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043
22:50:00:196 6848 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
22:50:00:196 6848 wfopen_ex: Trying to KLMD file open
22:50:00:196 6848 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software
22:50:00:196 6848 wfopen_ex: File opened ok (Flags 2)
22:50:00:196 6848 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 3849F0
22:50:00:196 6848 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127
22:50:00:196 6848 CreateRegParser: EnableWow64Redirection error
22:50:00:196 6848 CreateRegParser: RegParser init completed
22:50:00:430 6848 GetAdvancedServicesInfo: Raw services enum returned 381 services
22:50:00:430 6848 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
22:50:00:430 6848 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
22:50:00:430 6848
22:50:00:430 6848 Scanning Kernel memory ...
22:50:00:430 6848 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
22:50:00:430 6848 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 873C8CC8
22:50:00:430 6848 DetectCureTDL3: KLMD_GetDeviceObjectList returned 4 DevObjects
22:50:00:430 6848
22:50:00:430 6848 DetectCureTDL3: DEVICE_OBJECT: 8735F8A0
22:50:00:430 6848 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8735F8A0
22:50:00:430 6848 KLMD_ReadMem: Trying to ReadMemory 0x8735F8A0[0x38]
22:50:00:430 6848 DetectCureTDL3: DRIVER_OBJECT: 873C8CC8
22:50:00:430 6848 KLMD_ReadMem: Trying to ReadMemory 0x873C8CC8[0xA8]
22:50:00:430 6848 KLMD_ReadMem: Trying to ReadMemory 0xE100FC40[0x18]
22:50:00:430 6848 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
22:50:00:430 6848 DetectCureTDL3: IrpHandler (0) addr: F7658BB0
22:50:00:430 6848 DetectCureTDL3: IrpHandler (1) addr: 804F4562
22:50:00:430 6848 DetectCureTDL3: IrpHandler (2) addr: F7658BB0
22:50:00:430 6848 DetectCureTDL3: IrpHandler (3) addr: F7652D1F
22:50:00:430 6848 DetectCureTDL3: IrpHandler (4) addr: F7652D1F
22:50:00:430 6848 DetectCureTDL3: IrpHandler (5) addr: 804F4562
22:50:00:430 6848 DetectCureTDL3: IrpHandler (6) addr: 804F4562
22:50:00:430 6848 DetectCureTDL3: IrpHandler (7) addr: 804F4562
22:50:00:430 6848 DetectCureTDL3: IrpHandler (8) addr: 804F4562
22:50:00:430 6848 DetectCureTDL3: IrpHandler (9) addr: F76532E2
22:50:00:430 6848 DetectCureTDL3: IrpHandler (10) addr: 804F4562
22:50:00:430 6848 DetectCureTDL3: IrpHandler (11) addr: 804F4562
22:50:00:430 6848 DetectCureTDL3: IrpHandler (12) addr: 804F4562
22:50:00:430 6848 DetectCureTDL3: IrpHandler (13) addr: 804F4562
22:50:00:430 6848 DetectCureTDL3: IrpHandler (14) addr: F76533BB
22:50:00:430 6848 DetectCureTDL3: IrpHandler (15) addr: F7656F28
22:50:00:430 6848 DetectCureTDL3: IrpHandler (16) addr: F76532E2
22:50:00:430 6848 DetectCureTDL3: IrpHandler (17) addr: 804F4562
22:50:00:430 6848 DetectCureTDL3: IrpHandler (18) addr: 804F4562
22:50:00:430 6848 DetectCureTDL3: IrpHandler (19) addr: 804F4562
22:50:00:430 6848 DetectCureTDL3: IrpHandler (20) addr: 804F4562
22:50:00:430 6848 DetectCureTDL3: IrpHandler (21) addr: 804F4562
22:50:00:430 6848 DetectCureTDL3: IrpHandler (22) addr: F7654C82
22:50:00:430 6848 DetectCureTDL3: IrpHandler (23) addr: F765999E
22:50:00:430 6848 DetectCureTDL3: IrpHandler (24) addr: 804F4562
22:50:00:430 6848 DetectCureTDL3: IrpHandler (25) addr: 804F4562
22:50:00:430 6848 DetectCureTDL3: IrpHandler (26) addr: 804F4562
22:50:00:430 6848 TDL3_FileDetect: Processing driver: Disk
22:50:00:430 6848 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
22:50:00:430 6848 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
22:50:00:446 6848 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
22:50:00:446 6848
22:50:00:446 6848 DetectCureTDL3: DEVICE_OBJECT: 8735FC68
22:50:00:446 6848 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8735FC68
22:50:00:446 6848 KLMD_ReadMem: Trying to ReadMemory 0x8735FC68[0x38]
22:50:00:446 6848 DetectCureTDL3: DRIVER_OBJECT: 873C8CC8
22:50:00:446 6848 KLMD_ReadMem: Trying to ReadMemory 0x873C8CC8[0xA8]
22:50:00:446 6848 KLMD_ReadMem: Trying to ReadMemory 0xE100FC40[0x18]
22:50:00:446 6848 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
22:50:00:446 6848 DetectCureTDL3: IrpHandler (0) addr: F7658BB0
22:50:00:446 6848 DetectCureTDL3: IrpHandler (1) addr: 804F4562
22:50:00:446 6848 DetectCureTDL3: IrpHandler (2) addr: F7658BB0
22:50:00:446 6848 DetectCureTDL3: IrpHandler (3) addr: F7652D1F
22:50:00:446 6848 DetectCureTDL3: IrpHandler (4) addr: F7652D1F
22:50:00:446 6848 DetectCureTDL3: IrpHandler (5) addr: 804F4562
22:50:00:446 6848 DetectCureTDL3: IrpHandler (6) addr: 804F4562
22:50:00:446 6848 DetectCureTDL3: IrpHandler (7) addr: 804F4562
22:50:00:446 6848 DetectCureTDL3: IrpHandler (8) addr: 804F4562
22:50:00:446 6848 DetectCureTDL3: IrpHandler (9) addr: F76532E2
22:50:00:446 6848 DetectCureTDL3: IrpHandler (10) addr: 804F4562
22:50:00:446 6848 DetectCureTDL3: IrpHandler (11) addr: 804F4562
22:50:00:446 6848 DetectCureTDL3: IrpHandler (12) addr: 804F4562
22:50:00:446 6848 DetectCureTDL3: IrpHandler (13) addr: 804F4562
22:50:00:446 6848 DetectCureTDL3: IrpHandler (14) addr: F76533BB
22:50:00:446 6848 DetectCureTDL3: IrpHandler (15) addr: F7656F28
22:50:00:446 6848 DetectCureTDL3: IrpHandler (16) addr: F76532E2
22:50:00:446 6848 DetectCureTDL3: IrpHandler (17) addr: 804F4562
22:50:00:446 6848 DetectCureTDL3: IrpHandler (18) addr: 804F4562
22:50:00:446 6848 DetectCureTDL3: IrpHandler (19) addr: 804F4562
22:50:00:446 6848 DetectCureTDL3: IrpHandler (20) addr: 804F4562
22:50:00:446 6848 DetectCureTDL3: IrpHandler (21) addr: 804F4562
22:50:00:446 6848 DetectCureTDL3: IrpHandler (22) addr: F7654C82
22:50:00:446 6848 DetectCureTDL3: IrpHandler (23) addr: F765999E
22:50:00:446 6848 DetectCureTDL3: IrpHandler (24) addr: 804F4562
22:50:00:446 6848 DetectCureTDL3: IrpHandler (25) addr: 804F4562
22:50:00:446 6848 DetectCureTDL3: IrpHandler (26) addr: 804F4562
22:50:00:446 6848 TDL3_FileDetect: Processing driver: Disk
22:50:00:446 6848 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
22:50:00:446 6848 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
22:50:00:462 6848 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
22:50:00:462 6848
22:50:00:462 6848 DetectCureTDL3: DEVICE_OBJECT: 8735F030
22:50:00:462 6848 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8735F030
22:50:00:462 6848 KLMD_ReadMem: Trying to ReadMemory 0x8735F030[0x38]
22:50:00:462 6848 DetectCureTDL3: DRIVER_OBJECT: 873C8CC8
22:50:00:462 6848 KLMD_ReadMem: Trying to ReadMemory 0x873C8CC8[0xA8]
22:50:00:462 6848 KLMD_ReadMem: Trying to ReadMemory 0xE100FC40[0x18]
22:50:00:462 6848 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
22:50:00:462 6848 DetectCureTDL3: IrpHandler (0) addr: F7658BB0
22:50:00:462 6848 DetectCureTDL3: IrpHandler (1) addr: 804F4562
22:50:00:462 6848 DetectCureTDL3: IrpHandler (2) addr: F7658BB0
22:50:00:462 6848 DetectCureTDL3: IrpHandler (3) addr: F7652D1F
22:50:00:462 6848 DetectCureTDL3: IrpHandler (4) addr: F7652D1F
22:50:00:462 6848 DetectCureTDL3: IrpHandler (5) addr: 804F4562
22:50:00:462 6848 DetectCureTDL3: IrpHandler (6) addr: 804F4562
22:50:00:462 6848 DetectCureTDL3: IrpHandler (7) addr: 804F4562
22:50:00:462 6848 DetectCureTDL3: IrpHandler (8) addr: 804F4562
22:50:00:462 6848 DetectCureTDL3: IrpHandler (9) addr: F76532E2
22:50:00:462 6848 DetectCureTDL3: IrpHandler (10) addr: 804F4562
22:50:00:462 6848 DetectCureTDL3: IrpHandler (11) addr: 804F4562
22:50:00:462 6848 DetectCureTDL3: IrpHandler (12) addr: 804F4562
22:50:00:462 6848 DetectCureTDL3: IrpHandler (13) addr: 804F4562
22:50:00:462 6848 DetectCureTDL3: IrpHandler (14) addr: F76533BB
22:50:00:462 6848 DetectCureTDL3: IrpHandler (15) addr: F7656F28
22:50:00:462 6848 DetectCureTDL3: IrpHandler (16) addr: F76532E2
22:50:00:462 6848 DetectCureTDL3: IrpHandler (17) addr: 804F4562
22:50:00:462 6848 DetectCureTDL3: IrpHandler (18) addr: 804F4562
22:50:00:462 6848 DetectCureTDL3: IrpHandler (19) addr: 804F4562
22:50:00:462 6848 DetectCureTDL3: IrpHandler (20) addr: 804F4562
22:50:00:462 6848 DetectCureTDL3: IrpHandler (21) addr: 804F4562
22:50:00:462 6848 DetectCureTDL3: IrpHandler (22) addr: F7654C82
22:50:00:462 6848 DetectCureTDL3: IrpHandler (23) addr: F765999E
22:50:00:462 6848 DetectCureTDL3: IrpHandler (24) addr: 804F4562
22:50:00:462 6848 DetectCureTDL3: IrpHandler (25) addr: 804F4562
22:50:00:462 6848 DetectCureTDL3: IrpHandler (26) addr: 804F4562
22:50:00:462 6848 TDL3_FileDetect: Processing driver: Disk
22:50:00:462 6848 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
22:50:00:462 6848 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
22:50:00:462 6848 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
22:50:00:462 6848
22:50:00:462 6848 DetectCureTDL3: DEVICE_OBJECT: 873C8418
22:50:00:462 6848 KLMD_GetLowerDeviceObject: Trying to get lower device object for 873C8418
22:50:00:477 6848 DetectCureTDL3: DEVICE_OBJECT: 873CC030
22:50:00:477 6848 KLMD_GetLowerDeviceObject: Trying to get lower device object for 873CC030
22:50:00:477 6848 KLMD_ReadMem: Trying to ReadMemory 0x873CC030[0x38]
22:50:00:477 6848 DetectCureTDL3: DRIVER_OBJECT: 87375308
22:50:00:477 6848 KLMD_ReadMem: Trying to ReadMemory 0x87375308[0xA8]
22:50:00:477 6848 KLMD_ReadMem: Trying to ReadMemory 0xE1AEC4D0[0x1C]
22:50:00:477 6848 DetectCureTDL3: DRIVER_OBJECT name: \Driver\iaStor, Driver Name: iaStor
22:50:00:477 6848 DetectCureTDL3: IrpHandler (0) addr: F73B823E
22:50:00:477 6848 DetectCureTDL3: IrpHandler (1) addr: F73B823E
22:50:00:477 6848 DetectCureTDL3: IrpHandler (2) addr: F73B823E
22:50:00:477 6848 DetectCureTDL3: IrpHandler (3) addr: F73B823E
22:50:00:477 6848 DetectCureTDL3: IrpHandler (4) addr: F73B823E
22:50:00:477 6848 DetectCureTDL3: IrpHandler (5) addr: F73B823E
22:50:00:477 6848 DetectCureTDL3: IrpHandler (6) addr: F73B823E
22:50:00:477 6848 DetectCureTDL3: IrpHandler (7) addr: F73B823E
22:50:00:477 6848 DetectCureTDL3: IrpHandler (8) addr: F73B823E
22:50:00:477 6848 DetectCureTDL3: IrpHandler (9) addr: F73B823E
22:50:00:477 6848 DetectCureTDL3: IrpHandler (10) addr: F73B823E
22:50:00:477 6848 DetectCureTDL3: IrpHandler (11) addr: F73B823E
22:50:00:477 6848 DetectCureTDL3: IrpHandler (12) addr: F73B823E
22:50:00:477 6848 DetectCureTDL3: IrpHandler (13) addr: F73B823E
22:50:00:477 6848 DetectCureTDL3: IrpHandler (14) addr: F73B823E
22:50:00:477 6848 DetectCureTDL3: IrpHandler (15) addr: F73B823E
22:50:00:477 6848 DetectCureTDL3: IrpHandler (16) addr: F73B823E
22:50:00:477 6848 DetectCureTDL3: IrpHandler (17) addr: F73B823E
22:50:00:477 6848 DetectCureTDL3: IrpHandler (18) addr: F73B823E
22:50:00:477 6848 DetectCureTDL3: IrpHandler (19) addr: F73B823E
22:50:00:477 6848 DetectCureTDL3: IrpHandler (20) addr: F73B823E
22:50:00:477 6848 DetectCureTDL3: IrpHandler (21) addr: F73B823E
22:50:00:477 6848 DetectCureTDL3: IrpHandler (22) addr: F73B823E
22:50:00:477 6848 DetectCureTDL3: IrpHandler (23) addr: F73B823E
22:50:00:477 6848 DetectCureTDL3: IrpHandler (24) addr: F73B823E
22:50:00:477 6848 DetectCureTDL3: IrpHandler (25) addr: F73B823E
22:50:00:477 6848 DetectCureTDL3: IrpHandler (26) addr: F73B823E
22:50:00:477 6848 DetectCureTDL3: All IRP handlers pointed to one addr: F73B823E
22:50:00:477 6848 KLMD_ReadMem: Trying to ReadMemory 0xF73B823E[0x400]
22:50:00:477 6848 TDL3_IrpHookDetect: TDL3 Stub signature found, trying to get hook true addr
22:50:00:477 6848 KLMD_ReadMem: Trying to ReadMemory 0xFFDF0308[0x4]
22:50:00:477 6848 KLMD_ReadMem: Trying to ReadMemory 0x873D20B4[0x4]
22:50:00:477 6848 TDL3_IrpHookDetect: New IrpHandler addr: 870418C8
22:50:00:477 6848 KLMD_ReadMem: Trying to ReadMemory 0x870418C8[0x400]
22:50:00:477 6848 TDL3_IrpHookDetect: CheckParameters: 10, FFDF0308, 510, 134, 3, 120
22:50:00:477 6848 Driver "iaStor" Irp handler infected by TDSS rootkit ... 22:50:00:477 6848 KLMD_WriteMem: Trying to WriteMemory 0x8704194E[0xD]
22:50:00:477 6848 cured
22:50:00:477 6848 TDL3_FileDetect: Processing driver: iaStor
22:50:00:477 6848 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\iaStor.sys
22:50:00:477 6848 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\iaStor.sys
22:50:00:508 6848 TDL3_FileDetect: C:\WINDOWS\system32\drivers\iaStor.sys - Verdict: Infected
22:50:00:508 6848 File C:\WINDOWS\system32\drivers\iaStor.sys infected by TDSS rootkit ... 22:50:00:508 6848 TDL3_FileCure: Processing driver file: C:\WINDOWS\system32\drivers\iaStor.sys
22:50:00:508 6848 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
22:50:00:540 6848 CABFileCallback: Processing cab-file: C:\WINDOWS\Driver Cache\I386\sp3.cab
22:50:00:649 6848 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\OemDir\*) error 3
22:50:01:040 6848 TDL3_FileCure: Backup copy not found, trying to cure infected file..
22:50:01:040 6848 TDL3_FileCure: Cure success, using it..
22:50:01:040 6848 TDL3_FileCure: Dumping cured buffer to file C:\WINDOWS\system32\drivers\tsk439.tmp
22:50:01:180 6848 TDL3_FileCure: New / Old Image paths: (system32\drivers\tsk439.tmp, system32\drivers\iaStor.sys)
22:50:01:180 6848 TDL3_FileCure: KLMD jobs schedule success
22:50:01:180 6848 will be cured on next reboot
22:50:01:180 6848 UtilityBootReinit: Reboot required for cure complete..
22:50:01:180 6848 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmdb.sys) returned status 00000000
22:50:01:212 6848 UtilityBootReinit: KLMD drop success
22:50:01:227 6848 KLMD_ApplyPendList: Pending buffer(5722_6922, 616) dropped successfully
22:50:01:227 6848 UtilityBootReinit: Cure on reboot scheduled successfully
22:50:01:227 6848
22:50:01:227 6848 Completed
22:50:01:227 6848
22:50:01:227 6848 Results:
22:50:01:227 6848 Memory objects infected / cured / cured on reboot: 1 / 1 / 0
22:50:01:227 6848 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
22:50:01:227 6848 File objects infected / cured / cured on reboot: 1 / 0 / 1
22:50:01:227 6848
22:50:01:227 6848 UnloadDriverW: NtUnloadDriver error 1
22:50:01:227 6848 KLMD_Unload: UnloadDriverW(klmd21) error 1
22:50:01:227 6848 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
22:50:01:227 6848 UtilityDeinit: KLMD(ARK) unloaded successfully


Report •

#12
February 15, 2010 at 21:20:24
I was able to start running combofix in safe mode. However, it said that it could not run with Norton anti-virus active. However, it also said I could not disable Norton in safe mode. Can I disable it before going into safe-mode and THEN go in and run combofix?

Report •

#13
February 16, 2010 at 03:58:30
Do all of the following from normal mode.

Combofix may be damaged so lets do this.

Go to start> run> type in ComboFix /Uninstall (note the space after ComboFix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Please download Malwarebytes' Anti-Malware from one of these sites:

MalwareBytes1

MalwareBytes2

Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.

1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.

Then download Combofix again and run it following the instructions in response #4 from normal mode.


Report •

#14
February 16, 2010 at 16:24:25
combofix log:

ComboFix 10-02-12.01 - Paul Schneider 02/16/2010 18:14:11.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.463 [GMT -6:00]
Running from: c:\documents and settings\Paul Schneider\Desktop\Combo-Fix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\s
c:\windows\system32\COMCTL32.OCA
c:\windows\system32\Data
c:\windows\system32\ie.ico

.
((((((((((((((((((((((((( Files Created from 2010-01-17 to 2010-02-17 )))))))))))))))))))))))))))))))
.

2010-02-16 22:31 . 2009-08-25 08:00 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100216.005\NAVEX32A.DLL
2010-02-16 22:31 . 2010-02-03 09:00 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100216.005\NAVENG.SYS
2010-02-16 22:31 . 2010-02-03 09:00 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100216.005\NAVEX15.SYS
2010-02-16 22:31 . 2009-12-09 09:00 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100216.005\CCERASER.DLL
2010-02-16 22:31 . 2009-09-22 08:00 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100216.005\ECMSVR32.DLL
2010-02-16 22:31 . 2009-08-26 08:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100216.005\EECTRL.SYS
2010-02-16 22:31 . 2009-08-26 08:00 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100216.005\ERASER.SYS
2010-02-16 22:31 . 2009-08-25 08:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100216.005\NAVENG32.DLL
2010-02-16 09:17 . 2009-08-22 06:37 165240 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2010-02-14 20:29 . 2010-02-14 20:29 61440 ----a-w- c:\documents and settings\Paul Schneider\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7116bdd5-n\decora-sse.dll
2010-02-14 20:29 . 2010-02-14 20:29 503808 ----a-w- c:\documents and settings\Paul Schneider\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-414daad7-n\msvcp71.dll
2010-02-14 20:29 . 2010-02-14 20:29 499712 ----a-w- c:\documents and settings\Paul Schneider\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-414daad7-n\jmc.dll
2010-02-14 20:29 . 2010-02-14 20:29 348160 ----a-w- c:\documents and settings\Paul Schneider\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-414daad7-n\msvcr71.dll
2010-02-14 20:29 . 2010-02-14 20:29 12800 ----a-w- c:\documents and settings\Paul Schneider\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7116bdd5-n\decora-d3d.dll
2010-02-14 17:42 . 2010-02-14 17:42 195584 ----a-w- c:\documents and settings\Paul Schneider\Application Data\Sun\Java\Deployment\cache\6.0\5\27706285-12441950-n\WMINative.dll
2010-02-14 04:58 . 2010-02-14 04:58 -------- d-----w- c:\program files\SomePDF
2010-02-14 04:12 . 2010-02-14 04:12 -------- d-----w- c:\program files\PosteRazor
2010-02-14 04:12 . 2010-02-14 04:12 -------- d-----w- c:\documents and settings\Paul Schneider\Application Data\CasaPortale.de
2010-02-14 04:01 . 2010-02-14 04:01 -------- d-----w- c:\program files\Release
2010-02-12 22:44 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100210.001\IDSvix86.sys
2010-02-12 22:44 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100210.001\IDSXpx86.sys
2010-02-12 22:44 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100210.001\Scxpx86.dll
2010-02-12 22:44 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100210.001\IDSxpx86.dll
2010-02-12 22:44 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100210.001\IDSviA64.sys
2010-02-12 04:18 . 2010-02-12 10:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-02-10 09:05 . 2009-12-31 16:50 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 09:05 . 2009-12-31 16:50 353792 ----a-w- c:\windows\system32\dllcache\srv.sys
2010-02-10 09:02 . 2009-12-14 07:08 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-02-10 09:02 . 2009-12-04 18:22 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-10 09:02 . 2009-12-04 18:22 455424 ----a-w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-10 09:02 . 2009-11-27 17:11 17920 ----a-w- c:\windows\system32\msyuv.dll
2010-02-10 09:02 . 2009-11-27 17:11 1291776 ----a-w- c:\windows\system32\quartz.dll
2010-02-10 09:02 . 2009-11-27 17:11 1291776 ----a-w- c:\windows\system32\dllcache\quartz.dll
2010-02-10 09:01 . 2009-11-27 16:07 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-10 09:01 . 2009-11-27 16:07 28672 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-10 09:01 . 2009-11-27 16:07 84992 ----a-w- c:\windows\system32\dllcache\avifil32.dll
2010-02-10 09:01 . 2009-11-27 16:07 84992 ----a-w- c:\windows\system32\avifil32.dll
2010-02-10 09:01 . 2009-11-27 16:07 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-10 09:01 . 2009-11-27 16:07 11264 ----a-w- c:\windows\system32\msrle32.dll
2010-02-10 09:00 . 2009-12-16 18:43 343040 ----a-w- c:\windows\system32\mspaint.exe
2010-02-10 09:00 . 2009-12-08 19:27 2189184 ----a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-10 09:00 . 2009-12-08 19:26 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-10 09:00 . 2009-12-08 19:26 2145280 ----a-w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-10 09:00 . 2009-12-08 18:43 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 09:00 . 2009-12-08 18:43 2023936 ----a-w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-10 09:00 . 2009-12-08 18:43 2066048 ----a-w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-05 22:31 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100204.001\IDSvix86.sys
2010-02-05 22:31 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100204.001\IDSXpx86.sys
2010-02-05 22:31 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100204.001\Scxpx86.dll
2010-02-05 22:31 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100204.001\IDSxpx86.dll
2010-02-05 22:31 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100204.001\IDSviA64.sys
2010-02-02 02:27 . 2010-02-02 02:27 -------- d-----w- c:\program files\iPod
2010-02-02 02:26 . 2010-02-02 02:27 -------- d-----w- c:\program files\iTunes
2010-02-02 02:21 . 2010-02-02 02:22 -------- d-----w- c:\program files\QuickTime
2010-02-02 02:17 . 2010-02-02 02:17 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-27 22:33 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100125.001\IDSvix86.sys
2010-01-27 22:33 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100125.001\IDSXpx86.sys
2010-01-27 22:33 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100125.001\Scxpx86.dll
2010-01-27 22:33 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100125.001\IDSxpx86.dll
2010-01-27 22:33 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100125.001\IDSviA64.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-16 23:57 . 2008-11-26 02:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-16 05:15 . 1980-01-01 05:00 477952 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-02-14 20:29 . 2005-05-12 20:35 -------- d-----w- c:\program files\Common Files\Java
2010-02-14 20:28 . 2008-11-26 05:32 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-14 19:31 . 2009-04-11 18:08 -------- d-----w- c:\documents and settings\Paul Schneider\Application Data\uTorrent
2010-02-10 09:01 . 2009-05-20 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-08 02:01 . 2009-11-12 22:52 79488 ----a-w- c:\documents and settings\Paul Schneider\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-02 02:27 . 2007-06-30 05:16 -------- d-----w- c:\program files\Common Files\Apple
2010-01-17 21:59 . 2009-09-18 05:00 105824 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-13 23:20 . 2010-01-10 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-10 01:41 . 2010-01-10 01:41 1924200 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-01-07 22:07 . 2008-11-26 02:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2008-11-26 02:37 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 04:59 . 2010-01-07 04:59 -------- d-----r- c:\program files\Norton Support
2010-01-05 10:00 . 2004-08-10 10:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-10 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-10 10:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-08 22:11 . 2005-05-18 08:43 131696 ----a-w- c:\documents and settings\Paul Schneider\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-08 01:43 . 2009-12-08 01:43 8892928 ----a-w- c:\documents and settings\All Users\Application Data\atscie.msi
2009-12-08 01:41 . 2009-12-08 01:42 34226736 ----a-w- c:\documents and settings\All Users\Application Data\Pure Networks\Setup\nmsetup.exe
2009-11-25 18:19 . 2005-06-10 15:40 131248 ----a-w- c:\documents and settings\Amy Schneider\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-21 15:51 . 2004-08-10 10:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2008-08-02 04:49 . 2008-08-02 04:49 208384 ----a-w- c:\program files\JavaRa.exe
2006-03-12 02:59 . 2006-03-12 02:59 1504256 --sha-w- c:\program files\ehthumbs.db
2005-10-22 03:21 . 2005-10-22 03:21 38743 ----a-w- c:\program files\PIEPatch2.6.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-10 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"P17Helper"="P17.dll" [2004-06-10 60928]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 131072]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-09 198160]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-5-12 156784]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2005-7-21 106560]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\WinMX\\WinMX.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\real\\realplayer\\realplay.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service

R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\NAV\1008000.029\SymEFA.sys [1/27/2010 8:49 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\SYSTEM32\DRIVERS\NAV\1008000.029\BHDrvx86.sys [1/27/2010 8:49 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\NAV\1008000.029\cchpx86.sys [1/27/2010 8:49 PM 482432]
R1 ewido security suite driver;ewido security suite driver;c:\program files\ewido\security suite\guard.sys [11/22/2004 8:15 AM 3072]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100210.001\IDSXpx86.sys [2/12/2010 4:44 PM 329592]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe [1/27/2010 8:49 PM 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/29/2009 5:19 PM 102448]
S2 gupdate1ca3196c4feaa07;Google Update Service (gupdate1ca3196c4feaa07);c:\program files\Google\Update\GoogleUpdate.exe [9/9/2009 3:44 PM 133104]
S3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms [12/5/2007 3:47 PM 20640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-02-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-09 21:44]

2010-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-09 21:44]

2010-02-16 c:\windows\Tasks\User_Feed_Synchronization-{727FC67E-3050-4A05-AE12-47CB5E46EE11}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 16:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.badgernation.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Paul Schneider\Application Data\Mozilla\Firefox\Profiles\k9xgcasg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.badgernation.com/
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -

AddRemove-ewidosecuritysuite - c:\program files\ewido\security suite\Uninstall.exe
AddRemove-SymSetupTemp.{C1C185CA-C531-49F5-A6FA-B838405A049D} - c:\program files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Setup.exe
AddRemove-WksExcelConverter - c:\documents and settings\Paul Schneider\My Documents\uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-16 18:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{FBEA8B78-1B22F121-05040000}]
"ImagePath"="\??\c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms"
.
Completion time: 2010-02-16 18:21:55
ComboFix-quarantined-files.txt 2010-02-17 00:21

Pre-Run: 80,513,167,360 bytes free
Post-Run: 80,602,488,832 bytes free

- - End Of File - - 9F21A4376B9CA5AE0922D8A44CFFE8FE


Report •

#15
February 16, 2010 at 16:42:10
Are you still being redirected?

Report •

#16
February 16, 2010 at 17:27:55
Google seems to be redirecting correctly.

Report •

#17
February 16, 2010 at 17:29:56
Quick question. Right before I was hit by all of these problems, I backed up files to an external HD. As always, I scanned all my files before copying, and all came up clean. However, that same software was not reading most of my other issues.

Is there a way I can be sure that these files are clean? I would hate to transfer any bugs back to my PC the next time I backup.


Report •

#18
February 16, 2010 at 19:37:01
Since you have not lost any data why can't you delete the backed up files and then back the system up again with the files you know are clean.

Or you could run an online scan with the external drive hooked up and see if in is clean.


Report •

#19
February 16, 2010 at 20:10:07
What I mean is what scanning system do you think is the most complete?

Report •

Ask Question