View Full Version : SBUSA adware- please help (take 2)
infisoul
2010-05-27, 22:19
I cave the right log files now: posted below.
a few notes:
1. I just realised that my friend who tried to help me a few days ago run spybot and removed unch of stuff that relate to Zango ...
i saw it in a report log of spybot here is a copy of that report (what was removed):
-- Report generated: 2010-05-24 15:40 ---
Zango: [SBI $5F3A6804] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}
Zango: [SBI $603AC650] IE toolbar (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}
Zango: [SBI $CBA111E7] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}
Zango: [SBI $F5B868BF] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}
Zango.ShoppingReport: [SBI $DD5BBE76] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}
Hotbar: [SBI $3B8145AA] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}
Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start
Nebuler.BHO: [SBI $84C71824] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\w32id
Nebuler.BHO: [SBI $1DDA04A0] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\x32ua
--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---
2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2010-05-24 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-01-28 Tools.dll (2.1.3.3)
2010-02-17 Includes\Adware.sbi (*)
2010-05-18 Includes\AdwareC.sbi (*)
2010-01-25 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2010-05-18 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-05-18 Includes\HijackersC.sbi (*)
2010-01-20 Includes\Keyloggers.sbi (*)
2010-05-18 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-05-05 Includes\Malware.sbi (*)
2010-05-19 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-05-18 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-05-18 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-03-02 Includes\Spyware.sbi (*)
2010-05-19 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-04-27 Includes\Trojans.sbi (*)
2010-05-18 Includes\TrojansC-02.sbi (*)
2010-05-18 Includes\TrojansC-03.sbi (*)
2010-05-18 Includes\TrojansC-04.sbi (*)
2010-05-19 Includes\TrojansC-05.sbi (*)
2010-05-18 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Now Spybot search doesn't return problems but Norton does:
here is the log from Norton: the same adware and cookies come up in each search and get recreated instantly (with internet and network unplugged)
Here is my Norton 360 log:
Resolved Threats:
Adware.Hotbar
Type: Anomaly
Risk: Low (Low Stealth, Low Removal, Medium Performance, Low Privacy)
Categories: Adware
Status: Restart Required
-----------
13 Registry Entries
HKEY_USERS\S-1-5-19\Software\sbusa - Restart Required
HKEY_USERS\S-1-5-21-507921405-2077806209-1801674531-500\Software\sbusa - Restart Required
HKEY_USERS\S-1-5-20\Software\sbusa - Restart Required
HKEY_USERS\.DEFAULT\Software\sbusa - Restart Required
HKEY_USERS\S-1-5-19\Software\ShoppingReport - Restart Required
HKEY_USERS\S-1-5-21-507921405-2077806209-1801674531-500\Software\ShoppingReport - Restart Required
HKEY_USERS\S-1-5-20\Software\ShoppingReport - Restart Required
HKEY_USERS\.DEFAULT\Software\ShoppingReport - Restart Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3->1601:1 - Repaired
HKEY_USERS\S-1-5-21-507921405-2077806209-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3->1601:1 - Repaired
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3->1601:1 - Repaired
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3->1601:1 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search->SearchAssistant:http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm - Repaired
Now (I hope i did it right) are the two DDS logs:
one:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 15:39:26.46 on Thu 05/27/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2532 [GMT -4:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\dellxpm09b_6087v035\wdm\stacsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Documents and Settings\Administrator\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.2.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.2.0.12\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.2.0.12\coIEPlg.dll
EB: {2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AdobeBridge]
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\spyder~1.lnk - c:\program files\datacolor\spyder3elite\utility\Spyder3Utility.exe
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.mpix.com/customer/uploading/activex/ImageUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: {F552DDE6-2090-4bf4-B924-6141E87789A5} - No File
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\vmxpwyu1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\vmxpwyu1.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\nbc direct\npDirectPlayerMozilla.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0402000.00c\symds.sys [2010-5-20 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0402000.00c\symefa.sys [2010-5-20 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20100429.001\BHDrvx86.sys [2010-4-29 537136]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0402000.00c\cchpx86.sys [2010-5-20 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0402000.00c\ironx86.sys [2010-5-20 116784]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2008-11-11 20840]
R2 N360;Norton 360;c:\program files\norton 360\engine\4.2.0.12\ccsvchst.exe [2010-5-20 126392]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2008-12-7 2749224]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2008-11-29 112128]
R3 CCIDFILTER;Broadcom Smart Card Reader Filter Driver;c:\windows\system32\drivers\ccidflt.sys [2008-11-30 12840]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2008-11-30 32808]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-11-30 244368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-27 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20100520.001\IDSXpx86.sys [2009-10-28 329592]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-5-26 115312]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20100526.039\NAVENG.SYS [2010-5-27 85552]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20100526.039\NAVEX15.SYS [2010-5-27 1347504]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2008-12-7 15656]
S2 gupdate;Google Update Service (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S2 P1C1394;Phase One 1394 Camera Driver;c:\windows\system32\drivers\p1c1394.sys --> c:\windows\system32\drivers\p1c1394.sys [?]
S3 Partizan;Partizan;c:\windows\system32\drivers\partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2009-1-31 29584]
S3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [2007-11-6 12288]
S4 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2008-11-11 808296]
=============== Created Last 30 ================
2010-05-27 19:25:59 0 d-----w- C:\SYSTEM-BACKUP
2010-05-26 17:37:31 115312 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2010-05-26 17:37:31 0 d-----w- c:\program files\KeyScrambler
2010-05-25 02:26:19 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX
2010-05-24 17:46:19 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-05-24 17:46:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-05-24 05:16:12 0 d-----w- C:\NBRT
2010-05-24 04:15:23 786432 ---ha-w- c:\documents and settings\administrator\ntuser.dat.LOG1
2010-05-24 04:15:23 0 ---ha-w- c:\documents and settings\administrator\ntuser.dat.LOG2
2010-05-24 01:48:30 0 d-----w- c:\docume~1\admini~1\applic~1\Tific
2010-05-24 01:48:23 47408 ----a-r- c:\windows\system32\drivers\SymIM.sys
2010-05-04 13:20:21 48524 ----a-w- c:\windows\Sysvxd.exe
2010-05-03 03:00:09 0 d-----w- c:\docume~1\admini~1\applic~1\FileMaker Pro Advanced
2010-05-02 01:19:37 0 d-----w- c:\docume~1\admini~1\applic~1\BitZipper
2010-05-02 01:19:34 0 d-----w- c:\program files\BitZipper
==================== Find3M ====================
2010-05-23 06:13:31 165819 ----a-w- c:\windows\system32\nvModes.dat
2010-04-06 18:38:13 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-04-06 18:38:13 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-04-06 18:38:13 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-04-06 18:38:13 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-01-31 03:17:45 182784 ----a-w- c:\program files\KB52620.exe
2009-01-31 16:01:08 2 --shatr- c:\windows\winstart.bat
2008-11-30 19:54:32 16384 --sha-w- c:\windows\system32\config\systemprofile\cookies\index.dat
2008-11-30 19:54:32 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2008-11-28 07:38:24 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008112820081129\index.dat
2008-11-30 19:54:32 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat
============= FINISH: 15:39:57.96 ===============
the other:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/28/2008 2:37:15 AM
System Uptime: 5/27/2010 12:15:42 PM (3 hours ago)
Motherboard: Dell Inc. | | 0TN284
Processor: Intel Pentium III Xeon processor | Microprocessor | 2527/266mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 44 GiB total, 8.917 GiB free.
D: is FIXED (NTFS) - 105 GiB total, 41.055 GiB free.
E: is CDROM (UDF)
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP214: 4/4/2010 11:02:27 AM - System Checkpoint
RP215: 4/5/2010 1:35:57 PM - System Checkpoint
RP216: 4/6/2010 8:29:14 PM - System Checkpoint
RP217: 4/8/2010 12:06:27 AM - System Checkpoint
RP218: 4/9/2010 10:31:37 AM - System Checkpoint
RP219: 4/10/2010 6:05:25 PM - System Checkpoint
RP220: 4/11/2010 7:59:35 PM - System Checkpoint
RP221: 4/12/2010 9:06:22 PM - System Checkpoint
RP222: 4/14/2010 8:44:30 AM - System Checkpoint
RP223: 4/15/2010 8:03:50 PM - System Checkpoint
RP224: 4/17/2010 10:39:57 PM - System Checkpoint
RP225: 4/19/2010 6:34:16 AM - System Checkpoint
RP226: 4/20/2010 6:47:06 AM - System Checkpoint
RP227: 4/21/2010 6:29:55 PM - System Checkpoint
RP228: 4/26/2010 10:10:32 AM - System Checkpoint
RP229: 4/27/2010 8:51:40 PM - System Checkpoint
RP230: 4/29/2010 7:04:36 AM - System Checkpoint
RP231: 5/1/2010 8:40:50 AM - System Checkpoint
RP232: 5/2/2010 9:58:14 AM - System Checkpoint
RP233: 5/2/2010 10:55:42 PM - Installed FileMaker Pro 10 Advanced.
RP234: 5/4/2010 7:17:26 AM - System Checkpoint
RP235: 5/5/2010 4:46:27 PM - System Checkpoint
RP236: 5/7/2010 9:32:42 AM - System Checkpoint
RP237: 5/13/2010 8:45:33 PM - System Checkpoint
RP238: 5/15/2010 6:18:07 PM - System Checkpoint
RP239: 5/17/2010 9:33:59 AM - System Checkpoint
RP240: 5/18/2010 1:21:35 PM - System Checkpoint
RP241: 5/19/2010 1:51:45 PM - System Checkpoint
RP242: 5/20/2010 3:06:41 PM - System Checkpoint
RP243: 5/22/2010 8:10:26 PM - System Checkpoint
RP244: 5/23/2010 10:37:53 PM - System Checkpoint
RP245: 5/24/2010 8:14:39 PM - Software Distribution Service 3.0
RP246: 5/25/2010 11:56:49 PM - System Checkpoint
RP247: 5/27/2010 12:07:44 PM - Restore Operation
RP248: 5/27/2010 12:11:12 PM - Restore Operation
RP249: 5/27/2010 12:14:26 PM - Restore Operation
RP250: 5/27/2010 12:16:29 PM - Restore Operation
==== Installed Programs ======================
AAC Decoder
Acrobat.com
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.3.2
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advertising Center
Apple Software Update
Ask Toolbar
AutoUpdate
BioAPI Framework
BitTorrent
BitZipper 2010
BlackBerry Desktop Software 4.3
Broadcom USH Host Components
Canon My Printer
Canon Pro9000 Printer Driver
Canon Utilities Easy-PhotoPrint Pro
Capture One 5.1
CodeStuff Starter
Comment Hut Lite 2009
Connect
Critical Update for Windows Media Player 11 (KB959772)
CuteFTP 8 Home
Dell 5530 Wireless Broadband Package
Dell Security Device Driver Pack
Dell Touchpad
Dell Wireless WLAN Card Utility
DeMoirize
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
ERUNT 1.1j
Genuine Fractals 5.0
Google Calendar Sync
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
H.264 Decoder
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB945436)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
IDM Flash 4.4.0.459
IDT Audio
Intel(R) Network Connections Drivers
iView MediaPro3
Java(TM) 6 Update 14
KeyScrambler
kuler
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MKV Splitter
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.5.9)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
NBC Direct
Neat Image v6 Demo (with plug-in)
Nero 9 Lite
Nero ControlCenter
Nero Installer
Nero Online Upgrade
Nero StartSmart
neroxml
Netflix Movie Viewer
Norton 360
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0
PDF Settings CS4
Photomatix Pro version 3.2.7Beta5
Photoshop Camera Raw
PowerDVD
QuickTime
Roxio Media Manager
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Segoe UI
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Spyder3Elite
Suite Shared Configuration CS4
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb981726)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB898461)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
Verizon Online DSL
Vertus Fluid Mask 3 3.0.10
Wacom Tablet
WebFldrs XP
Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
Windows Driver Package - Leaf Imaging Ltd. Image (02/11/2010 )
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
==== Event Viewer Messages From Past Week ========
5/26/2010 11:24:50 PM, error: Dhcp [1002] - The IP address lease 192.168.0.139 for the Network Card with network address 0022697CB62F has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/25/2010 7:02:59 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0022697CB62F. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
5/25/2010 12:21:14 PM, error: Dhcp [1002] - The IP address lease 192.168.1.47 for the Network Card with network address 0022697CB62F has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
5/24/2010 10:21:15 AM, error: SCardSvr [610] - Smart Card Reader 'Broadcom Corp Contacted SmartCard 0' rejected IOCTL GET_STATE: The device has been removed.
5/24/2010 1:33:23 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified.
5/23/2010 9:48:26 PM, error: Service Control Manager [7031] - The Norton 360 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/21/2010 10:15:47 PM, error: Dhcp [1002] - The IP address lease 192.168.1.47 for the Network Card with network address 0022697CB62F has been denied by the DHCP server 192.168.0.235 (The DHCP Server sent a DHCPNACK message).
5/20/2010 9:08:54 PM, error: Dhcp [1002] - The IP address lease 192.168.1.47 for the Network Card with network address 0022697CB62F has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
5/20/2010 7:33:20 AM, error: NetBT [4321] - The name "PIGNET :1d" could not be registered on the Interface with IP address 192.168.1.47. The machine with the IP address 192.168.1.46 did not allow the name to be claimed by this machine.
5/20/2010 6:19:15 PM, error: Service Control Manager [7000] - The rimmptsk service failed to start due to the following error: The system cannot find the file specified.
5/20/2010 6:19:15 PM, error: Service Control Manager [7000] - The Phase One 1394 Camera Driver service failed to start due to the following error: The system cannot find the file specified.
5/20/2010 6:19:15 PM, error: Service Control Manager [7000] - The Cyberlink RichVideo Service(CRVS) service failed to start due to the following error: The system cannot find the file specified.
==== End Of File ===========================
THANK YOU VERY MUCH for your help.
http://forums.spybot.info/showthread.php?t=57607
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
BitTorrent
I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
After that:
Update your Spybot to the latest version here (http://www.safer-networking.org/en/spybotsd/index.html) and run a scan with it.
Uninstall Ask Toolbar if not installed on purpose.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6 Update 20 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u20-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report & a fresh dds.txt log.
infisoul
2010-06-02, 19:26
Dear Blade, than you so much for your reply:
I have performed all advised tasks.
here are the reports and new logs, Thank you i am looking forward to the next step:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, June 2, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, June 02, 2010 09:59:40
Records in database: 4195772
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Scan statistics:
Objects scanned: 206000
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 02:28:32
File name / Threat / Threats count
C:\Program Files\KB52620.exe Infected: Trojan-Dropper.Win32.Agent.afxr 1
Selected area has been scanned.
New DDS logs:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 13:24:11.95 on Wed 06/02/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2535 [GMT -4:00]
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\dellxpm09b_6087v035\wdm\stacsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.2.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.2.0.12\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.2.0.12\coIEPlg.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: {2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AdobeBridge]
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\spyder~1.lnk - c:\program files\datacolor\spyder3elite\utility\Spyder3Utility.exe
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.mpix.com/customer/uploading/activex/ImageUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: {F552DDE6-2090-4bf4-B924-6141E87789A5} - No File
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\6y8opein.default\
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\6y8opein.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0402000.00c\symds.sys [2010-5-20 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0402000.00c\symefa.sys [2010-5-20 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20100429.001\BHDrvx86.sys [2010-4-29 537136]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0402000.00c\cchpx86.sys [2010-5-20 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0402000.00c\ironx86.sys [2010-5-20 116784]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2008-11-11 20840]
R2 N360;Norton 360;c:\program files\norton 360\engine\4.2.0.12\ccsvchst.exe [2010-5-20 126392]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2008-12-7 2749224]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2008-11-29 112128]
R3 CCIDFILTER;Broadcom Smart Card Reader Filter Driver;c:\windows\system32\drivers\ccidflt.sys [2008-11-30 12840]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2008-11-30 32808]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-11-30 244368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-27 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20100520.001\IDSXpx86.sys [2009-10-28 329592]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-5-26 115312]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20100601.023\NAVENG.SYS [2010-6-1 85552]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20100601.023\NAVEX15.SYS [2010-6-1 1347504]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2008-12-7 15656]
S2 gupdate;Google Update Service (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S2 P1C1394;Phase One 1394 Camera Driver;c:\windows\system32\drivers\p1c1394.sys --> c:\windows\system32\drivers\p1c1394.sys [?]
S3 Partizan;Partizan;c:\windows\system32\drivers\partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2009-1-31 29584]
S3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [2007-11-6 12288]
S4 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2008-11-11 808296]
=============== Created Last 30 ================
2010-06-02 00:36:29 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-06-02 00:36:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-27 19:25:59 0 d-----w- C:\SYSTEM-BACKUP
2010-05-26 17:37:31 115312 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2010-05-26 17:37:31 0 d-----w- c:\program files\KeyScrambler
2010-05-25 02:26:19 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX
2010-05-24 17:46:19 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-05-24 17:46:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-05-24 05:16:12 0 d-----w- C:\NBRT
2010-05-24 04:15:23 786432 ---ha-w- c:\documents and settings\administrator\ntuser.dat.LOG1
2010-05-24 04:15:23 0 ---ha-w- c:\documents and settings\administrator\ntuser.dat.LOG2
2010-05-24 01:48:30 0 d-----w- c:\docume~1\admini~1\applic~1\Tific
2010-05-24 01:48:23 47408 ----a-r- c:\windows\system32\drivers\SymIM.sys
2010-05-04 13:20:21 48524 ----a-w- c:\windows\Sysvxd.exe
==================== Find3M ====================
2010-06-01 02:02:13 165819 ----a-w- c:\windows\system32\nvModes.dat
2010-04-06 18:38:13 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-04-06 18:38:13 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-04-06 18:38:13 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-04-06 18:38:13 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-01-31 03:17:45 182784 ----a-w- c:\program files\KB52620.exe
2009-01-31 16:01:08 2 --shatr- c:\windows\winstart.bat
2008-11-30 19:54:32 16384 --sha-w- c:\windows\system32\config\systemprofile\cookies\index.dat
2008-11-30 19:54:32 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2008-11-28 07:38:24 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008112820081129\index.dat
2008-11-30 19:54:32 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat
============= FINISH: 13:24:29.42 ===============
log 2:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/28/2008 2:37:15 AM
System Uptime: 6/2/2010 7:11:15 AM (6 hours ago)
Motherboard: Dell Inc. | | 0TN284
Processor: Intel Pentium III Xeon processor | Microprocessor | 2527/266mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 44 GiB total, 9.503 GiB free.
D: is FIXED (NTFS) - 105 GiB total, 40.995 GiB free.
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP214: 4/4/2010 11:02:27 AM - System Checkpoint
RP215: 4/5/2010 1:35:57 PM - System Checkpoint
RP216: 4/6/2010 8:29:14 PM - System Checkpoint
RP217: 4/8/2010 12:06:27 AM - System Checkpoint
RP218: 4/9/2010 10:31:37 AM - System Checkpoint
RP219: 4/10/2010 6:05:25 PM - System Checkpoint
RP220: 4/11/2010 7:59:35 PM - System Checkpoint
RP221: 4/12/2010 9:06:22 PM - System Checkpoint
RP222: 4/14/2010 8:44:30 AM - System Checkpoint
RP223: 4/15/2010 8:03:50 PM - System Checkpoint
RP224: 4/17/2010 10:39:57 PM - System Checkpoint
RP225: 4/19/2010 6:34:16 AM - System Checkpoint
RP226: 4/20/2010 6:47:06 AM - System Checkpoint
RP227: 4/21/2010 6:29:55 PM - System Checkpoint
RP228: 4/26/2010 10:10:32 AM - System Checkpoint
RP229: 4/27/2010 8:51:40 PM - System Checkpoint
RP230: 4/29/2010 7:04:36 AM - System Checkpoint
RP231: 5/1/2010 8:40:50 AM - System Checkpoint
RP232: 5/2/2010 9:58:14 AM - System Checkpoint
RP233: 5/2/2010 10:55:42 PM - Installed FileMaker Pro 10 Advanced.
RP234: 5/4/2010 7:17:26 AM - System Checkpoint
RP235: 5/5/2010 4:46:27 PM - System Checkpoint
RP236: 5/7/2010 9:32:42 AM - System Checkpoint
RP237: 5/13/2010 8:45:33 PM - System Checkpoint
RP238: 5/15/2010 6:18:07 PM - System Checkpoint
RP239: 5/17/2010 9:33:59 AM - System Checkpoint
RP240: 5/18/2010 1:21:35 PM - System Checkpoint
RP241: 5/19/2010 1:51:45 PM - System Checkpoint
RP242: 5/20/2010 3:06:41 PM - System Checkpoint
RP243: 5/22/2010 8:10:26 PM - System Checkpoint
RP244: 5/23/2010 10:37:53 PM - System Checkpoint
RP245: 5/24/2010 8:14:39 PM - Software Distribution Service 3.0
RP246: 5/25/2010 11:56:49 PM - System Checkpoint
RP247: 5/27/2010 12:07:44 PM - Restore Operation
RP248: 5/27/2010 12:11:12 PM - Restore Operation
RP249: 5/27/2010 12:14:26 PM - Restore Operation
RP250: 5/27/2010 12:16:29 PM - Restore Operation
RP251: 5/28/2010 8:50:14 PM - System Checkpoint
RP252: 5/31/2010 5:33:16 PM - System Checkpoint
RP253: 6/1/2010 3:46:16 PM - Software Distribution Service 3.0
RP254: 6/1/2010 8:21:20 PM - Removed Roxio Media Manager
RP255: 6/1/2010 8:26:13 PM - Removed Java(TM) 6 Update 14
RP256: 6/1/2010 8:28:24 PM - Removed Nero Toolbar.
RP257: 6/1/2010 8:36:08 PM - Installed Java(TM) 6 Update 20
==== Installed Programs ======================
AAC Decoder
Acrobat.com
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.3.2
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advertising Center
Apple Software Update
AutoUpdate
BioAPI Framework
Broadcom USH Host Components
Canon My Printer
Canon Pro9000 Printer Driver
Capture One 5.1
CodeStuff Starter
Comment Hut Lite 2009
Connect
Critical Update for Windows Media Player 11 (KB959772)
CuteFTP 8 Home
Dell 5530 Wireless Broadband Package
Dell Security Device Driver Pack
Dell Touchpad
Dell Wireless WLAN Card Utility
DeMoirize
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
ERUNT 1.1j
Genuine Fractals 5.0
Google Calendar Sync
Google Earth Plug-in
Google Update Helper
H.264 Decoder
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB945436)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IDT Audio
Intel(R) Network Connections Drivers
iView MediaPro3
Java Auto Updater
Java(TM) 6 Update 20
KeyScrambler
kuler
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MKV Splitter
Mozilla Firefox (3.6.3)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
Neat Image v6 Demo (with plug-in)
Nero 9 Lite
Nero ControlCenter
Nero Installer
Nero Online Upgrade
Nero StartSmart
neroxml
Netflix Movie Viewer
Norton 360
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0
PDF Settings CS4
Photoshop Camera Raw
PowerDVD
QuickTime
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Segoe UI
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Spyder3Elite
Suite Shared Configuration CS4
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb981726)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB898461)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
Verizon Online DSL
Vertus Fluid Mask 3 3.0.10
Wacom Tablet
WebFldrs XP
Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
Windows Driver Package - Leaf Imaging Ltd. Image (02/11/2010 )
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
==== Event Viewer Messages From Past Week ========
5/27/2010 11:40:31 PM, error: SCardSvr [610] - Smart Card Reader 'Broadcom Corp Contacted SmartCard 0' rejected IOCTL GET_STATE: The device has been removed.
5/26/2010 11:24:50 PM, error: Dhcp [1002] - The IP address lease 192.168.0.139 for the Network Card with network address 0022697CB62F has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/26/2010 10:06:53 PM, error: Dhcp [1002] - The IP address lease 192.168.1.47 for the Network Card with network address 0022697CB62F has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
5/26/2010 1:42:15 PM, error: Service Control Manager [7000] - The rimmptsk service failed to start due to the following error: The system cannot find the file specified.
5/26/2010 1:42:15 PM, error: Service Control Manager [7000] - The Phase One 1394 Camera Driver service failed to start due to the following error: The system cannot find the file specified.
5/26/2010 1:42:15 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified.
5/26/2010 1:42:15 PM, error: Service Control Manager [7000] - The Cyberlink RichVideo Service(CRVS) service failed to start due to the following error: The system cannot find the file specified.
==== End Of File ===========================
Hi again,
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
infisoul
2010-06-02, 22:22
Thanks again Blade,
I ran ComboFix (with a little mess up-well i ran it twise, excidently (i think the second run overrode the first txt file) i hope that running it twise didn't mess things up
Below are the ComboFix and DDS logs:
Thank you.
ComboFix:
ComboFix 10-06-01.05 - Administrator 06/02/2010 15:16:30.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2957 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((( Files Created from 2010-05-02 to 2010-06-02 )))))))))))))))))))))))))))))))
.
2010-06-02 00:36 . 2010-06-02 00:36 -------- d-----w- c:\program files\Common Files\Java
2010-06-02 00:36 . 2010-06-02 00:36 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-319db195-n\msvcp71.dll
2010-06-02 00:36 . 2010-06-02 00:36 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-319db195-n\jmc.dll
2010-06-02 00:36 . 2010-06-02 00:36 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-319db195-n\msvcr71.dll
2010-06-02 00:36 . 2010-06-02 00:36 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-28c2e3c4-n\decora-sse.dll
2010-06-02 00:36 . 2010-06-02 00:36 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-28c2e3c4-n\decora-d3d.dll
2010-06-02 00:36 . 2010-06-02 00:36 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-02 00:36 . 2010-06-02 00:36 -------- d-----w- c:\program files\Java
2010-06-01 13:55 . 2009-10-05 16:34 796400 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6y8opein.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
2010-05-29 21:35 . 2010-05-29 21:35 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-27 19:25 . 2010-05-27 19:26 -------- d-----w- C:\SYSTEM-BACKUP
2010-05-27 19:24 . 2010-05-27 19:25 -------- d-----w- c:\program files\ERUNT
2010-05-26 17:37 . 2010-05-26 17:37 -------- d-----w- c:\program files\KeyScrambler
2010-05-26 17:37 . 2009-10-04 21:33 115312 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2010-05-25 02:26 . 2010-05-25 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-05-24 17:46 . 2010-05-27 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-24 17:46 . 2010-05-26 14:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-24 06:37 . 2010-05-24 06:37 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-12e76f21-n\msvcp71.dll
2010-05-24 06:37 . 2010-05-24 06:37 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-12e76f21-n\jmc.dll
2010-05-24 06:37 . 2010-05-24 06:37 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-12e76f21-n\msvcr71.dll
2010-05-24 05:16 . 2010-05-24 05:16 -------- d-----w- C:\NBRT
2010-05-24 01:48 . 2010-05-24 01:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\Tific
2010-05-24 01:48 . 2010-05-06 04:01 47408 ----a-r- c:\windows\system32\drivers\SymIM.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-02 19:13 . 2008-12-08 02:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\WTablet
2010-06-02 19:13 . 2008-12-08 13:38 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-06-02 00:36 . 2008-11-28 09:17 78328 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-02 00:28 . 2009-02-19 11:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\NBC Direct
2010-06-02 00:28 . 2009-02-19 11:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NBC Direct
2010-06-02 00:28 . 2009-02-19 11:04 -------- d---a-w- c:\program files\NBC Direct
2010-06-02 00:25 . 2008-11-28 19:33 -------- d-----w- c:\program files\Google
2010-06-02 00:24 . 2009-02-19 17:50 -------- d-----w- c:\program files\Canon
2010-06-02 00:22 . 2009-02-28 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2010-06-02 00:22 . 2009-02-28 03:07 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-06-01 18:25 . 2010-05-02 01:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\BitZipper
2010-06-01 02:02 . 2008-11-28 09:17 165819 ----a-w- c:\windows\system32\nvModes.dat
2010-05-27 16:06 . 2010-05-27 16:08 171204 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2010-05-25 00:18 . 2008-11-29 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-03 03:00 . 2010-05-03 03:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\FileMaker Pro Advanced
2010-05-03 02:03 . 2009-06-25 18:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Roxio
2010-04-28 02:03 . 2008-11-30 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Phase One
2010-04-06 18:53 . 2008-11-28 19:22 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-06 18:38 . 2010-04-06 18:38 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-04-06 18:38 . 2010-04-06 18:38 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-04-06 18:38 . 2010-04-06 18:38 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-04-06 18:38 . 2010-04-06 18:38 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-04-06 18:38 . 2010-04-06 18:38 -------- d-----w- c:\program files\Symantec
2010-04-06 18:37 . 2010-04-06 18:37 -------- d-----w- c:\program files\Norton 360
2010-04-06 18:37 . 2010-04-06 18:37 -------- d-----w- c:\program files\Windows Sidebar
2010-04-06 18:37 . 2009-04-06 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-04-06 18:36 . 2009-04-06 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-04-06 18:35 . 2010-04-06 18:35 -------- d-----w- c:\program files\NortonInstaller
2010-03-23 15:49 . 2010-03-23 15:49 667648 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv306hw-1002180-0-main.dll
2010-03-16 02:51 . 2010-03-16 02:51 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-10 06:15 . 2008-10-15 20:24 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-01-31 03:17 . 2009-01-31 03:17 182784 ----a-w- c:\program files\KB52620.exe
2009-01-31 16:01 . 2009-01-31 16:01 2 --shatr- c:\windows\winstart.bat
.
------- Sigcheck -------
[-] 2008-10-15 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-10-15 20:18 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-10-15 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-11-28 . BD8ED8B09892604EEF90DB0D02FD33D1 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-06-02_19.02.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-02 19:14 . 2010-06-02 19:14 16384 c:\windows\Temp\Perflib_Perfdata_270.dat
+ 2010-06-02 19:13 . 2010-06-02 19:13 16384 c:\windows\Temp\Perflib_Perfdata_250.dat
+ 2004-08-04 06:00 . 2010-06-02 19:18 68558 c:\windows\system32\perfc009.dat
- 2004-08-04 06:00 . 2010-06-02 11:16 68558 c:\windows\system32\perfc009.dat
+ 2004-08-04 06:00 . 2010-06-02 19:18 435828 c:\windows\system32\perfh009.dat
- 2004-08-04 06:00 . 2010-06-02 11:16 435828 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-10-02 200704]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-24 2220032]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-01 13537280]
"nwiz"="nwiz.exe" [2008-08-01 1630208]
"NVHotkey"="nvHotkey.dll" [2008-08-01 90112]
"NvMediaCenter"="NvMCTray.dll" [2008-08-01 86016]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-09-25 446563]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-11-13 611712]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-17 1197648]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288]
Spyder3Utility.lnk - c:\program files\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe [2009-9-1 6407854]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\iView MediaPro3\\IVIEW_MP.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0402000.00C\symds.sys [5/20/2010 9:51 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0402000.00C\symefa.sys [5/20/2010 9:51 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100429.001\BHDrvx86.sys [4/29/2010 1:44 PM 537136]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0402000.00C\cchpx86.sys [5/20/2010 9:51 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0402000.00C\ironx86.sys [5/20/2010 9:51 PM 116784]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [11/11/2008 5:35 PM 20840]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.2.0.12\ccsvchst.exe [5/20/2010 9:51 PM 126392]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [12/7/2008 10:59 PM 2749224]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [11/29/2008 12:16 PM 112128]
R3 CCIDFILTER;Broadcom Smart Card Reader Filter Driver;c:\windows\system32\drivers\ccidflt.sys [11/30/2008 7:19 PM 12840]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [11/30/2008 7:19 PM 32808]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [11/30/2008 6:42 PM 244368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/27/2010 7:49 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100520.001\IDSXpx86.sys [10/28/2009 6:37 PM 329592]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [5/26/2010 1:37 PM 115312]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [12/7/2008 10:59 PM 15656]
S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S2 P1C1394;Phase One 1394 Camera Driver;c:\windows\system32\Drivers\p1c1394.sys --> c:\windows\system32\Drivers\p1c1394.sys [?]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [1/31/2009 12:01 PM 29584]
S3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [11/6/2007 1:08 PM 12288]
S4 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [11/11/2008 5:35 PM 808296]
.
Contents of the 'Scheduled Tasks' folder
2010-05-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2010-06-01 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Administrator.job
- c:\program files\Norton 360\Engine\4.2.0.12\navw32.exe [2010-05-21 05:34]
2010-06-02 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
2010-06-02 c:\windows\Tasks\User_Feed_Synchronization-{60E20E02-491E-45FD-AB38-29EF516917F4}.job
- c:\windows\system32\msfeedssync.exe [2008-10-15 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6y8opein.default\
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6y8opein.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-02 15:21
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.2.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-507921405-2077806209-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,51,ea,17,73,66,65,cf,41,a5,3c,62,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,51,ea,17,73,66,65,cf,41,a5,3c,62,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1108)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-06-02 15:23:02
ComboFix-quarantined-files.txt 2010-06-02 19:23
ComboFix2.txt 2010-06-02 19:04
Pre-Run: 10,321,690,624 bytes free
Post-Run: 10,286,309,376 bytes free
- - End Of File - - 7A691817C4068C52999657BF394E3152
DDS logs:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 16:09:19.95 on Wed 06/02/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2924 [GMT -4:00]
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\dellxpm09b_6087v035\wdm\stacsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.2.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.2.0.12\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.2.0.12\coIEPlg.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\spyder~1.lnk - c:\program files\datacolor\spyder3elite\utility\Spyder3Utility.exe
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.mpix.com/customer/uploading/activex/ImageUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\6y8opein.default\
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\6y8opein.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0402000.00c\symds.sys [2010-5-20 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0402000.00c\symefa.sys [2010-5-20 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20100429.001\BHDrvx86.sys [2010-4-29 537136]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0402000.00c\cchpx86.sys [2010-5-20 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0402000.00c\ironx86.sys [2010-5-20 116784]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2008-11-11 20840]
R2 N360;Norton 360;c:\program files\norton 360\engine\4.2.0.12\ccsvchst.exe [2010-5-20 126392]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2008-12-7 2749224]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2008-11-29 112128]
R3 CCIDFILTER;Broadcom Smart Card Reader Filter Driver;c:\windows\system32\drivers\ccidflt.sys [2008-11-30 12840]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2008-11-30 32808]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-11-30 244368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-27 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20100520.001\IDSXpx86.sys [2009-10-28 329592]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-5-26 115312]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20100601.023\NAVENG.SYS [2010-6-1 85552]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20100601.023\NAVEX15.SYS [2010-6-1 1347504]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2008-12-7 15656]
S2 gupdate;Google Update Service (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S2 P1C1394;Phase One 1394 Camera Driver;c:\windows\system32\drivers\p1c1394.sys --> c:\windows\system32\drivers\p1c1394.sys [?]
S3 Partizan;Partizan;c:\windows\system32\drivers\partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2009-1-31 29584]
S3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [2007-11-6 12288]
S4 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2008-11-11 808296]
=============== Created Last 30 ================
2010-06-02 18:59:11 0 d-sha-r- C:\cmdcons
2010-06-02 18:55:07 98816 ----a-w- c:\windows\sed.exe
2010-06-02 18:55:07 77312 ----a-w- c:\windows\MBR.exe
2010-06-02 18:55:07 256512 ----a-w- c:\windows\PEV.exe
2010-06-02 18:55:07 161792 ----a-w- c:\windows\SWREG.exe
2010-06-02 00:36:29 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-06-02 00:36:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-27 19:25:59 0 d-----w- C:\SYSTEM-BACKUP
2010-05-26 17:37:31 115312 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2010-05-26 17:37:31 0 d-----w- c:\program files\KeyScrambler
2010-05-25 02:26:19 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX
2010-05-24 17:46:19 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-05-24 17:46:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-05-24 05:16:12 0 d-----w- C:\NBRT
2010-05-24 04:15:23 786432 ---ha-w- c:\documents and settings\administrator\ntuser.dat.LOG1
2010-05-24 04:15:23 0 ---ha-w- c:\documents and settings\administrator\ntuser.dat.LOG2
2010-05-24 01:48:30 0 d-----w- c:\docume~1\admini~1\applic~1\Tific
2010-05-24 01:48:23 47408 ----a-r- c:\windows\system32\drivers\SymIM.sys
==================== Find3M ====================
2010-06-01 02:02:13 165819 ----a-w- c:\windows\system32\nvModes.dat
2010-04-06 18:38:13 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-04-06 18:38:13 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-04-06 18:38:13 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-04-06 18:38:13 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-01-31 03:17:45 182784 ----a-w- c:\program files\KB52620.exe
2009-01-31 16:01:08 2 --shatr- c:\windows\winstart.bat
2008-11-30 19:54:32 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2008-11-28 07:38:24 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008112820081129\index.dat
2008-11-30 19:54:32 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat
============= FINISH: 16:09:37.03 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/28/2008 2:37:15 AM
System Uptime: 6/2/2010 3:12:47 PM (1 hours ago)
Motherboard: Dell Inc. | | 0TN284
Processor: Intel Pentium III Xeon processor | Microprocessor | 2527/266mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 44 GiB total, 9.557 GiB free.
D: is FIXED (NTFS) - 105 GiB total, 40.995 GiB free.
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP214: 4/4/2010 11:02:27 AM - System Checkpoint
RP215: 4/5/2010 1:35:57 PM - System Checkpoint
RP216: 4/6/2010 8:29:14 PM - System Checkpoint
RP217: 4/8/2010 12:06:27 AM - System Checkpoint
RP218: 4/9/2010 10:31:37 AM - System Checkpoint
RP219: 4/10/2010 6:05:25 PM - System Checkpoint
RP220: 4/11/2010 7:59:35 PM - System Checkpoint
RP221: 4/12/2010 9:06:22 PM - System Checkpoint
RP222: 4/14/2010 8:44:30 AM - System Checkpoint
RP223: 4/15/2010 8:03:50 PM - System Checkpoint
RP224: 4/17/2010 10:39:57 PM - System Checkpoint
RP225: 4/19/2010 6:34:16 AM - System Checkpoint
RP226: 4/20/2010 6:47:06 AM - System Checkpoint
RP227: 4/21/2010 6:29:55 PM - System Checkpoint
RP228: 4/26/2010 10:10:32 AM - System Checkpoint
RP229: 4/27/2010 8:51:40 PM - System Checkpoint
RP230: 4/29/2010 7:04:36 AM - System Checkpoint
RP231: 5/1/2010 8:40:50 AM - System Checkpoint
RP232: 5/2/2010 9:58:14 AM - System Checkpoint
RP233: 5/2/2010 10:55:42 PM - Installed FileMaker Pro 10 Advanced.
RP234: 5/4/2010 7:17:26 AM - System Checkpoint
RP235: 5/5/2010 4:46:27 PM - System Checkpoint
RP236: 5/7/2010 9:32:42 AM - System Checkpoint
RP237: 5/13/2010 8:45:33 PM - System Checkpoint
RP238: 5/15/2010 6:18:07 PM - System Checkpoint
RP239: 5/17/2010 9:33:59 AM - System Checkpoint
RP240: 5/18/2010 1:21:35 PM - System Checkpoint
RP241: 5/19/2010 1:51:45 PM - System Checkpoint
RP242: 5/20/2010 3:06:41 PM - System Checkpoint
RP243: 5/22/2010 8:10:26 PM - System Checkpoint
RP244: 5/23/2010 10:37:53 PM - System Checkpoint
RP245: 5/24/2010 8:14:39 PM - Software Distribution Service 3.0
RP246: 5/25/2010 11:56:49 PM - System Checkpoint
RP247: 5/27/2010 12:07:44 PM - Restore Operation
RP248: 5/27/2010 12:11:12 PM - Restore Operation
RP249: 5/27/2010 12:14:26 PM - Restore Operation
RP250: 5/27/2010 12:16:29 PM - Restore Operation
RP251: 5/28/2010 8:50:14 PM - System Checkpoint
RP252: 5/31/2010 5:33:16 PM - System Checkpoint
RP253: 6/1/2010 3:46:16 PM - Software Distribution Service 3.0
RP254: 6/1/2010 8:21:20 PM - Removed Roxio Media Manager
RP255: 6/1/2010 8:26:13 PM - Removed Java(TM) 6 Update 14
RP256: 6/1/2010 8:28:24 PM - Removed Nero Toolbar.
RP257: 6/1/2010 8:36:08 PM - Installed Java(TM) 6 Update 20
==== Installed Programs ======================
AAC Decoder
Acrobat.com
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.3.2
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advertising Center
Apple Software Update
AutoUpdate
BioAPI Framework
Broadcom USH Host Components
Canon My Printer
Canon Pro9000 Printer Driver
Capture One 5.1
CodeStuff Starter
Comment Hut Lite 2009
Connect
Critical Update for Windows Media Player 11 (KB959772)
CuteFTP 8 Home
Dell 5530 Wireless Broadband Package
Dell Security Device Driver Pack
Dell Touchpad
Dell Wireless WLAN Card Utility
DeMoirize
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
ERUNT 1.1j
Genuine Fractals 5.0
Google Calendar Sync
Google Earth Plug-in
Google Update Helper
H.264 Decoder
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB945436)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IDT Audio
Intel(R) Network Connections Drivers
iView MediaPro3
Java Auto Updater
Java(TM) 6 Update 20
KeyScrambler
kuler
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MKV Splitter
Mozilla Firefox (3.6.3)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
Neat Image v6 Demo (with plug-in)
Nero 9 Lite
Nero ControlCenter
Nero Installer
Nero Online Upgrade
Nero StartSmart
neroxml
Netflix Movie Viewer
Norton 360
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0
PDF Settings CS4
Photoshop Camera Raw
PowerDVD
QuickTime
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Segoe UI
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Spyder3Elite
Suite Shared Configuration CS4
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb981726)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB898461)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
Verizon Online DSL
Vertus Fluid Mask 3 3.0.10
Wacom Tablet
WebFldrs XP
Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
Windows Driver Package - Leaf Imaging Ltd. Image (02/11/2010 )
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
==== Event Viewer Messages From Past Week ========
6/2/2010 2:59:59 PM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 11:40:31 PM, error: SCardSvr [610] - Smart Card Reader 'Broadcom Corp Contacted SmartCard 0' rejected IOCTL GET_STATE: The device has been removed.
5/26/2010 4:39:05 PM, error: Service Control Manager [7000] - The rimmptsk service failed to start due to the following error: The system cannot find the file specified.
5/26/2010 4:39:05 PM, error: Service Control Manager [7000] - The Phase One 1394 Camera Driver service failed to start due to the following error: The system cannot find the file specified.
5/26/2010 4:39:05 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified.
5/26/2010 4:39:05 PM, error: Service Control Manager [7000] - The Cyberlink RichVideo Service(CRVS) service failed to start due to the following error: The system cannot find the file specified.
5/26/2010 11:24:50 PM, error: Dhcp [1002] - The IP address lease 192.168.0.139 for the Network Card with network address 0022697CB62F has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/26/2010 10:06:53 PM, error: Dhcp [1002] - The IP address lease 192.168.1.47 for the Network Card with network address 0022697CB62F has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
==== End Of File ===========================
Hi,
Please look for ComboFix2.txt file on c: drive and post back its contents.
infisoul
2010-06-03, 08:36
here it is:
ComboFix 10-06-01.05 - Administrator 06/02/2010 15:00:05.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2806 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\prsgrc.dll
c:\windows\system32\st326087.dll
c:\windows\Sysvxd.exe
.
((((((((((((((((((((((((( Files Created from 2010-05-02 to 2010-06-02 )))))))))))))))))))))))))))))))
.
2010-06-02 00:36 . 2010-06-02 00:36 -------- d-----w- c:\program files\Common Files\Java
2010-06-02 00:36 . 2010-06-02 00:36 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-319db195-n\msvcp71.dll
2010-06-02 00:36 . 2010-06-02 00:36 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-319db195-n\jmc.dll
2010-06-02 00:36 . 2010-06-02 00:36 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-319db195-n\msvcr71.dll
2010-06-02 00:36 . 2010-06-02 00:36 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-28c2e3c4-n\decora-sse.dll
2010-06-02 00:36 . 2010-06-02 00:36 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-28c2e3c4-n\decora-d3d.dll
2010-06-02 00:36 . 2010-06-02 00:36 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-02 00:36 . 2010-06-02 00:36 -------- d-----w- c:\program files\Java
2010-06-01 13:55 . 2009-10-05 16:34 796400 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6y8opein.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
2010-05-29 21:35 . 2010-05-29 21:35 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-27 19:25 . 2010-05-27 19:26 -------- d-----w- C:\SYSTEM-BACKUP
2010-05-27 19:24 . 2010-05-27 19:25 -------- d-----w- c:\program files\ERUNT
2010-05-26 17:37 . 2010-05-26 17:37 -------- d-----w- c:\program files\KeyScrambler
2010-05-26 17:37 . 2009-10-04 21:33 115312 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2010-05-25 02:26 . 2010-05-25 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-05-24 17:46 . 2010-05-27 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-24 17:46 . 2010-05-26 14:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-24 06:37 . 2010-05-24 06:37 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-12e76f21-n\msvcp71.dll
2010-05-24 06:37 . 2010-05-24 06:37 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-12e76f21-n\jmc.dll
2010-05-24 06:37 . 2010-05-24 06:37 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-12e76f21-n\msvcr71.dll
2010-05-24 05:16 . 2010-05-24 05:16 -------- d-----w- C:\NBRT
2010-05-24 01:48 . 2010-05-24 01:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\Tific
2010-05-24 01:48 . 2010-05-06 04:01 47408 ----a-r- c:\windows\system32\drivers\SymIM.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-02 11:12 . 2008-12-08 02:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\WTablet
2010-06-02 11:11 . 2008-12-08 13:38 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-06-02 00:36 . 2008-11-28 09:17 78328 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-02 00:28 . 2009-02-19 11:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\NBC Direct
2010-06-02 00:28 . 2009-02-19 11:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NBC Direct
2010-06-02 00:28 . 2009-02-19 11:04 -------- d---a-w- c:\program files\NBC Direct
2010-06-02 00:25 . 2008-11-28 19:33 -------- d-----w- c:\program files\Google
2010-06-02 00:24 . 2009-02-19 17:50 -------- d-----w- c:\program files\Canon
2010-06-02 00:22 . 2009-02-28 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2010-06-02 00:22 . 2009-02-28 03:07 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-06-01 18:25 . 2010-05-02 01:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\BitZipper
2010-06-01 02:02 . 2008-11-28 09:17 165819 ----a-w- c:\windows\system32\nvModes.dat
2010-05-27 16:06 . 2010-05-27 16:08 171204 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2010-05-25 00:18 . 2008-11-29 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-03 03:00 . 2010-05-03 03:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\FileMaker Pro Advanced
2010-05-03 02:03 . 2009-06-25 18:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Roxio
2010-04-28 02:03 . 2008-11-30 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Phase One
2010-04-06 18:53 . 2008-11-28 19:22 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-06 18:38 . 2010-04-06 18:38 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-04-06 18:38 . 2010-04-06 18:38 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-04-06 18:38 . 2010-04-06 18:38 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-04-06 18:38 . 2010-04-06 18:38 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-04-06 18:38 . 2010-04-06 18:38 -------- d-----w- c:\program files\Symantec
2010-04-06 18:37 . 2010-04-06 18:37 -------- d-----w- c:\program files\Norton 360
2010-04-06 18:37 . 2010-04-06 18:37 -------- d-----w- c:\program files\Windows Sidebar
2010-04-06 18:37 . 2009-04-06 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-04-06 18:36 . 2009-04-06 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-04-06 18:35 . 2010-04-06 18:35 -------- d-----w- c:\program files\NortonInstaller
2010-03-23 15:49 . 2010-03-23 15:49 667648 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv306hw-1002180-0-main.dll
2010-03-16 02:51 . 2010-03-16 02:51 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-10 06:15 . 2008-10-15 20:24 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-01-31 03:17 . 2009-01-31 03:17 182784 ----a-w- c:\program files\KB52620.exe
2009-01-31 16:01 . 2009-01-31 16:01 2 --shatr- c:\windows\winstart.bat
.
------- Sigcheck -------
[-] 2008-10-15 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-10-15 20:18 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-10-15 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-11-28 . BD8ED8B09892604EEF90DB0D02FD33D1 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-10-02 200704]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-24 2220032]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-01 13537280]
"nwiz"="nwiz.exe" [2008-08-01 1630208]
"NVHotkey"="nvHotkey.dll" [2008-08-01 90112]
"NvMediaCenter"="NvMCTray.dll" [2008-08-01 86016]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-09-25 446563]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-11-13 611712]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-17 1197648]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288]
Spyder3Utility.lnk - c:\program files\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe [2009-9-1 6407854]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\iView MediaPro3\\IVIEW_MP.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0402000.00C\symds.sys [5/20/2010 9:51 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0402000.00C\symefa.sys [5/20/2010 9:51 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100429.001\BHDrvx86.sys [4/29/2010 1:44 PM 537136]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0402000.00C\cchpx86.sys [5/20/2010 9:51 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0402000.00C\ironx86.sys [5/20/2010 9:51 PM 116784]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [11/11/2008 5:35 PM 20840]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.2.0.12\ccsvchst.exe [5/20/2010 9:51 PM 126392]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [12/7/2008 10:59 PM 2749224]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [11/29/2008 12:16 PM 112128]
R3 CCIDFILTER;Broadcom Smart Card Reader Filter Driver;c:\windows\system32\drivers\ccidflt.sys [11/30/2008 7:19 PM 12840]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [11/30/2008 7:19 PM 32808]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [11/30/2008 6:42 PM 244368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/27/2010 7:49 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100520.001\IDSXpx86.sys [10/28/2009 6:37 PM 329592]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [5/26/2010 1:37 PM 115312]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [12/7/2008 10:59 PM 15656]
S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S2 P1C1394;Phase One 1394 Camera Driver;c:\windows\system32\Drivers\p1c1394.sys --> c:\windows\system32\Drivers\p1c1394.sys [?]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [1/31/2009 12:01 PM 29584]
S3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [11/6/2007 1:08 PM 12288]
S4 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [11/11/2008 5:35 PM 808296]
.
Contents of the 'Scheduled Tasks' folder
2010-05-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2010-06-01 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Administrator.job
- c:\program files\Norton 360\Engine\4.2.0.12\navw32.exe [2010-05-21 05:34]
2010-06-02 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
2010-06-02 c:\windows\Tasks\User_Feed_Synchronization-{60E20E02-491E-45FD-AB38-29EF516917F4}.job
- c:\windows\system32\msfeedssync.exe [2008-10-15 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6y8opein.default\
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6y8opein.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-AdobeBridge - (no file)
ShellExecuteHooks-{F552DDE6-2090-4bf4-B924-6141E87789A5} - (no file)
AddRemove-{F46BF5EA-0B4E-4A41-8C4B-3B127346E30F} - c:\documents and settings\Administrator\Local Settings\Application Data\{18FA3A4F-75BB-4F0E-B631-C9C47B7BD948}\NBCDirectInstaller.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-02 15:02
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.2.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-507921405-2077806209-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,51,ea,17,73,66,65,cf,41,a5,3c,62,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,51,ea,17,73,66,65,cf,41,a5,3c,62,\
.
Completion time: 2010-06-02 15:04:30
ComboFix-quarantined-files.txt 2010-06-02 19:04
Pre-Run: 10,209,894,400 bytes free
Post-Run: 10,308,378,624 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - BBC2C768FBA10F71653576D101A68FB1
Hi again,
Open notepad and copy/paste the text in the quotebox below into it:
DDS::
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report & a fresh dds.txt log.
infisoul this thread has been archived due to inactivity.
As it has been four days or more since your last post, and the helper assisting you posted a response to which you did not reply, your topic will not be re-opened. If you still require help, please start a new topic and include a DDS log with a link to your previous thread.
Please do not add any logs that might have been requested previously, you would be starting fresh.
Applies only to the original poster, anyone else with similar problems please start your own topic.
Thank you Blade81. :)